diff --git a/how-to-backup-and-encrypt-data-privately-and-securely-using-rsync-and-veracrypt-on-macos/README.md b/how-to-backup-and-encrypt-data-privately-and-securely-using-rsync-and-veracrypt-on-macos/README.md index 51d5b10..59cc0b5 100644 --- a/how-to-backup-and-encrypt-data-privately-and-securely-using-rsync-and-veracrypt-on-macos/README.md +++ b/how-to-backup-and-encrypt-data-privately-and-securely-using-rsync-and-veracrypt-on-macos/README.md @@ -212,14 +212,14 @@ veracrypt --text --mount --pim 0 --keyfiles "" --protect-hidden no "$BACKUP_VOLU mkdir -p /Volumes/Backup/Versioning -declare -a files=( +files=( "/Users/$(whoami)/.gnupg" "/Users/$(whoami)/.ssh" "/Users/$(whoami)/Library/Keychains" ) for file in "\${files[@]}"; do - rsync -axRS --delete --backup --backup-dir /Volumes/Backup/Versioning --suffix=\$(date +'.%F_%H-%M') "\$file" /Volumes/Backup + rsync -axRS --delete --backup --backup-dir /Volumes/Backup/Versioning --suffix=\$(date +".%F-%H%M%S") "\$file" /Volumes/Backup done if [ "\$(find /Volumes/Backup/Versioning -type f -ctime +90)" != "" ]; then @@ -250,7 +250,7 @@ EOF chmod +x /usr/local/bin/backup.sh ``` -### Step 14: edit backup script +### Step 14: edit `/usr/local/bin/backup.sh` script ```shell vi /usr/local/bin/backup.sh @@ -285,6 +285,38 @@ EOF chmod +x /usr/local/bin/check.sh ``` +### Step 16: create `/usr/local/bin/restore.sh` script + +```shell +cat << EOF > /usr/local/bin/restore.sh +#! /bin/sh + +set -e + +function cleanup() +{ + if [ -d "/Volumes/Backup" ]; then + veracrypt --text --dismount "$BACKUP_VOLUME_PATH" + fi +} + +trap cleanup ERR INT + +veracrypt --text --mount --pim 0 --keyfiles "" --protect-hidden no "$BACKUP_VOLUME_PATH" /Volumes/Backup + +open /Volumes/Backup + +printf "Restore data and press enter" + +read -r answer + +veracrypt --text --dismount "$BACKUP_VOLUME_PATH" + +printf "%s\n" "Done" +EOF +chmod +x /usr/local/bin/restore.sh +``` + ## Usage guide ### Backup @@ -304,7 +336,7 @@ Done 👍 -### Check integrity of backup +### Check ```console $ check.sh @@ -315,3 +347,16 @@ OK OK 👍 + +### Restore + +```console +$ restore.sh +Enter password for /Volumes/Samsung BAR/b: +Restore data and press enter +Done +``` + +Done + +👍 diff --git a/how-to-configure-self-hosted-vpn-kill-switch-using-pf-firewall-on-macos/README.md b/how-to-configure-self-hosted-vpn-kill-switch-using-pf-firewall-on-macos/README.md index 4908a2f..7a219c4 100644 --- a/how-to-configure-self-hosted-vpn-kill-switch-using-pf-firewall-on-macos/README.md +++ b/how-to-configure-self-hosted-vpn-kill-switch-using-pf-firewall-on-macos/README.md @@ -255,7 +255,7 @@ sudo pfctl -F all -f /etc/pf.conf ```shell sudo mkdir -p /usr/local/sbin -sudo chown $(whoami):admin /usr/local/sbin/ +sudo chown $(whoami):admin /usr/local/sbin ``` ### Step 11: source `/usr/local/sbin` folder diff --git a/how-to-self-host-a-hardened-strongswan-ikev2-ipsec-vpn-server-for-ios-and-macos/README.md b/how-to-self-host-a-hardened-strongswan-ikev2-ipsec-vpn-server-for-ios-and-macos/README.md index 4b25fd4..b4abcc5 100644 --- a/how-to-self-host-a-hardened-strongswan-ikev2-ipsec-vpn-server-for-ios-and-macos/README.md +++ b/how-to-self-host-a-hardened-strongswan-ikev2-ipsec-vpn-server-for-ios-and-macos/README.md @@ -213,7 +213,7 @@ apt install -y curl python Shout out to [Andrew Ho](https://gist.github.com/andrewlkho/31341da4f5953b8d977aab368e6280a8) for `ulagen.py`. -The following commands downloads and runs [ulagen.py](./ulagen.py) (advanced users may wish to download [ulagen.py.sig](./ulagen.py.sig) and verify signature using my [PGP public key](https://sunknudsen.com/sunknudsen.asc) before running script). +The following command downloads and runs [ulagen.py](./ulagen.py) ([PGP signature](./ulagen.py.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc)). ```console $ curl -s https://sunknudsen.com/static/media/privacy-guides/how-to-self-host-a-hardened-strongswan-ikev2-ipsec-vpn-server-for-ios-and-macos/ulagen.py | python | grep "First subnet" | awk '{print "STRONGSWAN_IPV6_ULA="$3}' | tee -a ~/.bashrc diff --git a/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/README.md b/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/README.md index 825905d..148504e 100644 --- a/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/README.md +++ b/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/README.md @@ -24,10 +24,32 @@ Publication date: 2020-05-19T00:00:00.000Z ```shell sudo mkdir -p /usr/local/sbin -sudo chown $(whoami):admin /usr/local/sbin/ +sudo chown $(whoami):admin /usr/local/sbin ``` -### Step 2: create `spoof.sh` script +### Step 2: source `/usr/local/sbin` folder + +Find which shell is configured using `echo $SHELL`. + +#### Bash (/bin/bash) + +```shell +cat << "EOF" >> ~/.bash_profile +export PATH=${PATH}:/usr/local/sbin +EOF +source ~/.bash_profile +``` + +#### Z