English

CyberSecurity-Box

(inkl. Ad Blocker, (DNS), Tor optional Pi-Hole (incl. DB) and ntopng)

  Für Deutsch / For German

First load the Brave-Browser from the Brave-Website .

For the Raspberry-Pi Installation goto Alternative 2 .

1. Alternative 1 - Installation on -Router( Fritz!Box, , etc.)
Go on -Page and download the Firmware for your Router. Please click before on Customize installed packages and/or first boot script then add the following items at the end.



ca-bundle dnsmasq-full stubby tor tor-geoip unbound-daemon unbound-anchor unbound-control-setup unbound-host unbound-checkconf luci-app-unbound tc luci-app-qos luci-app-nft-qos nft-qos kmod-nls-cp437 kmod-nls-iso8859-1 nano wget curl openssh-sftp-server getdns drill bind-dig ca-certificates acme luci-app-acme php8-fpm php8-cgi mwan3 luci-app-mwan3

into the field Installed Packages.





And in the field Script to run on first boot (uci-defaults) insert.



echo 'start '$(date) > /root/firstboot && uci set network.wan6.disabled='1' && processes=$(uci commit && reload_config) && wait $processesss  && processes1=$(/etc/init.d/network restart) && sleep 30 && echo 'starting..' > /root/wget_start && wget https://github.com/CyberAndi/CyberSecurity-Box/raw/CyberSecurity-Box/customize_firmware.sh -P /root/ && sh /root/customize_firmware.sh && echo 'end '$(date) > /root/end && exit 0 

Then press Request Build.

.

Afterwards generate the File with Kernel and download it.



After flushing use SSH or Putty for Installation and type the following code.



ssh [ip-address of OpenWRT]

User: root
Password:

Change the Password with



passwd
[newpassword]
[newpassword]

Don´t forget to note the newpassword. Now go to the Network-Overview .


If you didn´t insert the Script to run on first boot (uci-defaults) then download the Installscript. (For more Informations open here).

It starts automatically. Else skip this Part and go to Network-Overview .

for OpenWRT Version 23.x.xx



wget https://github.com/CyberAndi/CyberSecurity-Box/raw/CyberSecurity-Box/Install/openWRT23_install.sh && sh openWRT23_install.sh
  


for OpenWRT Version 22.x.xx



wget https://github.com/CyberAndi/CyberSecurity-Box/raw/CyberSecurity-Box/Install/openWRT22_install.sh && sh openWRT22_install.sh
  


for OpenWRT Version 21.x.xx



wget https://github.com/CyberAndi/CyberSecurity-Box/raw/CyberSecurity-Box/Install/openWRT21_install.sh && sh openWRT21_install.sh
  


for OpenWRT Version 19.x.xx



wget https://github.com/CyberAndi/CyberSecurity-Box/raw/CyberSecurity-Box/Install/openWRT19_install.sh && sh openWRT19_install.sh
  


Now it will appear some Questions about your Network and your Devices. Note: All Values needed !!.



After the reboot you will have following Networks:

• REPEATER for internal Communication between Router and Repeater for all of this Networks
• VOICE for Amazon Alexa, Google Assistent or other Voice Assistent-Systems
• CONTROL for IR/RF-Controlling like Logitech Harmony, Broadlink etc.
• HCONTROL for Homeautomation or Smarthome (Heating, Cooling, Dor-, Window-Contacts, Power-Switches etc.)
• ENTERTAIN for TVs, PlayStation, X-Box, Mediaplayer, DVD-Player and BlueRay-Player etc.
• DMZ for NAS, Network Storage, PLEX-Server, UPNP/DLNA-Servers, Database-Servers, Mail-Server and Web-Server etc.
• INET for Clients with .onion and Tor-Network Access
• GUEST for your Guests only

