Can u define the project in a line here ?

A end user privacy firewall

Is there are any similar projects like this ?

sure they are

is their any demo showing that it is acutally did what is claimed ?

we are in the way to deliver, ongoing

#Why do we need this technology?

Sniffers: those that are checking your traffic.
Government spy/monitoring institutions passive actions: collecting general data from worldwide.
Librerouter evil nodes: a box Owned for those bad people.
Malicious internet nodes: better known as blackbones.
Your internet provider (ISP): if they would trying anything with your data.

The Internet is full of free services and you are the product they sell your data, in their terms and conditions page, that almost nobody reads, and Librerouter operates exactly the opposite:

#What is Linux-libre?

Is an operating system kernel and a GNU package[3] that is maintained from modified versions of the Linux kernel. The aim of the project is to remove from the Linux kernel any software that does not include its source code, has its source code obfuscated, or is released under proprietary licenses.

Software components with no available source code are called binary blobs and, as such, are mostly used for proprietary firmware images in the Linux kernel. While generally redistributable, binary blobs do not give the user the freedom to audit, modify or, consequently, redistribute their modified versions.

3 ways to have Linux with no blobs:

a) Deblobing : clean up and verify linux tarballs and patches for non-Free blobs, you can check if your linux tarballs has non-free blobs or not from here
b) Use clean basement and dont allow instaltion of 3rd party software that is stablished by trust control is free of blobls. Example linux libre
c) VRMS :vrms (Virtual Richard M. Stallman) is a program that analyzes the set of currently-installed packages on a Debian-based system, and reports all of the packages from the non-free tree which are currently installed. Software gets placed in the non-free tree when it is agreed not to be too problematic for Debian to distribute but does not meet the Debian Free Software Guidelines and therefore cannot be included in their official distribution. For each program from "non-free" installed, vrms displays an explanation of why it is non-free, if one is available.:https://alioth.debian.org/projects/vrms/

Philosophically speaking, you could consider the difference to be as follows:

the Debian kernel doesn't include any non-free firmware (bugs aside), but it allows users to load non-free firmware if they wish to do so;
the Linux-libre kernel doesn't include any non-free firmware or anything looking like firmware, and it prevents users from loading non-free firmware even if they wish to do so.

Linux-libre is built by running a deblob script on the kernel source code. This goes through the kernel source code, and makes various firmware-related changes:

any firmware for which source code is available is preserved, but the script makes sure the source code is available;
any module requiring firmware is stripped of the ability to load the firmware;
any source code which looks like firmware (sequences of numbers) is removed;
any file containing only firmware (e.g. the contents of firmware/radeon) is removed.

#What intend to be Librerouter? GNU open hardware running and GNU software:

#Who? Why? What? How?

A unique combination of open hardware, GNU software and trainning you can achieve a decrease of the cyber risks:

• Open source comunity.
• Solution to bypass censorship, spy agencies, anti net neutrality internet providers, and gov. control.
• Easy to use for all people with zero tech knowledge.
• Plug and play system to make your traffic untraceable.
• It is the future Data Center resilience infrastructure.

#What is Open-source hardware ?

It consists of physical artifacts of technology designed and offered by the open design movement. Both free and open-source software (FOSS) as well as open-source hardware is created by this open-source culture movement and applies a like concept to a variety of components. It is sometimes, thus, referred to as FOSH (free and open-source hardware). The term usually means that information about the hardware is easily discerned so that others can make it - coupling it closely to the maker movement.[1] Hardware design (i.e. mechanical drawings, schematics, bills of material, PCB layout data, HDL source code[2] and integrated circuit layout data), in addition to the software that drives the hardware, are all released under free/libre terms. The original sharer gains feedback and potentially improvements on the design from the FOSH community. There is now significant evidence that such sharing can drive a high return on investment for investors.

###LGPL

The GNU Lesser General Public License (LGPL) is a free software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate software released under the LGPL into their own (even proprietary) software without being required by the terms of a strong copyleft license to release the source code of their own components. The license only requires software under the LGPL be modifiable by end users via source code availability. For proprietary software, code under the LGPL is usually used in the form of a shared library such as a DLL, so that there is a clear separation between the proprietary and LGPL components. The LGPL is primarily used for software libraries, although it is also used by some stand-alone applications.

