first-use script fixed / snowflake is now running under Ubuntu (appar…

…mor configuration entry) / macchanger -p broke rc.local - fixed!

bin/first_use

@@ -26,15 +26,13 @@
 # connecting the tor network (for example OBFS4, Tor Automatic Counteractions...)
 #
 # SYNTAX
-# ./first_use <NUMBER> <SOURCE SCRIPT>
+# ./first_use <NUMBER>
 #
 # Following NUMBERs are supported:
 # 1 - Will completely remove pi (only for Raspbian OS).
 # 2 - Will generate new unique SSH server keys.
 # 3 - Will ask the source of the Internet, if OBFS4 bridges should be aktivated (and then unmask) and if TACA be activated.
 #
-# If SOURCE SCRIPT is empty, the default is menu
-#
 ##### SET VARIABLES ######
 #Set the the variables for the menu
 MENU_WIDTH=80
@@ -68,113 +66,101 @@ FRESHINSTALLED=$1
 .  /home/torbox/torbox/lib/torbox.lib
 
 # This function is used for the step 1 as a trap for q
-# Syntax finish_bridge_start2 <DEFAULT_BRIDGE_SUPPORT>
+# Syntax finish_bridge_start2
 # Used predefined variables: RED, NOCOLOR, TORRC
 finish_bridge_start2()
 {
-	DEFAULT_BRIDGE_SUPPORT=$1
-	trap
-	if [ "$DEFAULT_BRIDGE_SUPPORT" = "1" ]; then
-   	# Did tor with bridge-support start up?
-		REPLY=""
-		while true
-		do
-			read -r -p $'\e[1;37mDid you see \"Bootstrapped 100%: Done\" [Y/n]? -> \e[0m'
-			# The following line is for the prompt to appear on a new line.
-			if [[ $REPLY =~ ^[YyNn]$ ]] ; then
-				echo
-				echo
-				break
-			fi
-		done
-		if [[ $REPLY =~ ^[Yy]$ ]] ; then
-			echo -e "${RED}[+] DONE! TorBox is ready to work! Be careful with using it!${NOCOLOR}"
+  # Did tor with bridge-support start up?
+	REPLY=""
+	while true
+	do
+		read -r -p $'\e[1;37mDid you see \"Bootstrapped 100%: Done\" [Y/n]? -> \e[0m'
+		# The following line is for the prompt to appear on a new line.
+		if [[ $REPLY =~ ^[YyNn]$ ]] ; then
 			echo
 			echo
-			sleep 5
-			trap "bash $SOURCE_SCRIPT; trap; exit 0" EXIT
-			exit 0
+			break
+		fi
+	done
+	if [[ $REPLY =~ ^[Yy]$ ]] ; then
+		echo -e "${RED}[+] DONE! TorBox is ready to work! Be careful with using it!${NOCOLOR}"
+		echo
+		echo
+		sleep 5
+		exit 0
+	else
+		clear
+		whiptail --textbox $TXT_DIR/first_use-not_working-text $MENU_HEIGHT_15 $MENU_WIDTH
+		CHECK=$(grep "^#ReachableAddresses" ${TORRC})
+		if [ -z ${CHECK} ] ; then
+			sudo sed -i "s/^ReachableAddresses /#ReachableAddresses /g" ${TORRC}
 		else
-			clear
-			whiptail --textbox $TXT_DIR/first_use-not_working-text $MENU_HEIGHT_15 $MENU_WIDTH
+			sudo sed -i "s/^#ReachableAddresses /ReachableAddresses /g" ${TORRC}
+		fi
+		clear
+		trap "bash menu-bridges; trap; exit 0" EXIT
+		exit 0
+	fi
+}
+
+# This function is used for the main program as a trap for q
+# Syntax finish_bridge_start1
+# Used predefined variables: RED, NOCOLOR, TORRC
+finish_bridge_start1()
+{
+  # Did tor with bridge-support start up?
+  echo ""
+ 	while true
+ 	do
+ 		read -r -p $'\e[1;37mDid you see \"Bootstrapped 100%: Done\" [Y/n]? -> \e[0m'
+ 		# The following line is for the prompt to appear on a new line.
+ 		if [[ $REPLY =~ ^[YyNn]$ ]] ; then
+ 			echo
+ 			echo
+ 			break
+ 		fi
+ 	done
+ 	if [[ $REPLY =~ ^[Yy]$ ]] ; then
+ 		echo -e "${RED}[+] DONE! TorBox is ready to work! Be careful with using it!${NOCOLOR}"
+ 		echo
+ 		echo
+ 		sleep 5
+ 		exit 0
+ 	else
+    INPUT=$(cat $TXT_DIR/first_use-anti-firewall-text)
+    if (whiptail --title "TorBox - FIRST START UP!" --no-button "SUB-MENU" --yes-button "ANTI-FIREWALL" --yesno "$INPUT" $MENU_HEIGHT_20 $MENU_WIDTH); then
 			CHECK=$(grep "^#ReachableAddresses" ${TORRC})
 			if [ -z ${CHECK} ] ; then
 				sudo sed -i "s/^ReachableAddresses /#ReachableAddresses /g" ${TORRC}
 			else
 				sudo sed -i "s/^#ReachableAddresses /ReachableAddresses /g" ${TORRC}
 			fi
+      clear
+      echo -e "${RED}[+] DONE! Checking progress - please be patient!${NOCOLOR}"
+      echo -e "    Ignore any error messages, this can take minutes just wait..."
+      echo -e "    At the end, you should see \"${WHITE}Bootstrapped 100%: Done${NOCOLOR}\"."
+      echo -e "    You can leave the progress report by pressing q."
+      echo ""
+			stty intr q
+			# shellcheck disable=SC2064
+			trap "finish_bridge_start2 $DEFAULT_BRIDGE_SUPPORT" SIGINT
+      sudo systemctl restart tor &
+      sudo tail -f -n 0 /var/log/tor/notices.log | sed -u 's#.*Bootstrapped 100% (done): Done#\x1b[97m&\x1b[0m#' | grep -v -e "You configured a non-loopback address" -e "opening log file" -e "Application request when we haven't" -e "Giving up. (waiting for circuit)" -e "New control connection opened from" -e "While fetching directory info, no running dirservers known"
+			stty intr ^c
+		else
 			clear
+			echo -e "${RED}[+] We are starting now the Countermeasure sub-menu${NOCOLOR}"
+			echo -e "${RED}[+] For more information see here: https://www.torbox.ch/?page_id=797${NOCOLOR}"
+		 	echo
+			echo
+			read -n 1 -s -r -p "Press any key to continue"
+			sudo sed -i "s/^FRESH_INSTALLED=.*/FRESH_INSTALLED=0/" ${RUNFILE}
 			trap "bash menu-bridges; trap; exit 0" EXIT
 			exit 0
 		fi
-	else
-		exit 0
 	fi
 }
 
