Notice: Undefined index: date in /usr/share/nginx/www/laurent/src/note.php on line 33

Notice: Undefined index: date in /usr/share/nginx/www/laurent/src/note.php on line 38

Notice: Undefined index: date in /usr/share/nginx/www/laurent/src/note.php on line 40

Notice: Undefined index: date in /usr/share/nginx/www/laurent/src/note.php on line 40

Notice: Undefined index: date in /usr/share/nginx/www/laurent/src/note.php on line 44

Notice: Undefined index: date in /usr/share/nginx/www/laurent/src/note.php on line 45

Whole system ads-blocking

Raspberry Pi 2

Small tutorial to have a Raspberry Pi 2 home server with Kodi as media player and rtorrent with automatic download of new tv show.

First of all to remove the rainbow square telling you that their is not enough power for all the thing plugged on your Raspberry Pi:

sudo su
echo avoid_warnings=2 >> /boot/config.txt
exit

To be able to install the last version of Kodi, we add the raspbian Kodi repository:

sudo su
echo deb http://archive.mene.za.net/raspbian wheezy contrib > /etc/apt/sources.list.d/mene.list
exit

and the associated key

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key 5243CDED

Then we start with an update system:

sudo apt-get update
sudo apt-get upgrade

And we install all the necessary packages:

sudo apt-get install screen curl rtorrent sshfs python2.7 python-pip python-dev vim git kodi apt-transport-https fail2ban git
sudo pip install flexget Glances

To enable kodi at boot

sudo usermod -a -G audio,video,input,dialout,plugdev,tty kodi
sudo su
echo ENABLED=1 > /etc/default/kodi
exit

We configure bash and screen for a nicer interface:

# to get my .bashrc file
git clone https://gist.github.com/f72ca17613d12ff810e7.git
mv f72ca17613d12ff810e7/.bashrc ~/.bashrc
# to get my .vimrc file
git clone https://gist.github.com/e7deca9fa772aee852b4.git
mv e7deca9fa772aee852b4/.screenrc ~/.screenrc
# to get liquidprompt for a nicer bash
git clone https://github.com/nojhan/liquidprompt
mv liquidprompt .liquidprompt
# and we cleanup
rm -Rf f72ca17613d12ff810e7 e7deca9fa772aee852b4

We are going to create a sh folder to store all our scripts

mkdir ~/sh/
# small script to send sms from command line with free (FR operator)
git clone https://gist.github.com/36865209d7c2bc2ed86a.git
mv 36865209d7c2bc2ed86a/sms.sh ~/sh/sms.sh
rm -Rf 36865209d7c2bc2ed86a
chmod +x ~/sh/sms.sh

rtorrent configuration

I have configured rtorrent to watch for new torrent in the folder ~/series ~/films and ~/downloads and to download them in their respective folder. Once a torrent is removed from rtorrent, the corresponding .torrent file il deleted. My configuration is set to a download and upload rate of 500kb/40kb between 8h30 and 24h and unilimited for both values the rest of the night.

# create a folder for the rtorrent session files
mkdir .session
# to get my .rtorrent.rc file
git clone https://gist.github.com/ddc3bf5c8616afa323ca.git
mv ddc3bf5c8616afa323ca/.rtorrent.rc ~/.rtorrent.rc

You can change the line port_range = 45698-45699 and dht_port = 42600 to open ports of your liking.

To launch rtorrent at startup we need to create the following init file:

git clone https://gist.github.com/e96a20ff75b022d62f77.git
sudo mv e96a20ff75b022d62f77/rtorrent /etc/init.d/rtorrent
sudo chmod +x /etc/init.d/rtorrent

This will create a screen session with rtorrent running in it for the user pi.

We now set flexget to periodically download our favorite TV shows. For this wee need an account on the website showrss.info.

mkdir -p .config/flexget/
vim .config/flexget/config.yml

To edit the configuration file with vim you need to hit i past the following content with your showrss.info id_user and then press Esc, type :x then press Enter.

tasks:
  tv-shows:
    rss: http://showrss.info/rss.php?user_id=user_id&hd=1&proper=1&magnets=false&namespaces=true&raw=true
    all_series: yes
    download: /home/pi/series/

We initialize flexget

flexget -V

And add it to cron to run it every 6 hours

crontab -e

By adding the following line at the end of the file

0 */6 * * * /usr/local/bin/flexget --cron execute

USB disk configuration

I had trouble auto-mounting my external 2To USB hard drive at boot so I used the following tricks

To auto-mount

sudo vim /etc/rc.local
sleep 15
/usr/local/sbin/udev-automounter.sh sda1

Then we can mount the disk and link the folder films, series and downloads to our home directory for an easier access and to match the .rtorrent.rc configuration file.

sudo udev-automounter.sh sda1
ln -s /media/2To_laurent/films films
ln -s /media/2To_laurent/series series
ln -s /media/2To_laurent/downloads downloads

To mount the disk automatically at boot we need to add the following line to the file /etc/rc.local

sudo vim /etc/rc.local

We check if the disk is not already mounted, if not we check that there are no mount folder left (i.e. badly unmounted) and then we mount it.

sleep 15
if [ -a /media/2To_laurent/films ]
  then
    echo already monted !
  else
    if [ -a /media/2To_laurent/ ]
      then
        rm -R /media/2To_laurent/
    fi
    /usr/local/sbin/udev-automounter.sh sda1
fi

Then we also need to add the following udev rule for the disk to be mounted when plugged:

sudo vim /etc/udev/rules.d/89-local.rules
# /etc/udev/rules.d/89-local.rules
# ADD rule: if we have a valid ID_FS_LABEL_ENC, and it's USB, mkdir and mount
ENV{ID_FS_LABEL_ENC}=="?*",   ACTION=="add",      SUBSYSTEMS=="usb", \
         RUN+="/usr/local/sbin/udev-automounter.sh %k"

And we use 3 script for the smart mounting by itself:

git clone https://gist.github.com/251709ac502ed4677543.git
sudo mv 251709ac502ed4677543/udev-automounter.sh /usr/local/sbin/udev-automounter.sh

git clone https://gist.github.com/fbda1c210538215ce256.git
sudo mv fbda1c210538215ce256/udev-auto-mount.sh /usr/local/sbin/udev-auto-mount.sh

git clone https://gist.github.com/b218cd87f7efdcae8b32.git
sudo mv b218cd87f7efdcae8b32/udev-unmounter.sh /usr/local/sbin/udev-unmounter.sh

sudo chmod +x /usr/local/sbin/udev-automounter.sh /usr/local/sbin/udev-auto-mount.sh /usr/local/sbin/udev-unmounter.sh

ssh key authentification

You can remove the need of typing your password every time that you connect to your Raspberry by ssh by using a key authentication with no password on your personal computer.

We generate a rsa key:

ssh-keygen -t rsa -b 4096 -C "$(whoami)@$(hostname)-$(date -I)" -f ~/.ssh/id_rsa_berry

then we copy the public key to the raspberry server (192.168.0.1 is the local ip of the Raspberry):

ssh-copy-id -i ~/.ssh/id_rsa_berry.pub pi@192.168.0.1

We can also modify the file ~/.ssh/config to use this key by default:

Host berry
  Hostname            192.168.0.1
  User                pi
  IdentitiesOnly      yes
  IdentityFile        ~/.ssh/id_rsa_berry
  ServerAliveInterval 3600
  ControlMaster       auto
  ControlPersist      yes
  ControlPath         ~/.ssh/socket-%r@%h:%p

security

ssh

We can disable root login by edition the file:

sudo vim /etc/ssh/sshd_config

fail2ban

fail2ban is a software who watches ip with suspicious activities (brutforce attack) and temporarly ban them by modifying the iptable.

sudo apt-get install fail2ban
cd /etc/fail2ban
sudo cp jail.conf jail.local
sudo vim jail.local

because jail.conf change with update we don't want to modify it.

we ban for 24h:

bantime  = 86400

then restart fail2ban

sudo service fail2ban restart

to know who is currently banned:

sudo iptables -L

If you want to ban those ip adresse definively:

sudo iptables -L | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sudo awk '{system("iptables -A INPUT -s "$0" -j DROP")}'