###CC

A Creative Commons (CC) license is one of several public copyright licenses that enable the free distribution of an otherwise copyrighted work. A CC license is used when an author wants to give people the right to share, use, and build upon a work that they have created. CC provides an author flexibility (for example, they might choose to allow only non-commercial uses of their own work) and protects the people who use or redistribute an author's work from concerns of copyright infringement as long as they abide by the conditions that are specified in the license by which the author distributes the work.

#WTH many hw providers claimed they produce open hardware but it's just horse shit?

The market is full of crowdfunded project where the funder claimed the project is open hardware but in real the hardware is full of binary blobls, chipset restringtions and questions about missing parts of info and doc:

ARM Truszone
Controllers in Chipset of the network nics is not opensource
No source code.
Binary Blobs in the ROMs or bROM.
No documentation-
No schematics
Neeed sign binary for bein accepted by the board.
Not accept free booting.

##Which are the licenses/certifications that show openes in the hardware?

###Which are the certifications for privacy and security?

###Which are security product ceritifcations?

#Operating System

###Purposed:

Debian (after deblobling,hardening,enlighting) Lubuntu (after deblobling,hardening,enlighting) Ubuntu Core (after deblobling)

Devuan (librekernel,(after apply hardening) Uruk (librekernel),(after apply hardening)

Docker for app (further containerization for security) (reference qubeOS.org)

#HOW to use Librerouter in Hardware?

• -a) If you buy a Librerouter then connect it like:

• -b) If you feel like an computer expert, then install the scripts in a virtual/physical machine DoItYourSelf

#Which hardware is needed to run Librerouter?

Anyone able to run Debian or Ubuntu (by now). It does not matter if ARM,x86 or 64 bits. It need to have at least 2 network interfaces, 2GB RAM, 4 cores and *1TB Hdd. *For Owncloud user folders TahoheLafs I2P we recomend 1TB hardisk and separate the boot from the rootfs

#How it will protect me?

 • - Filtering virus, exploits, malware, ads , bad reputational IP and tasteless content.
 • - Decentralizing the services you consume from the cloud at local alternatives (making impossible to apply big data enemy corps. )
 • - Selfhosted obfuscated authentication (dissolve legal relation between user-human and legal-name), 
 • - Forcing encryption in transport and in rest data.
 • - Network filtering the MetaData that expose you, like scripts,cookies, browser info, docs meta, etc.

Decentralizing the services (doing impossible to apply big data to you )

#Services running in Librerouter

app	Decentralized	AnonymInsid	ncryptclientside	ncryptservrside	PubPrivF2F	exposepubIP
OwnCloud	yes	not	not	yes	PrivtFederation	yes
Mailpile	yes	not	4096DSAelg	not	Private	yes
Rouncube	yes	not	4096DSAelg	not	Private	yes
Diaspora	yes	not	not	EncFS	publics	yes
Friendica	yes	not	not	EncFS	publics	yes
YaCy	yes	not	EncFS	public	yes	no
TahoeI2p	yes	yes	yes	owncloud	public	no
ProsodyTOR	yes	not	yes	not	public	not
RTCio	yes	not	Partially	not	publics	yes
TOR	no	yes	no	maybe	public	no
I2P	yes	yes	no	yes	private	yes
Dovecot	yes	not	?	public	yes	no
Postfix	yes	not	?	public	yes	no
:---	:---	:---	:---	:---	:---	:---

https://github.com/Librerouter/debian-autoscript/issues

Libre or not libre libraries in the App##

https://213.129.164.215:4580/dokuwiki/doku.php?id=technical:software:matrix:featurescomparison

Software APPs and their Dependencies Status

https://www.cageos.org/index.php?page=apps

##Service Descentralized Indestructible Storage the RockStar app

Imagine all the important information you have stored on the hard drive of your computer.You are just one hardware failure away from disaster.After all, when did you do your last backup? Unfortunately, centralized storage solutions such as Dropbox and Google Drive also present a variety of risks:

• Data kidnapping: A real example was Mega. (FBI closed it in 2009). • Disaster: Your external hard disks fail or stolen. (no disaster recovery)
• Privacy: You're at risk of having your data hacked and stolen if it’s not encrypted.

