添加adb启动脚本、用户自定义列表和koolproxy证书生成

JimLee1996 · Aug 25, 2017 · cfd7145 · cfd7145
1 parent 8c28322
commit cfd7145
Show file tree

Hide file tree

Showing 4 changed files with 324 additions and 0 deletions.
diff --git a/squashfs-root/etc/adbyby_user.txt b/squashfs-root/etc/adbyby_user.txt
@@ -0,0 +1,14 @@
+!  ------------------------------ 自定义过滤语法简表---------------------------------
+!  ABP规则请参考https://adblockplus.org/zh_CN/filters，下面为大致摘要
+!  [!] 为行注释符，注释行以该符号起始作为一行注释语义，用于规则描述
+!  [*] 为字符通配符，能够匹配0长度或任意长度的字符串，该通配符不能与正则语法混用。
+! [^] 为分隔符，可以是除了字母、数字或者 _ - . % 之外的任何字符。 
+!  [|] 为管线符号，来表示地址的最前端或最末端
+!  [||] 为子域通配符，方便匹配主域名下的所有子域。
+!  [~] 为排除标识符，通配符能过滤大多数广告，但同时存在误杀, 可以通过排除标识符修正误杀链接。
+!  [##]为元素选择器标识符，后面跟需要隐藏元素的CSS样式例如 #ad_id  .ad_class 
+!!  元素隐藏暂不支持全局规则和排除规则 
+!! 字符替换扩展
+!  文本替换选择器标识符，后面跟需要替换的文本数据，格式：$s@模式字符串@替换后的文本@
+!  支持通配符*和？
+!  --------------------------------------------------------------------------------
diff --git a/squashfs-root/etc/init.d/adbyby b/squashfs-root/etc/init.d/adbyby
@@ -0,0 +1,149 @@
+#!/bin/sh /etc/rc.common
+
+######################################################################
+#
+# Function  : Run adbyby in RAM
+#
+# Creater   : ywb94@qq.com, 2017-02-13
+#
+# Copyright : yushi studio
+#
+######################################################################
+
+START=80
+
+
+add_mac_rule() {
+local cfg="$1"
+local rules="$2"
+local prefix="$3"
+local suffix="$4"
+
+config_get srcmac $cfg mac
+config_get ienable $cfg internet_enable
+if [ -z "$srcmac" ]; then
+return 1
+fi
+if [ "$ienable" == "1" ]; then
+return 1
+fi
+
+append $rules "$prefix" "$N"
+
+append $rules "-m mac --mac-source $srcmac"
+append $rules "$suffix"
+
+}
+
+addp_mac_rule() {
+local cfg="$1"
+local rules="$2"
+local prefix="$3"
+local suffix="$4"
+local srcmac weekdays starttime stoptime range
+
+config_get srcmac $cfg src_mac
+config_get weekdays $cfg weekdays
+config_get starttime $cfg start_time
+config_get stoptime $cfg stop_time
+
+if [ -z "$srcmac" ]; then
+return 1
+fi
+
+append $rules "$prefix" "$N"
+
+append $rules "-m mac --mac-source $srcmac"
+
+if [ -n "$weekdays" ]; then
+ append range "--weekdays $weekdays"
+fi
+
+if [ -n "$starttime" ]; then
+ append range "--timestart $starttime"
+fi
+
+if [ -n "$stoptime" ]; then
+ append range "--timestop $stoptime"
+fi
+
+if [ -n "$range" ]; then
+ append $rules "-m time --kerneltz"
+ append $rules "$range"
+fi
+append $rules "$suffix"
+
+}
+
+adb_mod=`uci get adbyby.adbyby.mode 2>/dev/null`
+
+start() {
+#不重复启动
+icount=`ps -w|grep adbyby.sh|grep -v grep|wc -l`
+if [ "$adb_mod" = "1" ]  ;then
+icount2=`netstat -nautp|grep koolproxy|grep -v grep|wc -l`
+else
+icount2=`netstat -nautp|grep adbyby|grep -v grep|wc -l`
+fi
+
+if [ $icount = 0 -a $icount2 = 0 ] ;then
+#config_load device_manage
+#local mac_rules
+#local prefix="iptables -t nat -I adbyby_chain"
+#local suffix=" -j RETURN"
+#config_foreach add_mac_rule limit mac_rules  "$prefix" "$suffix" 
+
+#config_load parentctl
+#config_get_bool pctl_enable config enabled 0
+#if [ "$pctl_enable" == "1" ]; then
+#config_foreach addp_mac_rule rule mac_rules  "$prefix" "$suffix" 
+#fi
+
+
+/root/adbyby.sh & #"$mac_rules" &
+
+#等待下载
+sleep 2
+fi
+
+}
+
+stop() {
+killall -9 adb_mon.sh 2>/dev/null
+
+rm -f /tmp/dnsmasq.d/adbyby_host.conf 2>/dev/null
+rm -f /tmp/dnsmasq.d/adblock.conf 2>/dev/null
+
+#清除防火墙规则
