diff --git a/getdomains-check.sh b/getdomains-check.sh index 415faf4..ec533f5 100755 --- a/getdomains-check.sh +++ b/getdomains-check.sh @@ -1,231 +1,239 @@ #!/bin/sh -HIVPN=/etc/init.d/hivpn -GETDOMAINS=/etc/init.d/getdomains -DUMP=/tmp/dump.txt +TRANSLATIONS_FILE="./translations.sh" +SCRIPTS_DIR="/etc/init.d" +HIVPN_SCRIPT_FILENAME="hivpn" +GETDOMAINS_SCRIPT_FILENAME="getdomains" + +HIVPN_SCRIPT_PATH="$SCRIPTS_DIR/$HIVPN_SCRIPT_FILENAME" +GETDOMAINS_SCRIPT_PATH="$SCRIPTS_DIR/$GETDOMAINS_SCRIPT_FILENAME" +DUMP_PATH="/tmp/dump.txt" + +COLOR_BOLD_BLUE="\033[34;1m" +COLOR_BOLD_GREEN="\033[32;1m" +COLOR_BOLD_RED="\033[31;1m" +COLOR_BOLD_CYAN="\033[36;1m" +COLOR_RESET="\033[0m" checkpoint_true() { - printf "\033[32;1m[\342\234\223] $1\033[0m\n" + printf "$COLOR_BOLD_GREEN[\342\234\223] $1$COLOR_RESET\n" } checkpoint_false() { - printf "\033[31;1m[x] $1\033[0m\n" + printf "$COLOR_BOLD_RED[x] $1$COLOR_RESET\n" } output_21() { - if [ "$VERSION_ID" -eq 21 ]; then - echo "You are using OpenWrt 21.02. This check does not support it" - fi + if [ "$VERSION_ID" -eq 21 ]; then + echo "$UNSUPPORTED_OPENWRT" + fi } +if [ ! -f "$TRANSLATIONS_FILE" ]; then + echo "File $TRANSLATIONS_FILE not found" + exit 1 +fi + +. "$TRANSLATIONS_FILE" + +set_language_ru + # System Details MODEL=$(cat /tmp/sysinfo/model) source /etc/os-release -printf "\033[34;1mModel: $MODEL\033[0m\n" -printf "\033[34;1mVersion: $OPENWRT_RELEASE\033[0m\n" -printf "\033[34;1mDate: $(date)\033[0m\n" +printf "$COLOR_BOLD_BLUE$DEVICE_MODEL: $MODEL$COLOR_RESET\n" +printf "$COLOR_BOLD_BLUE$OPENWRT_VERSION: $OPENWRT_RELEASE$COLOR_RESET\n" +printf "$COLOR_BOLD_BLUE$CURRENT_DATE: $(date)$COLOR_RESET\n" VERSION_ID=$(echo $VERSION | awk -F. '{print $1}') RAM=$(free -m | grep Mem: | awk '{print $2}') -if [[ "$VERSION_ID" -ge 22 && "$RAM" -lt 150000 ]] -then - echo "Your router has less than 256MB of RAM. I recommend using only the vpn_domains list" +if [[ "$VERSION_ID" -ge 22 && "$RAM" -lt 150000 ]]; then + echo "$RAM_WARNING" fi # Check packages CURL=$(opkg list-installed | grep -c curl) if [ $CURL -eq 2 ]; then - checkpoint_true "Curl package" + checkpoint_true "$CURL_INSTALLED" else - checkpoint_false "Curl package" - echo "Install: opkg install curl" + checkpoint_false "$CURL_NOT_INSTALLED" fi -DNSMASQ=$(opkg list-installed | grep dnsmasq-full | awk -F "-" '{print $3}' | tr -d '.' ) +DNSMASQ=$(opkg list-installed | grep dnsmasq-full | awk -F "-" '{print $3}' | tr -d '.') if [ $DNSMASQ -ge 287 ]; then - checkpoint_true "Dnsmasq-full package" + checkpoint_true "$DNSMASQ_FULL_INSTALLED" else - checkpoint_false "Dnsmasq-full package" - echo "If you don't use vpn_domains set, it's OK" - echo "Check version: opkg list-installed | grep dnsmasq-full" - echo "Required version >= 2.87. For openwrt 22.03 follow manual: https://t.me/itdoginfo/12" - if [ "$VERSION_ID" -eq 21 ]; then - echo "You are using OpenWrt 21.02. This check does not support it" - echo "Manual for openwrt 21.02: https://t.me/itdoginfo/8" - fi + checkpoint_false "$DNSMASQ_FULL_NOT_INSTALLED" + printf "$DNSMASQ_FULL_DETAILS\n" + if [ "$VERSION_ID" -eq 21 ]; then + printf "$OPENWRT_21_DETAILS\n" + fi fi # Chek xray package if opkg list-installed | grep -q xray-core; then - checkpoint_false "Xray-core package detected" + checkpoint_false "$XRAY_CORE_PACKAGE_DETECTED" fi if opkg list-installed | grep -q luci-app-xray; then - checkpoint_false "luci-app-xray package detected. Not compatible. For delete: opkg remove luci-app-xray --force-removal-of-dependent-packages" + checkpoint_false "$LUCI_APP_XRAY_PACKAGE_DETECTED" fi # Check dnsmasq DNSMASQ_RUN=$(service dnsmasq status | grep -c 'running') if [ $DNSMASQ_RUN -eq 1 ]; then - checkpoint_true "Dnsmasq service" + checkpoint_true "$DNSMASQ_SERVICE_RUNNING" else - checkpoint_false "Dnsmasq service" - echo "Check config /etc/config/dhcp" - output_21 + checkpoint_false "$DNSMASQ_SERVICE_NOT_RUNNING" + output_21 fi - # Check internet connection if curl -Is https://community.antifilter.download/ | grep -q 200; then - checkpoint_true "Check Internet" - else - checkpoint_false "Check Internet" - if [ $CURL -lt 2 ]; then - echo "Install curl: opkg install curl" - else - echo "Check internet connection. If ok, check date on router. Details: https://cli.co/2EaW4rO" - echo "For more info run: curl -Is https://community.antifilter.download/" - fi + checkpoint_true "$INTERNET_IS_AVAILABLE" +else + checkpoint_false "$INTERNET_IS_NOT_AVAILABLE" + if [ $CURL -lt 2 ]; then + echo "$CURL_NOT_INSTALLED" + else + printf "$INTERNET_DETAILS\n" + fi fi # Check IPv6 if curl -6 -s https://ifconfig.io | egrep -q "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?"; then - checkpoint_false "IPv6 detected. This script does not currently work with IPv6" + checkpoint_false "$IPV6_DETECTED" fi # Tunnels -WIREGUARD=$(opkg list-installed | grep -c wireguard-tools ) +WIREGUARD=$(opkg list-installed | grep -c wireguard-tools) if [ $WIREGUARD -eq 1 ]; then - checkpoint_true "Wireguard-tools package" - WG=true + checkpoint_true "$WIREGUARD_TOOLS_INSTALLED" + WG=true fi if [ "$WG" == true ]; then - WG_PING=$(ping -c 1 -q -I wg0 itdog.info | grep -c "1 packets received") - if [ $WG_PING -eq 1 ]; then - checkpoint_true "Wireguard" + WG_PING=$(ping -c 1 -q -I wg0 itdog.info | grep -c "1 packets received") + if [ $WG_PING -eq 1 ]; then + checkpoint_true "$WIREGUARD_PROTOCOL" + else + checkpoint_false "$WIREGUARD_PROTOCOL" + WG_TRACE=$(traceroute -i wg0 itdog.info -m 1 | grep ms | awk '{print $2}' | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + if [ $WG_TRACE -eq 1 ]; then + echo "$WIREGUARD_ROUTING_DOESNT_WORK" else - checkpoint_false "Wireguard" - WG_TRACE=$(traceroute -i wg0 itdog.info -m 1 | grep ms | awk '{print $2}' | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') - if [ $WG_TRACE -eq 1 ]; then - echo "Tunnel to wg server is work, but routing to internet doesn't work. Check server configuration. Details: https://cli.co/RSCvOxI" - else - echo "Bad news: WG tunnel isn't work, check your WG configuration. Details: https://cli.co/hGUUXDs" - echo "If you don't use WG, but OpenVPN for example, it's OK" - fi + printf "$WIREGUARD_TUNNEL_NOT_WORKING\n" fi + fi - # Check WG route_allowed_ips - if uci show network | grep -q ".route_allowed_ips='1'"; then - checkpoint_false "Wireguard route_allowed_ips" - echo "All traffic goes into the tunnel. Read more at: https://cli.co/SaxBzH7" - else - checkpoint_true "Wireguard route_allowed_ips" - fi + # Check WG route_allowed_ips + if uci show network | grep -q ".route_allowed_ips='1'"; then + checkpoint_false "$WIREGUARD_ROUTE_ALLOWED_IPS_ENABLED" + else + checkpoint_true "$WIREGUARD_ROUTE_ALLOWED_IPS_DISABLED" + fi - # Check route table - ROUTE_TABLE=$(ip route show table vpn | grep -c "default dev wg0" ) - if [ $ROUTE_TABLE -eq 1 ]; then - checkpoint_true "Route table WG" - else - checkpoint_false "Route table WG" - echo "Details: https://cli.co/Atxr6U3" - fi + # Check route table + ROUTE_TABLE=$(ip route show table vpn | grep -c "default dev wg0") + if [ $ROUTE_TABLE -eq 1 ]; then + checkpoint_true "$WIREGUARD_ROUTING_TABLE_EXISTS" + else + checkpoint_false "$WIREGUARD_ROUTING_TABLE_DOESNT_EXIST" + fi fi if opkg list-installed | grep -q openvpn; then - checkpoint_true "OpenVPN package" - OVPN=true + checkpoint_true "$OPENVPN_INSTALLED" + OVPN=true fi # Check OpenVPN if [ "$OVPN" == true ]; then - if ping -c 1 -q -I tun0 itdog.info | grep -q "1 packets received"; then - checkpoint_true "OpenVPN" + if ping -c 1 -q -I tun0 itdog.info | grep -q "1 packets received"; then + checkpoint_true "$OPENVPN_PROTOCOL" + else + checkpoint_false "$OPENVPN_PROTOCOL" + if traceroute -i tun0 itdog.info -m 1 | grep ms | awk '{print $2}' | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then + echo "$OPENVPN_ROUTING_DOESNT_WORK" else - checkpoint_false "OpenVPN" - if traceroute -i tun0 itdog.info -m 1 | grep ms | awk '{print $2}' | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then - echo "Tunnel to OpenVPN server is work, but routing to internet doesn't work. Check server configuration." - else - echo "Bad news: OpenVPN tunnel isn't work, check your OpenVPN configuration." - fi + echo "$OPENVPN_TUNNEL_NOT_WORKING" fi + fi - # Check OpenVPN redirect-gateway - if grep -q redirect-gateway /etc/openvpn/*; then - checkpoint_false "OpenVPN redirect-gateway" - echo "All traffic goes into the tunnel. Read more at: https://cli.co/vzTNq_3" - else - checkpoint_true "OpenVPN redirect-gateway" - fi + # Check OpenVPN redirect-gateway + if grep -q redirect-gateway /etc/openvpn/*; then + checkpoint_false "$OPENVPN_REDIRECT_GATEWAY_ENABLED" + else + checkpoint_true "$OPENVPN_REDIRECT_GATEWAY_DISABLED" + fi - # Check route table - if ip route show table vpn | grep -q "default dev tun0"; then - checkpoint_true "Route table OpenVPN" - else - checkpoint_false "Route table OpenVPN" - echo "Details: https://cli.co/Atxr6U3" - fi + # Check route table + if ip route show table vpn | grep -q "default dev tun0"; then + checkpoint_true "$OPENVPN_ROUTING_TABLE_EXISTS" + else + checkpoint_false "$OPENVPN_ROUTING_TABLE_DOESNT_EXIST" + fi fi if opkg list-installed | grep -q sing-box; then - checkpoint_true "Sing-box package" + checkpoint_true "$SINGBOX_INSTALLED" - # Check route table - if ip route show table vpn | grep -q "default dev tun0"; then - checkpoint_true "Route table Sing-box" - else - checkpoint_false "Route table Sing-box. Try service network restart. Details: https://cli.co/n7xAbc1" - fi + # Check route table + if ip route show table vpn | grep -q "default dev tun0"; then + checkpoint_true "$SINGBOX_ROUTING_TABLE_EXISTS" + else + checkpoint_false "$SINGBOX_ROUTING_TABLE_DOESNT_EXIST" + fi - # Sing-box uci validation - if uci show sing-box 2>&1 | grep -q "Parse error"; then - checkpoint_false "Sing-box: Error validation UCI configuration. Check /etc/config/sing-box" - else - checkpoint_true "Sing-box: UCI configuration has been successfully validated" - fi + # Sing-box uci validation + if uci show sing-box 2>&1 | grep -q "Parse error"; then + checkpoint_false "$SINGBOX_UCI_CONFIG_ERROR" + else + checkpoint_true "$SINGBOX_UCI_CONFIG_OK" + fi - if sing-box -c /etc/sing-box/config.json check >/dev/null 2>&1; then - checkpoint_true "Sing-box: Configuration has been successfully validated" - - # Check traffic - IP_EXTERNAL=$(curl -s ifconfig.me) - IFCONFIG=$(nslookup -type=a ifconfig.me | awk '/^Address: / {print $2}') - - IP_VPN=$(curl --interface tun0 -s ifconfig.me) - - if [ "$IP_EXTERNAL" != $IP_VPN ]; then - checkpoint_true "Sing-box: VPN IP: $IP_VPN" - else - checkpoint_false "Sing-box: Your traffic is not routed through the VPN. Please check the configuration: https://cli.co/Badmn3K" - fi - else - checkpoint_false "Sing-box: Configuration validation error:" - sing-box -c /etc/sing-box/config.json check - fi -fi - -if which tun2socks | grep -q tun2socks; then - checkpoint_true "tun2socks package" - - # Check route table - if ip route show table vpn | grep -q "default dev tun0"; then - checkpoint_true "Route table tun2socks" - else - checkpoint_false "Route table tun2socks. Try service network restart. Details: https://cli.co/n7xAbc1" - fi + singbox_check_cmd="sing-box -c /etc/sing-box/config.json check" + if $singbox_check_cmd >/dev/null 2>&1; then + checkpoint_true "$SINGBOX_CONFIG_OK" + # Check traffic IP_EXTERNAL=$(curl -s ifconfig.me) IFCONFIG=$(nslookup -type=a ifconfig.me | awk '/^Address: / {print $2}') IP_VPN=$(curl --interface tun0 -s ifconfig.me) if [ "$IP_EXTERNAL" != $IP_VPN ]; then - checkpoint_true "tun2socks. VPN IP: $IP_VPN" + checkpoint_true "$SINGBOX_WORKING" else - checkpoint_false "tun2socks. Check config: https://cli.co/VNZISEM" + checkpoint_false "$SINGBOX_ROUTING_DOESNT_WORK" fi + else + checkpoint_false "$SINGBOX_CONFIG_ERROR:" + $singbox_check_cmd + fi +fi + +if which tun2socks | grep -q tun2socks; then + checkpoint_true "$TUN2SOCKS_INSTALLED" + + # Check route table + if ip route show table vpn | grep -q "default dev tun0"; then + checkpoint_true "$TUN2SOCKS_ROUTING_TABLE_EXISTS" + else + checkpoint_false "$TUN2SOCKS_ROUTING_TABLE_DOESNT_EXIST" + fi + + IP_EXTERNAL=$(curl -s ifconfig.me) + IFCONFIG=$(nslookup -type=a ifconfig.me | awk '/^Address: / {print $2}') + + IP_VPN=$(curl --interface tun0 -s ifconfig.me) + + if [ "$IP_EXTERNAL" != $IP_VPN ]; then + checkpoint_true "$TUN2SOCKS_WORKING" + else + checkpoint_false "$TUN2SOCKS_ROUTING_DOESNT_WORK" + fi fi # Check sets @@ -237,26 +245,24 @@ vpn_domain_rule_id=$(uci show firewall | grep -E '@rule.*vpn_domains' | awk -F ' vpn_domain_rule_string=$(uci show firewall.