The decentralized (i2p) version of Tahoe LAFS-Grid (with protections against Sybil attacks and upload Dodos) is a new way to make your data indestructible. A grid splits your files up into little pieces, encrypts them and spreads them out geographically, making it immune to any disaster or service outage. In our decentralized system your valuable information is encrypted three times:

Before it even leaves your computer, in the web browser
In the collaboration tool before the data goes to the hard disk
When backing up to the grid, the slices will also be encrypted.

The decentralized (i2p) version of Tahoe LAFS-Grid (with protections against Sybil attacks and upload Dodos) is a new way to make your data indestructible.

A grid splits your files up into little pieces, encrypts them and spreads them out geographically, making it immune to any disaster or service outage.

You can also sync your home Librerouter with all of your portable devices to have the same files and receive the same alerts in real time.If someone steals your cube or for some reason it is destroyed, you can simply buy a replacement Librerouter server and recover your lost data automatically from the Grid.In minutes you’re up and running again!

Service The descentralized Social networkNetwork

Librerouter can act as a unified entry and outgoing point for all of your posts across social networks, as well as a filter for what is important to you.For example, do you hate cat videos? (Really? Can I get you some help?) You can use Librerouter to filter them out when it automatically imports posts from Facebook, Twitter, and Pinterest! You control your incoming and outgoing posts, and push your posts from a single place to everywhere with no need to open each social network in a separate tab.We aren’t asking you to give up on social media.Instead we offer you a way to be in the captain’s chair.

Service The descentralized Video Conference

With federated XMPP servers for authentication but perfect for discovering users outside the Librerouter network with security from the normal web. b) Unauthenticated and decentralized web browser video conferencing through anonymous links to create fast video conference rooms without third parties or middlemen involved.

#Setup Modes

There are 2 ways to join to CommunityLibrerouter network

###1. Setup CommunityLibrerouter software on Physical/Virtual machine----Debian or librekernel distro ###2. Setup CommunityLibrerouter software on ARM-------------------------Debian or librekernel distro croscompiled

The following list includes some of the features that have been added and modified in the Linux kernel (core):

• Anti-exploitation modules high tuned for OS attacking resistance.
• Anti-forensic capabilities in the case of seizure by law enforcement. • Cryptographically enhanced modules for file memory and access modes. Boot and Full disk encryption and Cold Boot Attack patched. • Isolation: Each service runs in an isolated environment, to prevent security bugs that may affect the rest of the system and services. • Optimization: Proper service configuration helps to avoid possible vector attacks of unused libraries. • Backward/downward compatible: New security standards can receive, read, view or play older standards or formats.

##Steps to setup on Physical/Virtual machine.

Step 1: Checking requirements Your Physical/Virtual machine need to meet the minimum requirements:

1. x2 network interfaceS
1. 1 GB of RAM
1. 16 GB of SD or micro SD or virtual booting HD
1. SATA HARDDISK or separate second phzsical or virutual DISK

The way networking works in Librerouter will be:

2 Bridges two interfaces each

1x bridge acts as a WAN
2st bridge acts as LAN

So, we actually have 4 possible PHySICAL scenarios:

WAN is WiFi, LAN is WiFi
WAN is WiFi, LAN is Cabled Ethernet
WAN is Cabled Ethernet, LAN is WiFi
WAN is Cabled Ethernet, LAN is Cabled Ethernet

Step 2: Setup the network.

In this step you need to connect one interface of your machine to Internet, and other one to local network device. Networking of Librerouter has two way to work.

##Server mode**

The way networking works in Librerouter will be:

-1 uniqe fix IP LAN or Bridge> can be WLAN or Cabled Ethernett connected to the existing internet router LAN. Server mode with single LAN interface and not redirecting domains or threating the traffic (not hable to defend against web browsing leaks and malware)

##Bridge mode**

Where the trafic is filtered by dns, and by proxy squid with clamav and ssl bumping, and surikata. Also redirecting dns via TOR and dnssec)

#Step 3. Executing scripts.