Shell (/bin/zsh) + +```shell +cat << "EOF" >> ~/.zshrc +export PATH=${PATH}:/usr/local/sbin +EOF +source ~/.zshrc +``` + +### Step 3: create `spoof.sh` script ```shell cat << "EOF" > /usr/local/sbin/spoof.sh @@ -37,10 +59,10 @@ set -e export LC_CTYPE=C -dirname=`dirname "${BASH_SOURCE}"` +basedir=$(dirname "$0") # Spoof computer name -first_name=`sed "$(jot -r 1 1 2048)q;d" $dirname/first_names.txt | sed -e 's/[^a-zA-Z]//g'` +first_name=`sed "$(jot -r 1 1 2048)q;d" $basedir/first-names.txt | sed -e 's/[^a-zA-Z]//g'` model_name=`system_profiler SPHardwareDataType | awk '/Model Name/ {$1=$2=""; print $0}' | sed -e 's/^[ ]*//'` computer_name="$first_name’s $model_name" host_name=`echo $computer_name | sed -e 's/’//g' | sed -e 's/ /-/g'` @@ -50,7 +72,7 @@ sudo scutil --set HostName "$host_name" printf "%s\n" "Spoofed hostname to $host_name" # Spoof MAC address of en0 interface -mac_address_prefix=`sed "$(jot -r 1 1 768)q;d" $dirname/mac_address_prefixes.txt | sed -e 's/[^A-F0-9:]//g'` +mac_address_prefix=`sed "$(jot -r 1 1 768)q;d" $basedir/mac-address-prefixes.txt | sed -e 's/[^A-F0-9:]//g'` mac_address_suffix=`openssl rand -hex 3 | sed 's/\(..\)/\1:/g; s/.$//'` mac_address=`echo "$mac_address_prefix:$mac_address_suffix" | awk '{print toupper($0)}'` sudo ifconfig en0 ether "$mac_address" @@ -58,29 +80,29 @@ printf "%s\n" "Spoofed MAC address of en0 interface to $mac_address" EOF ``` -### Step 3: make `spoof.sh` executable +### Step 4: make `spoof.sh` executable ```shell chmod +x /usr/local/sbin/spoof.sh ``` -### Step 4: download [first_names.txt](first_names.txt) +### Step 5: download [first-names.txt](first-names.txt) This list includes the top 2048 most popular baby names from the [USA Social Security Administration](https://www.ssa.gov/oact/babynames/limits.html). ```shell -curl -o /usr/local/sbin/first_names.txt https://sunknudsen.com/static/media/privacy-guides/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/first_names.txt +curl -o /usr/local/sbin/first-names.txt https://sunknudsen.com/static/media/privacy-guides/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/first-names.txt ``` -### Step 5: download [mac_address_prefixes.txt](mac_address_prefixes.txt) +### Step 6: download [mac-address-prefixes.txt](mac-address-prefixes.txt) This list includes 768 Apple MAC address prefixes. ```shell -curl -o /usr/local/sbin/mac_address_prefixes.txt https://sunknudsen.com/static/media/privacy-guides/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/mac_address_prefixes.txt +curl -o /usr/local/sbin/mac-address-prefixes.txt https://sunknudsen.com/static/media/privacy-guides/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/mac-address-prefixes.txt ``` -### Step 6: create `local.spoof.plist` launch daemon +### Step 7: create `local.spoof.plist` launch daemon This step is responsible for running `spoof.sh` every time your Mac boots. @@ -105,7 +127,7 @@ cat << "EOF" | sudo tee /Library/LaunchDaemons/local.spoof.plist EOF ``` -### Step 7: reboot and confirm hostname and MAC address have been spoofed +### Step 8: reboot and confirm hostname and MAC address have been spoofed ```shell # Spoofed hostname @@ -131,12 +153,12 @@ $ networksetup -listallhardwareports | awk -v RS= '/en0/{print $NF}' ### Step 1: set computer name, local hostname and hostname -Replace `John Doe` with a value to your liking. Don’t forget to replace empty spaces by `-` for `LocalHostName` and `HostName`. +Replace `John` with a name to your liking. ```shell -sudo scutil --set ComputerName "John Doe" -sudo scutil --set LocalHostName "John-Doe" -sudo scutil --set HostName "John-Doe" +sudo scutil --set ComputerName "John’s MacBook Pro" +sudo scutil --set LocalHostName "Johns-MacBook-Pro" +sudo scutil --set HostName "Johns-MacBook-Pro" ``` ### Step 2: set MAC address to default value @@ -151,6 +173,6 @@ sudo rm /Library/LaunchDaemons/local.spoof.plist ```shell rm /usr/local/sbin/spoof.sh -rm /usr/local/sbin/first_names.txt -rm /usr/local/sbin/mac_address_prefixes.txt +rm /usr/local/sbin/first-names.txt +rm /usr/local/sbin/mac-address-prefixes.txt ``` diff --git a/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/first_names.txt b/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/first-names.txt similarity index 100% rename from how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/first_names.txt rename to how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/first-names.txt diff --git a/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/mac_address_prefixes.txt b/how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/mac-address-prefixes.txt similarity index 100% rename from how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/mac_address_prefixes.txt rename to how-to-spoof-anonymize-your-mac-address-and-hostname-automatically-at-boot-on-macos/mac-address-prefixes.txt