@rule[$vpn_domain_rule_id] | grep -c "name='mark_domains'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_domains'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") if [ $((vpn_domain_ipset_string + vpn_domain_rule_string)) -eq 10 ]; then - checkpoint_true "vpn_domains set" + checkpoint_true "$VPN_DOMAINS_SET_EXISTS" - # force resolve for vpn_domains. All list - nslookup terraform.io 127.0.0.1 > /dev/null - nslookup pochta.ru 127.0.0.1 > /dev/null - nslookup 2gis.ru 127.0.0.1 > /dev/null + # force resolve for vpn_domains. All list + nslookup terraform.io 127.0.0.1 >/dev/null + nslookup pochta.ru 127.0.0.1 >/dev/null + nslookup 2gis.ru 127.0.0.1 >/dev/null - VPN_DOMAINS_IP=$(nft list ruleset | grep -A 10 vpn_domains | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') - if [ $VPN_DOMAINS_IP -ge 1 ]; then - checkpoint_true "IPs in vpn_domains" - else - checkpoint_false "IPs in vpn_domains" - echo "If you don't use vpn_domains, it's OK" - echo "But if you want use, check configs. And run `service getdomains start`" - output_21 - fi + VPN_DOMAINS_IP=$(nft list ruleset | grep -A 10 vpn_domains | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + if [ $VPN_DOMAINS_IP -ge 1 ]; then + checkpoint_true "$IPS_IN_VPN_DOMAINS_SET_OK" + else + checkpoint_false "$IPS_IN_VPN_DOMAINS_SET_ERROR" + printf "$VPN_DOMAINS_DETAILS\n" + output_21 + fi else - checkpoint_false "vpn_domains set" - echo "If you don't use vpn_domains set, it's OK" - echo "But if you want use, check config: https://cli.co/AwUGeM6" + checkpoint_false "$VPN_DOMAINS_SET_DOESNT_EXIST" + printf "$VPN_DOMAINS_DETAILS_2\n" fi # vpn_ip set @@ -266,18 +272,16 @@ vpn_ip_rule_id=$(uci show firewall | grep -E '@rule.*vpn_ip' | awk -F '[][{}]' ' vpn_ip_rule_string=$(uci show firewall.@rule[$vpn_ip_rule_id] | grep -c "name='mark_ip'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_ip'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") if [ $((vpn_ip_ipset_string + vpn_ip_rule_string)) -eq 11 ]; then - checkpoint_true "vpn_ip set" - VPN_IP_IP=$(nft list ruleset | grep -A 10 vpn_ip | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') - if [ $VPN_IP_IP -ge 1 ]; then - checkpoint_true "IPs in vpn_ip" - else - checkpoint_false "IPs in vpn_ip" - echo "But if you want use, check configs" - output_21 - fi + checkpoint_true "$VPN_IP_SET_EXISTS" + VPN_IP_IP=$(nft list ruleset | grep -A 10 vpn_ip | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + if [ $VPN_IP_IP -ge 1 ]; then + checkpoint_true "$IPS_IN_VPN_IP_SET_OK" + else + checkpoint_false "$IPS_IN_VPN_IP_SET_ERROR" + output_21 + fi elif uci show firewall | grep -q "vpn_ip"; then - checkpoint_false "vpn_ip set" - echo "Check config: https://cli.co/AwUGeM6" + checkpoint_false "$VPN_IP_SET_DOESNT_EXIST" fi # vpn_subnet set @@ -287,18 +291,16 @@ vpn_subnet_rule_id=$(uci show firewall | grep -E '@rule.*vpn_subnet' | awk -F '[ vpn_subnet_rule_string=$(uci show firewall.@rule[$vpn_subnet_rule_id] | grep -c "name='mark_subnet'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_subnets'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") if [ $((vpn_subnet_ipset_string + vpn_subnet_rule_string)) -eq 11 ]; then - checkpoint_true "vpn_subnet set" - VPN_IP_SUBNET=$(nft list ruleset | grep -A 10 vpn_subnet | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') - if [ $VPN_IP_SUBNET -ge 1 ]; then - checkpoint_true "IPs in vpn_subnet" - else - checkpoint_false "IPs in vpn_subnet" - echo "But if you want use, check configs" - output_21 - fi + checkpoint_true "$VPN_SUBNET_SET_EXISTS" + VPN_IP_SUBNET=$(nft list ruleset | grep -A 10 vpn_subnet | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + if [ $VPN_IP_SUBNET -ge 1 ]; then + checkpoint_true "$IPS_IN_VPN_SUBNET_SET_OK" + else + checkpoint_false "$IPS_IN_VPN_SUBNET_SET_ERROR" + output_21 + fi elif uci show firewall | grep -q "vpn_subnet"; then - checkpoint_false "vpn_subnet set" - echo "Check config: https://cli.co/AwUGeM6" + checkpoint_false "$VPN_SUBNET_SET_DOESNT_EXIST" fi # vpn_community set @@ -308,165 +310,149 @@ vpn_community_rule_id=$(uci show firewall | grep -E '@rule.*vpn_community' | awk vpn_community_rule_string=$(uci show firewall.@rule[$vpn_community_rule_id] | grep -c "name='mark_community'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_community'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") if [ $((vpn_community_ipset_string + vpn_community_rule_string)) -eq 11 ]; then - checkpoint_true "vpn_community set" - VPN_COMMUNITY_IP=$(nft list ruleset | grep -A 10 vpn_community | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') - if [ $VPN_COMMUNITY_IP -ge 1 ]; then - checkpoint_true "IPs in vpn_community" - else - checkpoint_false "IPs in vpn_community" - echo "But if you want use, check configs" - output_21 - fi + checkpoint_true "$VPN_COMMUNITY_SET_EXISTS" + VPN_COMMUNITY_IP=$(nft list ruleset | grep -A 10 vpn_community | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + if [ $VPN_COMMUNITY_IP -ge 1 ]; then + checkpoint_true "$IPS_IN_VPN_COMMUNITY_SET_OK" + else + checkpoint_false "$IPS_IN_VPN_COMMUNITY_SET_ERROR" + output_21 + fi elif uci show firewall | grep -q "vpn_community"; then - checkpoint_false "vpn_community set" - echo "Check config: https://cli.co/AwUGeM6" + checkpoint_false "$VPN_COMMUNITY_SET_DOESNT_EXIST" fi # getdomains script -if [ -s "$GETDOMAINS" ]; then - checkpoint_true "Script getdomains" - if crontab -l | grep -q $GETDOMAINS; then - checkpoint_true "Script getdomains in crontab" - else - checkpoint_false "Script getdomains in crontab" - echo "Script is not enabled in crontab. Check: crontab -l" - fi +if [ -s "$GETDOMAINS_SCRIPT_PATH" ]; then + checkpoint_true "$GETDOMAINS_SCRIPT_EXISTS" + if crontab -l | grep -q $GETDOMAINS_SCRIPT_PATH; then + checkpoint_true "$GETDOMAINS_SCRIPT_CRONTAB_OK" + else + checkpoint_false "$GETDOMAINS_SCRIPT_CRONTAB_ERROR" + fi else - checkpoint_false "Script getdomains" - echo "Script don't exists in $GETDOMAINS. If you don't use getdomains, it's OK" + checkpoint_false "$GETDOMAINS_SCRIPT_DOESNT_EXIST" fi # DNS # DNSCrypt if opkg list-installed | grep -q dnscrypt-proxy2; then - checkpoint_true "Dnscrypt-proxy2 package" - if service dnscrypt-proxy status | grep -q 'running'; then - checkpoint_true "DNSCrypt service" - else - checkpoint_false "DNSCrypt service" - echo "Check config: https://cli.co/wN-tc_S" - output_21 - fi + checkpoint_true "$DNSCRYPT_INSTALLED" + if service dnscrypt-proxy status | grep -q 'running'; then + checkpoint_true "$DNSCRYPT_SERVICE_RUNNING" + else + checkpoint_false "$DNSCRYPT_SERVICE_NOT_RUNNING" + output_21 + fi - DNSMASQ_STRING=$(uci show dhcp.