+iptables -w -t nat -F adbyby_chain 2>/dev/null
+iptables -t nat -D PREROUTING -p tcp -j adbyby_chain 2>/dev/null
+iptables -t nat -X adbyby_chain 2>/dev/null
+ipset -X adbyby_list 2>/dev/null
+ipset -X adblock 2>/dev/null
+
+if [ -f /tmp/adbyby/bin/stopadbb ] ;then
+ps -w|grep \\./adbyby|grep -v grep |awk '{print $1}'|xargs kill 2>/dev/null
+rm -rf /tmp/adbyby 
+fi
+
+if [ -f /tmp/koolproxy/koolproxy ] ;then
+ps -w|grep koolproxy|grep -v grep |awk '{print $1}'|xargs kill 2>/dev/null
+rm -rf /tmp/koolproxy
+fi
+
+
+icount=`ps -w|grep adbyby.sh|grep -v grep|wc -l`
+if [ $icount -gt 0 ] ;then
+mid=`ps -w|grep adbyby.sh|grep -v grep|awk '{print $1}'`
+kill -9 $mid 2>/dev/null 
+fi
+
+}
+
+restart() {
+  stop
+  start
+}
+
+
+
diff --git a/squashfs-root/etc/koolproxy/gen_ca.sh b/squashfs-root/etc/koolproxy/gen_ca.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+alias echo_date='echo $(date +%Y年%m月%d日\ %X):'
+
+if [ ! -f openssl.cnf ]; then
+	echo_date "Cannot found openssl.cnf"
+	exit 1
+fi
+if [ -f ./private/ca.key.pem ]; then
+	echo_date "已经有证书了！"
+else
+	echo_date "生成证书中..."
+
+	#step 1, root ca
+	mkdir -p certs private
+	rm -f serial private/ca.key.pem
+	chmod 700 private
+	echo 1000 > serial
+	openssl genrsa -aes256 -passout pass:koolshare -out private/ca.key.pem 2048
+	chmod 400 private/ca.key.pem
+	openssl req -config openssl.cnf -passin pass:koolshare \
+		-subj "/C=CN/ST=Beijing/L=KP/O=KoolProxy inc/CN=koolproxy.com" \
+		-key private/ca.key.pem \
+		-new -x509 -days 7300 -sha256 -extensions v3_ca \
+		-out certs/ca.crt
+
+	#step 2, domain rsa key
+	openssl genrsa -aes256 -passout pass:koolshare -out private/base.key.pem 2048
+	echo_date "证书生成完毕..."
+fi
diff --git a/squashfs-root/etc/koolproxy/openssl.cnf b/squashfs-root/etc/koolproxy/openssl.cnf
@@ -0,0 +1,132 @@
+# OpenSSL root CA configuration file.
+# Copy to `/root/ca/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir               = ./ca
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/private/.rand
+
+# The root key and root certificate.
+private_key       = $dir/private/ca.key.pem
+certificate       = $dir/certs/ca.cert.pem
+
+# For certificate revocation lists.
+crlnumber         = $dir/crlnumber
+crl               = $dir/crl/ca.crl.pem
+crl_extensions    = crl_ext
+default_crl_days  = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md        = sha256
+
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_strict
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits        = 2048
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md          = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions     = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName                     = Country Name (2 letter code)
+stateOrProvinceName             = State or Province Name
+localityName                    = Locality Name
+0.organizationName              = Organization Name
+organizationalUnitName          = Organizational Unit Name
+commonName                      = Common Name
+emailAddress                    = Email Address
+
+# Optionally, specify some defaults.
+countryName_default             = GB
+stateOrProvinceName_default     = England
+localityName_default            =
+0.organizationName_default      = Alice Ltd
+organizationalUnitName_default  =
+emailAddress_default            =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning