Addition of arpspoof

2026-01-10 09:51:02 +01:00 · 2021-12-07 14:26:36 +01:00
parent e70fca9ba1
commit 2365cc1dde
13 changed files with 344 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -73,6 +73,7 @@ https://github.com/alexbelgium/hassio-addons
 ## &#10003; Misc tools

 - [Addons Updater](addons_updater/) ![support][support-shield] : Automatic addons update by aligning version tag with github upstream releases
+- [Arpspoof](arpspoof/): adds ability to block internet connection for local network devices
 - [Code-server](code-server/) : Code-server is VS Code running on a remote server, accessible through the browser.
 - [Inadyn](inadyn/) : Inadyn, or In-a-Dyn, is a small and simple Dynamic DNS, DDNS, client with HTTPS support. Commonly available in many GNU/Linux distributions, used in off the shelf routers and Internet gateways to automate the task of keeping your Internet name in sync with your public¹ IP address. It can also be used in installations with redundant (backup) connections to the Internet.
 - [Portainer](portainer/) ![privileged][privileged-shield] ![ingress][ingress-shield] : Manage your docker environment
--- a/arpspoof/CHANGELOG.md
+++ b/arpspoof/CHANGELOG.md
@@ -0,0 +1 @@
+- Initial release
--- a/arpspoof/Dockerfile
+++ b/arpspoof/Dockerfile
@@ -0,0 +1,58 @@
+ARG BUILD_FROM
+ARG BUILD_VERSION
+FROM techblog/arpspoof-docker:latest
+ENV BASHIO_VERSION=0.14.3
+ENV PACKAGES="jq \
+    curl"
+
+RUN \
+    ################
+    # Install apps #
+    ################
+    apt-get clean \
+    && apt-get update \
+    && apt-get install -y ${PACKAGES} \
+    \ 
+    ###################
+    # Install bashio #
+    ##################
+    && mkdir -p /tmp/bashio \
+    && curl -L -f -s "https://github.com/hassio-addons/bashio/archive/v${BASHIO_VERSION}.tar.gz" \
+    | tar -xzf - --strip 1 -C /tmp/bashio \
+    && mv /tmp/bashio/lib /usr/lib/bashio \
+    && ln -s /usr/lib/bashio/bashio /usr/bin/bashio \
+    && rm -rf /tmp/bashio || true
+
+# copy local files
+COPY rootfs/ /
+#WORKDIR /
+RUN chmod 777 /entrypoint.sh
+ENTRYPOINT [ "/usr/bin/env" ]
+CMD [ "/entrypoint.sh" ] 
+
+### LABELS
+ARG BUILD_ARCH
+ARG BUILD_DATE
+ARG BUILD_DESCRIPTION
+ARG BUILD_NAME
+ARG BUILD_REF
+ARG BUILD_REPOSITORY
+ARG BUILD_VERSION
+LABEL \
+    io.hass.name="${BUILD_NAME}" \
+    io.hass.description="${BUILD_DESCRIPTION}" \
+    io.hass.arch="${BUILD_ARCH}" \
+    io.hass.type="addon" \
+    io.hass.version=${BUILD_VERSION} \
+    maintainer="alexbelgium (https://github.com/alexbelgium)" \
+    org.opencontainers.image.title="${BUILD_NAME}" \
+    org.opencontainers.image.description="${BUILD_DESCRIPTION}" \
+    org.opencontainers.image.vendor="Home Assistant Add-ons" \
+    org.opencontainers.image.authors="alexbelgium (https://github.com/alexbelgium)" \
+    org.opencontainers.image.licenses="MIT" \
+    org.opencontainers.image.url="https://github.com/alexbelgium" \
+    org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \
+    org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \
+    org.opencontainers.image.created=${BUILD_DATE} \
+    org.opencontainers.image.revision=${BUILD_REF} \
+    org.opencontainers.image.version=${BUILD_VERSION}
--- a/arpspoof/Readme.md
+++ b/arpspoof/Readme.md
@@ -0,0 +1,56 @@
+# Home assistant add-on: Arpspoof
+
+[![Donate][donation-badge]](https://www.buymeacoffee.com/alexbelgium)
+
+[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white
+
+![Supports 
+ Architecture][aarch64-shield] ![Supports amd64 Architecture][amd64-shield] ![Supports armhf Architecture][armhf-shield] ![Supports armv7 Architecture][armv7-shield]
+![Supports smb mounts][smb-shield]
+
+_Thanks to everyone having starred my repo! To star it click on the image below, then it will be on top right. Thanks!_
+
+[![Stargazers repo roster for @alexbelgium/hassio-addons](https://reporoster.com/stars/alexbelgium/hassio-addons)](https://github.com/alexbelgium/hassio-addons/stargazers)
+
+## About
+
+[arpspoof](https://github.com/t0mer/Arpspoof-Docker) adds ability to block internet connection for local network devices
+This addon is based on the docker image https://hub.docker.com/r/techblog/arpspoof-docker
+
+## Installation
+
+The installation of this add-on is pretty straightforward and not different in comparison to installing any other add-on.