-# This function is used for the main program as a trap for q
-# Syntax finish_bridge_start1 <DEFAULT_BRIDGE_SUPPORT>
-# Used predefined variables: RED, NOCOLOR, TORRC
-finish_bridge_start1()
-{
- DEFAULT_BRIDGE_SUPPORT=$1
- trap
- if [ "$DEFAULT_BRIDGE_SUPPORT" = "1" ]; then
-   # Did tor with bridge-support start up?
-   echo ""
- 	 while true
- 	 do
- 		 read -r -p $'\e[1;37mDid you see \"Bootstrapped 100%: Done\" [Y/n]? -> \e[0m'
- 		 # The following line is for the prompt to appear on a new line.
- 		 if [[ $REPLY =~ ^[YyNn]$ ]] ; then
- 			 echo
- 			 echo
- 			 break
- 		 fi
- 	 done
- 	 if [[ $REPLY =~ ^[Yy]$ ]] ; then
- 		 echo -e "${RED}[+] DONE! TorBox is ready to work! Be careful with using it!${NOCOLOR}"
- 		 echo
- 		 echo
- 		 sleep 5
- 		 trap "bash $SOURCE_SCRIPT; trap; exit 0" EXIT
- 		 exit 0
- 	 else
-     INPUT=$(cat $TXT_DIR/first_use-anti-firewall-text)
-     if (whiptail --title "TorBox - FIRST START UP!" --no-button "SUB-MENU" --yes-button "ANTI-FIREWALL" --yesno "$INPUT" $MENU_HEIGHT_20 $MENU_WIDTH); then
-			 CHECK=$(grep "^#ReachableAddresses" ${TORRC})
-			 if [ -z ${CHECK} ] ; then
-				 sudo sed -i "s/^ReachableAddresses /#ReachableAddresses /g" ${TORRC}
-			 else
-				 sudo sed -i "s/^#ReachableAddresses /ReachableAddresses /g" ${TORRC}
-			 fi
-       clear
-       echo -e "${RED}[+] DONE! Checking progress - please be patient!${NOCOLOR}"
-       echo -e "    Ignore any error messages, this can take minutes just wait..."
-       echo -e "    At the end, you should see \"${WHITE}Bootstrapped 100%: Done${NOCOLOR}\"."
-       echo -e "    You can leave the progress report by pressing q."
-       echo ""
-			 # shellcheck disable=SC2064
-			 trap "finish_bridge_start2 $DEFAULT_BRIDGE_SUPPORT" SIGINT
-			 stty intr q
-       sudo systemctl restart tor &
-       sudo tail -f -n 0 /var/log/tor/notices.log | sed -u 's#.*Bootstrapped 100% (done): Done#\x1b[97m&\x1b[0m#' | grep -v -e "You configured a non-loopback address" -e "opening log file" -e "Application request when we haven't" -e "Giving up. (waiting for circuit)" -e "New control connection opened from" -e "While fetching directory info, no running dirservers known"
-			 stty intr ^c
-		 else
-			 clear
-			 echo -e "${RED}[+] We are starting now the Countermeasure sub-menu${NOCOLOR}"
-			 echo -e "${RED}[+] For more information see here: https://www.torbox.ch/?page_id=797${NOCOLOR}"
-			 echo
-			 echo
-			 read -n 1 -s -r -p "Press any key to continue"
-			 sudo sed -i "s/^FRESH_INSTALLED=.*/FRESH_INSTALLED=0/" ${RUNFILE}
-			 trap "bash menu-bridges; trap; exit 0" EXIT
-			 exit 0
-		 fi
-	 fi
- fi
-}
-
 