@dnsmasq[0] | grep -c "127.0.0.53#53\|noresolv='1'") - if [ $DNSMASQ_STRING -eq 2 ]; then - checkpoint_true "Dnsmasq config for DNSCrypt" - else - checkpoint_false "Dnsmasq config for DNSCrypt" - echo "Check config: https://cli.co/rooc0uz" - fi + DNSMASQ_STRING=$(uci show dhcp.@dnsmasq[0] | grep -c "127.0.0.53#53\|noresolv='1'") + if [ $DNSMASQ_STRING -eq 2 ]; then + checkpoint_true "$DNSMASQ_CONFIG_FOR_DNSCRYPT_OK" + else + checkpoint_false "$DNSMASQ_CONFIG_FOR_DNSCRYPT_ERROR" + fi fi # Stubby if opkg list-installed | grep -q stubby; then - checkpoint_true "Stubby package" - if service stubby status | grep -q 'running'; then - checkpoint_true "Stubby service" - else - checkpoint_false "Stubby service" - echo "Check config: https://cli.co/HbDBT2V" - output_21 - fi + checkpoint_true "$STUBBY_INSTALLED" + if service stubby status | grep -q 'running'; then + checkpoint_true "$STUBBY_SERVICE_RUNNING" + else + checkpoint_false "$STUBBY_SERVICE_NOT_RUNNING" + output_21 + fi - STUBBY_STRING=$(uci show dhcp.@dnsmasq[0] | grep -c "127.0.0.1#5453\|noresolv='1'") - if [ $STUBBY_STRING -eq 2 ]; then - checkpoint_true "Dnsmasq config for Stubby" - else - checkpoint_false "Dnsmasq config for Stubby" - echo "Check config: https://cli.co/HbDBT2V" - fi + STUBBY_STRING=$(uci show dhcp.@dnsmasq[0] | grep -c "127.0.0.1#5453\|noresolv='1'") + if [ $STUBBY_STRING -eq 2 ]; then + checkpoint_true "$DNSMASQ_CONFIG_FOR_STUBBY_OK" + else + checkpoint_false "$DNSMASQ_CONFIG_FOR_STUBBY_ERROR" + fi fi # Create dump if [[ "$1" == dump ]]; then - printf "\033[36;1mCreate dump without private variables\033[0m\n" - date > $DUMP - $HIVPN start >> $DUMP 2>&1 - $GETDOMAINS start >> $DUMP 2>&1 - uci show firewall >> $DUMP - uci show network | sed -r 's/(.*private_key=|.*preshared_key=|.*public_key=|.*endpoint_host=|.*wan.ipaddr=|.*wan.netmask=|.*wan.gateway=|.*wan.dns|.*.macaddr=).*/\1REMOVED/' >> $DUMP - - echo "Dump is here: $DUMP" - echo "For download Linux/Mac use:" - echo "scp root@IP_ROUTER:$DUMP ." - echo "For Windows use PSCP or WSL" + printf "\n$COLOR_BOLD_CYAN$DUMP_CREATION$COLOR_RESET\n" + date >$DUMP_PATH + $HIVPN start >>$DUMP_PATH 2>&1 + $GETDOMAINS_SCRIPT_PATH start >>$DUMP_PATH 2>&1 + uci show firewall >>$DUMP_PATH + uci show network | sed -r 's/(.*private_key=|.*preshared_key=|.*public_key=|.*endpoint_host=|.*wan.ipaddr=|.*wan.netmask=|.*wan.gateway=|.*wan.dns|.*.macaddr=).*/\1REMOVED/' >>$DUMP_PATH + printf "$DUMP_DETAILS\n" fi # Check DNS if [[ "$1" == dns ]]; then - printf "\033[36;1mCheck DNS servers\033[0m\n" - DNS_SERVERS="1.1.1.1 8.8.8.8 8.8.4.4" - DOH_DNS_SERVERS="cloudflare-dns.com 1.1.1.1 mozilla.cloudflare-dns.com security.cloudflare-dns.com" - DOMAINS="instagram.com facebook.com" + printf "\n$COLOR_BOLD_CYAN$DNS_CHECK$COLOR_RESET\n" + DNS_SERVERS="1.1.1.1 8.8.8.8 8.8.4.4" + DOH_DNS_SERVERS="cloudflare-dns.com 1.1.1.1 mozilla.cloudflare-dns.com security.cloudflare-dns.com" + DOMAINS="instagram.com facebook.com" - echo "1. Block DNS traffic (Port 53/udp is available)" + echo "1. $IS_DNS_TRAFFIC_BLOCKED" - for i in $DNS_SERVERS; - do - if nslookup -type=a -timeout=2 -retry=1 itdog.info $i | grep -q "timed out"; then - checkpoint_false "$i" - else - checkpoint_true "$i" - fi - done - - echo "2. DoH available" - - for i in $DOH_DNS_SERVERS; - do - if curl --connect-timeout 5 -s -H "accept: application/dns-json" "https://$i/dns-query?name=itdog.info&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then - checkpoint_true "$i" - else - checkpoint_false "$i" - fi - done - - echo "3. The response not contains an address from 127.0.0.0/8" - - for i in $DOMAINS; - do - if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '127\.