+
+1. Add my add-ons repository to your home assistant instance (in supervisor addons store at top right, or click button below if you have configured my HA)
+   [![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons)
+1. Install this add-on.
+1. Click the `Save` button to store your configuration.
+1. Set the add-on options to your preferences
+1. Start the add-on.
+1. Check the logs of the add-on to see if everything went well.
+1. Open the webUI and adapt the software options
+
+## Configuration
+
+Webui can be found at <http://your-ip:PORT>.
+
+
+```yaml
+ROUTER_IP: 127.0.0.1 #Required Router IP
+INTERFACE_NAME: name #Required Interface name, can use this command to get it: ip route get 8.8.8.8 | sed -nr 's/.*dev ([^\ ]+).*/\1/p'
+```
+
+## Support
+
+Create an issue on github
+
+## Illustration
+
+NO illustration
+
+[repository]: https://github.com/alexbelgium/hassio-addons
+[smb-shield]: https://img.shields.io/badge/smb-yes-green.svg
+[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
+[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
+[armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
+[armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg
--- a/arpspoof/apparmor.txt
+++ b/arpspoof/apparmor.txt
@@ -0,0 +1,48 @@
+#include <tunables/global>
+
+profile arpspoof_addon flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  
+  capability,
+  file,
+  mount,
+  umount,
+  remount,
+
+  capability setgid,
+  capability setuid,
+  capability sys_admin, 
+  capability dac_read_search, 
+  # capability dac_override,
+  # capability sys_rawio,
+
+# S6-Overlay
+  /bin/** ix,
+  /usr/bin/** ix,
+  /usr/lib/bashio/** ix,
+  /etc/s6/** rix,
+  /run/s6/** rix,
+  /etc/services.d/** rwix,
+  /etc/cont-init.d/** rwix,
+  /etc/cont-finish.d/** rwix,
+  /init rix,
+  /var/run/** mrwkl,
+  /var/run/ mrwkl,
+  /dev/i2c-1 mrwkl, 
+  # Files required
+  /dev/sda1 mrwkl,
+  /dev/sdb1 mrwkl,
+  /dev/mmcblk0p1 mrwkl,
+  /dev/* mrwkl,
+  /tmp/** mrkwl,
+  
+  # Data access
+  /data/** rw, 
+
+  # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
+  ptrace (trace,read) peer=docker-default,
+ 
+  # docker daemon confinement requires explict allow rule for signal
+  signal (receive) set=(kill,term) peer=/usr/bin/docker,
+
+} 
--- a/arpspoof/config.json
+++ b/arpspoof/config.json
@@ -0,0 +1,33 @@
+{
+  "apparmor": true,
+  "arch": ["aarch64", "amd64", "armv7", "armhf"],
+  "boot": "auto",
+  "description": "block internet connection for local network devices",
+  "devices": [
+  ],
+  "environment": {
+  },
+  "map": [],
+  "host_network": true,
+  "name": "Arpspoof",
+  "options": {
+    "ROUTER_IP": "yourip",
+    "INTERFACE_NAME": "interface name"
+  },
+  "ports": {
+    "7022/tcp": 7022
+  },
+  "ports_description": {
+    "7022/tcp": "web interface"
+  },
+  "privileged": ["SYS_ADMIN", "DAC_READ_SEARCH"],
+  "schema": {
+    "ROUTER_IP": "str",
+    "INTERFACE_NAME": "str"
+  },
+  "slug": "arpspoof",
+  "upstream": "1.0",
+  "url": "https://github.com/alexbelgium/hassio-addons",
+  "version": "1.0",
+  "webui": "http://[HOST]:[PORT:7022]"
+}
--- a/arpspoof/icon.png
+++ b/arpspoof/icon.png
--- a/arpspoof/logo.png
+++ b/arpspoof/logo.png
--- a/arpspoof/rootfs/entrypoint.sh
+++ b/arpspoof/rootfs/entrypoint.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+echo "Starting..."
+
+###################################
+# Export all addon options as env #
+###################################
+
+# For all keys in options.json
+JSONSOURCE="/data/options.json"
+
+# Export keys as env variables
+echo "All addon options were exported as variables"
+mapfile -t arr < <(jq -r 'keys[]' ${JSONSOURCE})
+for KEYS in ${arr[@]}; do
+  # export key
+  VALUE=$(jq .$KEYS ${JSONSOURCE})
+  export ${KEYS}=${VALUE//[\"\']/} &>/dev/null
+done
+
+################
+# Set timezone #
+################
+if [ ! -z "TZ" ] && [ -f /etc/localtime ]; then
+  if [ -f /usr/share/zoneinfo/$TZ ]; then
+    echo "Timezone set from $(cat /etc/timezone) to $TZ"
+    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ >/etc/timezone
+  else
+    echo "WARNING : Timezone $TZ is invalid, it will be kept to default value of $(cat /etc/timezone)"
+  fi
+fi
+
+####################
+# Starting scripts #
+####################
+
+for SCRIPTS in scripts/*; do
+  [ -e "$SCRIPTS" ] || continue
+  echo "$SCRIPTS: executing"
+  chown $(id -u):$(id -g) $SCRIPTS
+  chmod a+x $SCRIPTS
+  sed -i 's|/usr/bin/with-contenv bashio|/usr/bin/env bashio|g' $SCRIPTS || true
+  ./$SCRIPTS || echo "$SCRIPTS: exiting $?"
