https://github.com/cyberandi/cybersecurity-box

Firewall-System based on OpenWRT or Pi-Hole with UnBound, TOR, optional Privoxy, opt. ntopng and opt. Configuration of the AVM FRITZ!Box with Presets for Security and Port-List. Please visit:
https://github.com/cyberandi/cybersecurity-box

ad-blocker advertisement avm-fritz blacklist cybersecurity-box firewall firewall-configuration firewall-rules firewall-template pi-hole pihole presets raspberry-pi regexp sd-card secure-by-default security-by-design tor unbound whitelist

Last synced: about 1 month ago
JSON representation

Firewall-System based on OpenWRT or Pi-Hole with UnBound, TOR, optional Privoxy, opt. ntopng and opt. Configuration of the AVM FRITZ!Box with Presets for Security and Port-List. Please visit:

• Host: GitHub
• URL: https://github.com/cyberandi/cybersecurity-box
• Owner: CyberAndi
• License: gpl-2.0
• Created: 2018-12-19T23:51:28.000Z (almost 6 years ago)
• Default Branch: CyberAndi-Pi-Hole-5
• Last Pushed: 2024-09-05T12:55:03.000Z (2 months ago)
• Last Synced: 2024-09-26T13:03:21.389Z (about 2 months ago)
• Topics: ad-blocker, advertisement, avm-fritz, blacklist, cybersecurity-box, firewall, firewall-configuration, firewall-rules, firewall-template, pi-hole, pihole, presets, raspberry-pi, regexp, sd-card, secure-by-default, security-by-design, tor, unbound, whitelist
• Language: Shell
• Homepage: https://cyberandi.tumblr.com/Smarthome
• Size: 45.6 MB
• Stars: 33
• Watchers: 5
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Security: SECURITY.md

Awesome Lists containing this project

README

        


 

CyberSecurity-Box

(inkl. Ad Blocker,  (DNS),  or optional  Pi-Hole (incl. DB) and ntopng) 


  Für Deutsch / For German



  First load the  Brave-Browser from the Brave-Website 







Alternative 1 - Installation on -Router(  Fritz!Box, ,  etc.)

  Go on -Page and download the Firmware for your Router. Please click before on Customize installed packages and/or first boot script and delete all items then insert 

  

  
ath10k-board-qca4019 ath10k-firmware-qca4019-ct base-files busybox ca-bundle dnsmasq-full dropbear firewall4 fstools kmod-ath10k-ct kmod-gpio-button-hotplug kmod-leds-gpio kmod-nft-offload kmod-usb-dwc3 kmod-usb-dwc3-qcom kmod-usb3 libc libgcc libustream-mbedtls logd mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail uboot-envtools uci uclient-fetch urandom-seed urngd wpad-basic-mbedtls fritz-tffs fritz-caldata luci stubby tor tor-geoip unbound-daemon unbound-anchor unbound-control unbound-host unbound-checkconf luci-app-unbound tc luci-app-qos luci-app-nft-qos nft-qos kmod-nls-cp437 kmod-nls-iso8859-1 nano wget curl openssh-sftp-server getdns drill bind-dig ca-certificates acme luci-app-acme

  into the field Installed Packages.



   



  And in the field Script to run on first boot (uci-defaults) insert.



  
cat << EOF > /etc/rc.local

	  wget https://github.com/CyberAndi/CyberSecurity-Box/raw/CyberAndi-Pi-Hole-5/openWRT23_install.sh -P /root/ && sh /root/openWRT23_install.sh

EOF



  Then press Request Build.



   .



  Afterwards generate the File with Kernel and download it.



   

  



  After flushing use SSH or Putty for Installation and type the following code.



  
ssh [ip-address of OpenWRT]

  User: root

  


  Password: 



  Change the Password with



  
passwd

[newpassword]

[newpassword]

  Don´t forget to note the newpassword.



  Download the Installscript. It starts automatically.


  for OpenWRT Version 23.x.xx



  
wget https://github.com/CyberAndi/CyberSecurity-Box/raw/CyberAndi-Pi-Hole-5/openWRT23_install.sh && sh openWRT23_install.sh

  


  for OpenWRT Version 22.x.xx



  
wget https://github.com/CyberAndi/CyberSecurity-Box/raw/CyberAndi-Pi-Hole-5/openWRT22_install.sh && sh openWRT22_install.sh

  


  for OpenWRT Version 21.x.xx



  
wget https://github.com/CyberAndi/CyberSecurity-Box/raw/CyberAndi-Pi-Hole-5/openWRT21_install.sh && sh openWRT21_install.sh

  


  for OpenWRT Version 19.x.xx



  
wget https://github.com/CyberAndi/CyberSecurity-Box/raw/CyberAndi-Pi-Hole-5/openWRT19_install.sh && sh openWRT19_install.sh

  
 Now it will appear some Questions about your Network and your Devices.  Note: All Values needed !!.