[0-9]{1,3}\.'; then - checkpoint_false "$i" - else - checkpoint_true "$i" - fi - done - - echo "4. One IP for two different domains" - - FIRSTIP=$(nslookup -type=a instagram.com | awk '/^Address: / {print $2}') - SECONDIP=$(nslookup -type=a facebook.com | awk '/^Address: / {print $2}') - - if [ "$FIRSTIP" = "$SECONDIP" ] ; then - checkpoint_false "IP addresses are the same" + for i in $DNS_SERVERS; do + if nslookup -type=a -timeout=2 -retry=1 itdog.info $i | grep -q "timed out"; then + checkpoint_false "$i" else - checkpoint_true "Different IP addresses" + checkpoint_true "$i" fi + done - echo "5. The response is not blank" + echo "2. $IS_DOH_AVAILABLE" - for i in $DOMAINS; - do - if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then - checkpoint_true "$i" - else - checkpoint_false "$i" - fi - done - - echo "6. Сomparing response from unencrypted DNS and DoH (DNS poisoning)" - - DOHIP=$(curl -s -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=facebook.com&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') - OPENIP=$(nslookup -type=a -timeout=2 facebook.com 1.1.1.1 | awk '/^Address: / {print $2}') - - if [ "$DOHIP" = "$OPENIP" ]; then - checkpoint_true "IPs match" + for i in $DOH_DNS_SERVERS; do + if curl --connect-timeout 5 -s -H "accept: application/dns-json" "https://$i/dns-query?name=itdog.info&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then + checkpoint_true "$i" else - checkpoint_false "IPs not match" + checkpoint_false "$i" fi + done + + echo "3. $RESPONSE_NOT_CONTAINS_127_0_0_8" + + for i in $DOMAINS; do + if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '127\.[0-9]{1,3}\.'; then + checkpoint_false "$i" + else + checkpoint_true "$i" + fi + done + + echo "4. $ONE_IP_FOR_TWO_DOMAINS" + + FIRSTIP=$(nslookup -type=a instagram.com | awk '/^Address: / {print $2}') + SECONDIP=$(nslookup -type=a facebook.com | awk '/^Address: / {print $2}') + + if [ "$FIRSTIP" = "$SECONDIP" ]; then + checkpoint_false "$IPS_ARE_THE_SAME" + else + checkpoint_true "$IPS_ARE_DIFFERENT" + fi + + echo "5. $RESPONSE_IS_NOT_BLANK" + + for i in $DOMAINS; do + if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then + checkpoint_true "$i" + else + checkpoint_false "$i" + fi + done + + echo "6. $DNS_POISONING_CHECK" + + DOHIP=$(curl -s -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=facebook.com&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') + OPENIP=$(nslookup -type=a -timeout=2 facebook.com 1.1.1.1 | awk '/^Address: / {print $2}') + + if [ "$DOHIP" = "$OPENIP" ]; then + checkpoint_true "$IPS_ARE_THE_SAME" + else + checkpoint_false "$IPS_ARE_DIFFERENT" + fi fi # Info -echo -e "\nTelegram channel: https://t.me/itdoginfo" -echo "Telegram chat: https://t.me/itdogchat" +echo -e "\n$TELEGRAM_CHANNEL: https://t.me/itdoginfo" +echo "$TELEGRAM_CHAT: https://t.me/itdogchat"