+done
--- a/arpspoof/rootfs/scripts/00-aaa_dockerfile_backup.sh
+++ b/arpspoof/rootfs/scripts/00-aaa_dockerfile_backup.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+# If dockerfile failed install manually
+if [ ! -f "/usr/bin/bashio" ]; then
+    echo "Bashio does not exist, executing script"
+    (
+        ################
+        # Install apps #
+        ################
+        PACKAGES="${PACKAGES:="curl"}"
+        
+        apt-get clean \
+        && apt-get update \
+        && apt-get install -y $PACKAGES 2>/dev/null \
+        || apk add --no-cache $PACKAGES
+
+        ###################
+        # Install bashio #
+        ##################
+        
+        mkdir -p /tmp/bashio
+        curl -L -f -s "https://github.com/hassio-addons/bashio/archive/v${BASHIO_VERSION}.tar.gz" |
+            tar -xzf - --strip 1 -C /tmp/bashio
+        mv /tmp/bashio/lib /usr/lib/bashio
+        ln -s /usr/lib/bashio/bashio /usr/bin/bashio
+        rm -rf /tmp/bashio
+
+    ) >/dev/null
+
+fi
--- a/arpspoof/rootfs/scripts/00-banner.sh
+++ b/arpspoof/rootfs/scripts/00-banner.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Displays a simple add-on banner on startup
+# ==============================================================================
+
+if bashio::supervisor.ping; then
+    bashio::log.blue \
+    '-----------------------------------------------------------'
+    bashio::log.blue " Add-on: $(bashio::addon.name)"
+    bashio::log.blue " $(bashio::addon.description)"
+    bashio::log.blue \
+    '-----------------------------------------------------------'
+
+    bashio::log.blue " Add-on version: $(bashio::addon.version)"
+    if bashio::var.true "$(bashio::addon.update_available)"; then
+        bashio::log.magenta ' There is an update available for this add-on!'
+        bashio::log.magenta \
+        " Latest add-on version: $(bashio::addon.version_latest)"
+        bashio::log.magenta ' Please consider upgrading as soon as possible.'
+    else
+        bashio::log.green ' You are running the latest version of this add-on.'
+    fi
+
+    bashio::log.blue " System: $(bashio::info.operating_system)" \
+    " ($(bashio::info.arch) / $(bashio::info.machine))"
+    bashio::log.blue " Home Assistant Core: $(bashio::info.homeassistant)"
+    bashio::log.blue " Home Assistant Supervisor: $(bashio::info.supervisor)"
+
+    bashio::log.blue \
+    '-----------------------------------------------------------'
+    bashio::log.blue \
+    ' Please, share the above information when looking for help'
+    bashio::log.blue \
+    ' or support in, e.g., GitHub, forums'
+    bashio::log.green \
+    ' https://github.com/alexbelgium/hassio-addons'
+    bashio::log.blue \
+    '-----------------------------------------------------------'
+fi
--- a/arpspoof/rootfs/scripts/00-global_var.sh
+++ b/arpspoof/rootfs/scripts/00-global_var.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+###################################
+# Export all addon options as env #
+###################################
+
+# For all keys in options.json
+JSONSOURCE="/data/options.json"
+
+# Export keys as env variables
+# echo "All addon options were exported as variables"
+mapfile -t arr < <(jq -r 'keys[]' ${JSONSOURCE})
+for KEYS in ${arr[@]}; do
+  # export key
+  VALUE=$(jq .$KEYS ${JSONSOURCE})
+  line="${KEYS}=${VALUE//[\"\']/} &>/dev/null"
+  # Use locally
+  export $line
+  # Export the variable to run scripts
+  sed -i "1a export $line" /etc/services.d/*/*run* 2>/dev/null || sed -i "1a export $line" /scripts/*run*
+done
+
+################
+# Set timezone #
+################
+if [ ! -z "TZ" ] && [ -f /etc/localtime ]; then
+  if [ -f /usr/share/zoneinfo/$TZ ]; then
+    echo "Timezone set from $(cat /etc/timezone) to $TZ"
+    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ >/etc/timezone
+  fi
+fi
--- a/arpspoof/rootfs/scripts/99-run.sh
+++ b/arpspoof/rootfs/scripts/99-run.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bashio
+
+bashio::log.info "Starting..."
+/usr/bin/python3 /opt/arpspoof/arpspoof.py