 


  





   After the reboot you will have following Networks:



    



    


REPEATER for internal Communication between Router and Repeater for all of this Networks

      


VOICE for Amazon Alexa, Google Assistent or other Voice Assistent-Systems

  


CONTROL for IR/RF-Controlling like Logitech Harmony, Broadlink etc. 
 

    


HCONTROL for Homeautomation or Smarthome (Heating, Cooling, Dor-, Window-Contacts, Power-Switches etc.)

    


ENTERTAIN for TVs, PlayStation, X-Box, Mediaplayer, DVD-Player and BlueRay-Player etc.

    


DMZ for NAS, Network Storage, PLEX-Server, UPNP/DLNA-Servers, Database-Servers, Mail-Server and Web-Server etc.

    


INET for Clients with .onion and Tor-Network Access

    


GUEST for your Guests only

  




  All of this have the WiFi-Password/-Key: Cyber,Sec9ox



  For each of this separated Networks you will have a VLAN on the Switch-/Output-Ethernet-Ports of the Router between VLAN_ID 101 and VLAN_ID 106.

  


  You will find the Screenshots here. 

  



  

  


Alternative 2 - Installation CyberSecurity-Box ( RaspPi)

  You need a Raspberry Pi and a SD-Card with 8 GByte or more.

  Use a blank Raspbian-SD-Card-Image or 

  CyberSecurityBox_2.img is the Pi-Hole, UnBound and torrc with a ready-to-use Image.

  
Install one of this with balenaEtcher on a SD-Card. 
Insert the SD-Card in the RasPi. And use SSH or Putty for Installation and type the following code.



  
ssh [ip-address of RasPi]

  User: pi

  


  Password: raspberry



  Change the Password with



  
passwd

[newpassword]

[newpassword]

  Don´t forget to note the newpassword.


  


  
sudo su

apt-get update

apt-get upgrade -y

  


    


Type for Installation

     
apt-get install tor unbound privoxy ntopng postfix iptables-persistent netfilter-persistent -y

curl -sSL https://install.pi-hole.net | bash

     and follow the messages on the screen.


    

    


    
The pi-hole-teleporter_2020-06-07_09-38-48.tar.gz



      Is the newest Version with PiHole 5.0 and DataBase Support. It includes the Porn-, Ad- and Tracking-Blocking.

    

    


    
The pi-hole-teleporter_CyberSecurity_Box_without_Porn.tar.gz

 inludes White- and Blacklist (Advertisement and Maleware).  Until Pi-Hole 4 and smaller



    


    
The pi-hole-teleporter_CyberSecurity_Box_2018-12-20_.tar.gz

 inludes White- and Blacklist (Advertisement, Maleware, Tracking and Porn). Until Pi-Hole 4 and smaller



    


    
The Pi-Hole 4 regex.list

 includes Blacklist (Advertisment, Maleware, Tracking and Porn) with over 40% blocking rate.
 In pi-hole-teleporter_2020-06-07_09-38-48.tar.gz is this included for Pi-Hole5.

  
service pihole-FTL stop

service unbound stop

service privoxy stop

service tor stop

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/whitelist_Alexa_Google_Home_Smarthome.txt > whitelist.txt

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/tor/torrc > torrc

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/unbound/root.hints > root.hints

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/unbound/unbound.conf > unbound.conf

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/unbound/unbound.conf.d/test.conf > unbound_tor_pihole.conf

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/unbound.sh > unbound.sh

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/privoxy/config > config

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/boxed-bg.jpg > boxed-bg.jpg

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/boxed-bg.png > boxed-bg.png

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/blockingpage.css > blockingpage.css

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/AdminLTE.min.css > AdminLTE.min.css

curl -sSL --compressed https://github.com/CyberAndi/CyberSecurity-Box/raw/Version2/skin-blue.min.css > skin-blue.min.css




cp whitelist.txt /etc/pihole/whitelist.txt

cp root.hints /etc/unbound/root.hints

cp unbound.conf /etc/unbound/unbound.conf

cp unbound.sh /etc/cron.weekly

cp unbound_tor_pihole.conf /etc/unbound/unbound.conf.d/unbound_tor_pihole.conf -r -v

cp config /etc/privoxy/config

cp boxed-bg.jpg /var/www/html/admin/img/boxed-bg.jpg

cp *.css /var/www/html/admin/style/vendor/

cp blockingpage.css /var/www/html/pihole/




service tor start

service privoxy start

service unbound start

service pihole-FTL start

   

  

  

  


Alternative 2 optional - Pi_Hole Configuration of the AVM FRITZ!Box with Presets for Security and Port-List

This zip-File

 includes a AVM FRITZ!Box-Export-File for FRITZ OS 6.80 and above. It includes Firewall-Rules for Amazon Alexa/Echo, Google Assistens, NAS, MS-Servers etc.


  

  





For more Information in german visit https://cyberandi.tumblr.com/Smarthome





© CyberAndi 2019-2023 


email: [email protected]


https://cyberandi.tumblr.com









Screenshots







  

 


 

 


 



 



 

 


 

 


  

  


 

 
 











 



















***

© CyberAndi 2019-2023 

email: [email protected]


https://cyberandi.tumblr.com