 ######## PREPARATIONS ########
 # Resetting
@@ -390,7 +376,7 @@ while [ $FRESHINSTALLED -gt 0 ]; do
 					sudo sed -i "s/^Bridge obfs4 /#Bridge obfs4 /g" ${TORRC}
 					sudo sed -i "s/^Bridge meek_lite /#Bridge meek_lite /g" ${TORRC}
 					clear
-					sudo bash bridges_activate_snowflake norestart
+					sudo bash bin/bridges_activate_snowflake norestart
 				fi
 	      DEFAULT_BRIDGE_SUPPORT=1
 				clear
@@ -427,9 +413,9 @@ while [ $FRESHINSTALLED -gt 0 ]; do
       echo -e "    At the end, you should see \"${WHITE}Bootstrapped 100%: Done${NOCOLOR}\"."
       echo -e "    You can leave the progress report by pressing q."
       echo ""
-			# shellcheck disable=SC2064
-      trap "finish_bridge_start1 $DEFAULT_BRIDGE_SUPPORT" SIGINT
 			stty intr q
+			# shellcheck disable=SC2064
+      if [ "$DEFAULT_BRIDGE_SUPPORT" == "1" ]; then trap "finish_bridge_start1" SIGINT; fi
       sudo systemctl restart tor &
       sudo tail -f -n 0 /var/log/tor/notices.log | sed -u 's#.*Bootstrapped 100% (done): Done#\x1b[97m&\x1b[0m#' | grep -v -e "You configured a non-loopback address" -e "opening log file" -e "Application request when we haven't" -e "Giving up. (waiting for circuit)" -e "New control connection opened from" -e "While fetching directory info, no running dirservers known"
 			stty intr ^c

etc/apparmor.d/abstractions/tor

@@ -0,0 +1,34 @@
+# vim:syntax=apparmor
+
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/openssl>
+
+  network tcp,
+  network udp,
+
+  capability chown,
+  capability dac_read_search,
+  capability fowner,
+  capability fsetid,
+  capability setgid,
+  capability setuid,
+
+  /usr/bin/tor r,
+  /usr/sbin/tor r,
+
+  # Needed by obfs4proxy
+  /proc/sys/net/core/somaxconn r,
+
+  /proc/sys/kernel/random/uuid r,
+  /sys/devices/system/cpu/ r,
+  /sys/devices/system/cpu/** r,
+
+  /etc/tor/* r,
+  /usr/share/tor/** r,
+
+  /usr/bin/obfsproxy PUx,
+  /usr/bin/obfs4proxy Pix,
+
+  # Needed by snowflake
+  /usr/bin/snowflake-client Pix,