All of this have the WiFi-Password/-Key: Cyber,Sec9ox

For each of this separated Networks you will have a VLAN on the Switch-/Output-Ethernet-Ports of the Router between VLAN_ID 101 and VLAN_ID 106. You will find the Screenshots here .
2. Alternative 2 - Installation CyberSecurity-Box ( Raspberry-Pi)
You need a Raspberry Pi and a SD-Card with 8 GByte or more. Use a blank Raspbian-SD-Card-Image or CyberSecurityBox_2.img is the Pi-Hole, UnBound and torrc with a ready-to-use Image.
Install one of this with balenaEtcher on a SD-Card.
Insert the SD-Card in the RasPi. And use SSH or Putty for Installation and type the following code.



ssh [ip-address of RasPi]

User: pi
Password: raspberry

Change the Password with



passwd
[newpassword]
[newpassword]

Don´t forget to note the newpassword.



sudo su
apt-get update
apt-get upgrade -y

1. Type for Installation

   apt-get install tor unbound privoxy ntopng postfix iptables-persistent netfilter-persistent -y
   curl -sSL https://install.pi-hole.net | bash

   and follow the messages on the screen.
   

2. The pi-hole-teleporter_2020-06-07_09-38-48.tar.gz

   Is the newest Version with PiHole 5.0 and DataBase Support. It includes the Porn-, Ad- and Tracking-Blocking.

3. The pi-hole-teleporter_CyberSecurity_Box_without_Porn.tar.gz

   inludes White- and Blacklist (Advertisement and Maleware). Until Pi-Hole 4 and smaller

4. The pi-hole-teleporter_CyberSecurity_Box_2018-12-20_.tar.gz

   inludes White- and Blacklist (Advertisement, Maleware, Tracking and Porn). Until Pi-Hole 4 and smaller

5. The Pi-Hole 4 regex.list

   includes Blacklist (Advertisment, Maleware, Tracking and Porn) with over 40% blocking rate.
   In pi-hole-teleporter_2020-06-07_09-38-48.tar.gz is this included for Pi-Hole5.
   
   

   service pihole-FTL stop
   service unbound stop
   service privoxy stop
   service tor stop
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/whitelist_Alexa_Google_Home_Smarthome.txt > whitelist.txt
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/tor/torrc > torrc
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/unbound/root.hints > root.hints
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/unbound/unbound.conf > unbound.conf
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/unbound/unbound.conf.d/test.conf > unbound_tor_pihole.conf
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/unbound.sh > unbound.sh
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/privoxy/config > config
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/boxed-bg.jpg > boxed-bg.jpg
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/boxed-bg.png > boxed-bg.png
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/blockingpage.css > blockingpage.css
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/AdminLTE.min.css > AdminLTE.min.css
   curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/skin-blue.min.css > skin-blue.min.css
   
   
   cp whitelist.txt /etc/pihole/whitelist.txt
   cp root.hints /etc/unbound/root.hints
   cp unbound.conf /etc/unbound/unbound.conf
   cp unbound.sh /etc/cron.weekly
   cp unbound_tor_pihole.conf /etc/unbound/unbound.conf.d/unbound_tor_pihole.conf -r -v
   cp config /etc/privoxy/config
   cp boxed-bg.jpg /var/www/html/admin/img/boxed-bg.jpg
   cp *.css /var/www/html/admin/style/vendor/
   cp blockingpage.css /var/www/html/pihole/
   
   
   service tor start
   service privoxy start
   service unbound start
   service pihole-FTL start
       

3. Alternative 2 optional - Pi_Hole Configuration of the AVM FRITZ!Box with Presets for Security and Port-List

This zip-File

includes a AVM FRITZ!Box-Export-File for FRITZ OS 6.80 and above. It includes Firewall-Rules for Amazon Alexa/Echo, Google Assistens, NAS, MS-Servers etc.

For more Information in german visit https://cyberandi.tumblr.com/Smarthome

---

© CyberAndi 2019-2024

email: programming@cyberandi.slmail.me
https://cyberandi.tumblr.com

---

Screenshots