etc/rc.local

@@ -59,7 +59,8 @@ for INTERFACE in $AVAILABLE_INTERFACES ; do
 			sleep 2
 		fi
 		#
-		if grep "^MAC_$INTERFACE=permanent" /home/torbox/torbox/run/torbox.run; then sudo macchanger -p $INTERFACE; fi
+		# NEW v.0.5.4: After a restart, the default MAC address is already set. Executing the comand result in a error.
+		# if grep "^MAC_$INTERFACE=permanent" /home/torbox/torbox/run/torbox.run; then sudo macchanger -p $INTERFACE; fi
 		if grep "^MAC_$INTERFACE=random" /home/torbox/torbox/run/torbox.run; then sudo macchanger -r $INTERFACE; fi
 		# NEW v.0.5.3: We have only to put an interface up, if it was up before
 		if [ "$INTERFACE1_DOWN" = "1" ]; then
@@ -104,7 +105,9 @@ if grep "WLAN_FAILSAFE=1" /home/torbox/torbox/run/torbox.run ; then
 	fi
 fi
 
-sudo systemctl start hostapd
+# NEW v.0.5.4: If the configured interface is available, we will start hostapd
+INTERFACE=$(grep "^interface=" /etc/hostapd/hostapd.conf | sed "s/.*=//g")
+if ip link | grep "$INTERFACE" ; then sudo systemctl start hostapd; fi
 
 # If a wireless USB dongle is available, and previously used then let's check if we can auto-connect to a wireless network
 if ip link | grep wlan1 ; then

etc/rc.local.disable_wlan

@@ -85,8 +85,6 @@ for INTERFACE in $AVAILABLE_INTERFACES ; do
 	fi
 done
 
-sudo systemctl start hostapd
-
 # Let's check if we can auto-connect to a wireless network
 if ip link | grep wlan0 ; then
  if grep "INTERNET_IFACE=wlan0" /home/torbox/torbox/run/torbox.run ; then

install/run_install_on_ubuntu.sh

@@ -892,6 +892,7 @@ else
 fi
 
 # 6. Install Snowflake
+# NEW v.0.5.4: Under Ubuntu, snowflake-client has to be added to the apparmor configuration. We will do that under Pt 11
 clear
 echo -e "${RED}[+] Step 6: Installing Snowflake...${NOCOLOR}"
 echo -e "${RED}[+]         This can take some time, please be patient!${NOCOLOR}"
@@ -1173,6 +1174,20 @@ sudo ln -sf /etc/nginx/sites-available/webssh.conf /etc/nginx/sites-enabled/
 #sudo systemctl start nginx
 sudo systemctl daemon-reload
 
+# NEW v.0.5.3: snowflake-client has to be added to apparmor
+if [ -f "/etc/apparmor.d/abstractions/tor" ]; then
+	if ! grep "/usr/bin/snowflake-client Pix," /etc/apparmor.d/abstractions/tor; then
+		sudo printf "\n# Needed by snowflake\n/usr/bin/snowflake-client Pix,\n" | sudo tee -a /etc/apparmor.d/abstractions/tor;
+		sudo systemctl restart apparmor
+	fi
+else
+	cd
+	if [ -d "/etc/apparmor.d/abstractions" ]; then
+		sudo cp torbox/etc/apparmor.d/abstractions/tor /etc/apparmor.d/abstractions;
+		sudo systemctl restart apparmor
+	fi
+fi
+
 if [ "$STEP_BY_STEP" = "--step_by_step" ]; then
 	echo ""
 	read -n 1 -s -r -p $'\e[1;31mPlease press any key to continue... \e[0m'
@@ -1269,8 +1284,10 @@ else
 fi
 #
 echo -e "${RED}[+] Moving TorBox files...${NOCOLOR}"
-sudo mv /home/ubuntu/* /home/torbox/
-(sudo mv /home/ubuntu/.profile /home/torbox/) 2>/dev/null
+# TEST v.0.5.4: what is if another user is installing torbox?
+cd
+sudo mv * /home/torbox/
+(sudo mv .profile /home/torbox/) 2>/dev/null
 sudo mkdir /home/torbox/openvpn
 (sudo rm .bash_history) 2>/dev/null
 sudo chown -R torbox:torbox /home/torbox/

menu-update

@@ -1325,7 +1325,7 @@ case "$CHOICE" in
 	# Rerun the "First Start-up" script
 	14)
   	clear
-		bin/first_use 3 menu-update
+		bin/first_use 3
 		exit 0
 	;;