In this step you need to download and execute the following scripts on your machine with given order.

1. app-installation-script.sh
1. app-configuration-script.sh
1. app-post configuiration encryption FDE fill disk en cryption
1. Minimun System Wizards
1. Subsystems GUIs

Step 1. Checking user The script should be run by user root, if it was run by another user then it will warn and exit.
Step 2. Checking Platform The all software intended to run on Debian 7/8 or Ubuntu 12.04/14.04, so if script finds another platform it will output an error and exit.
Step 3. Checking Hardware As software can be installed either on odroid or Physical/Virtual machine, in this step we need to determine hardware. If script runs on odroid it should find Processor = ARM Hardware = XU3 or XU4 or C1+ or C2 If script runs on Physical/Virtual machine it should fine Processor = Intel After determining hardware type we can determine the next step. If hardware is Physical/Virtual machine
Step 4. Checking requirements There are a list of minimum requirements that Physical/Virtual machine needs to meet. 2 network interfaces (ethernet or wlan) 1 GB of Physical memory 16 GB of Free disk space If machine meets the requirements then script goes to next step, otherwise it will warn and exit.
Step 5. Getting DHCP client on interfaces In this step script first DHCP request from eth1 to get an ip address. If succeed, it will check for Internet connection and if Internet connection is established this step is done successfully. In any case of failure (no DHCP response or on Internet connection) script will try the same scenario for next interface. Order to try is - eth1, wlan1, eth0, wlan0 (list of available interfaces are available from step 4). Of no success in any interface, then script will warn user to plug the machine to Internet and will exit.
Step 6. Preparing repositories and updating sources In this step script adds repository links for necessary packages into package manager sources and updates them. Script will output an error ant exit if it is not possible to add repositories or update sources.
Step 7. Downloading and Installing packages As we already have repository sources updated in step 6, so at this point script will download and install packages using package manager tools. If something goes wrong during download or installation, script will output an error ant exit. If step 7 finished successfully then test.sh execution for Physical/Virtual machine is finished successfully and it's time to run the next script “app-installation-script.sh”. If hardware is odroid board
Step 4.2. Check if the board assembled. There are list of modules that need to be connected to odroid board, so script will check if that modules are connected. You can fine information about necessary modules here If any module is missed user will get warning and script will exit.
Step 5.2. Configuring bridge interfaces. In this step script will configure 2 bridge interfaces br0 and br1. eth0 and wlan0 will be bridged into interface br0 eth1 and wlan1 will be bridged into interface br1 In ethernet network, br0 should be connected to Internet and br0 to local network. In wireless network, bridge interdace with wore powerful wlan will be connected to Internet and other one to local network. After configuring bridge interfaces script will enable dhcp chient on external network interface and set static ip address 10.0.0.1/8 in internal network interface, and then check the Internet connection. If everything goes fine it will process to next step, otherwise will warn the user to plug the machine to Internet and exit.
Step 6.2. Preparing repositories and updating sources The same as in Physical/Virtual machine case.
Step 7.2. Downloading and Installing packages The same as in Physical/Virtual machine case. If step 7 finished successfully then test.sh execution for odroid board is finished successfully and it's time to run the next script “app-installation-script.sh”.

#Network Flow

####DNS Resolution Explained

Librerouter needs a powerfull DNS resolver to provide a transparent browsing for the user but it need to be outside the centrilzed mafioso models like IANA.

#DNS petitions are processed in this way:

Regular webpages (ex: www.meneame.net) would need to be resolved by decentralized DNS engine like DjDNS. If it can not resolve then we need to ask TOR about but using DNSCRYPT and using services like DIana or Open NIC
Onion domains are resolved to a IP inside range 10.192.0.0/16
I2P domains are always resolved to 10.191.0.1
Local defined domains, forwards to 10.0.0.1
Service replacement (ex: google.com it's replaced by our internal service YaCy) will resolve local ip 10.0.0.25x
Petition Flow: If it's a local service (10.0.0.25x) petition it's forwarded to local Nginx server

Workflow of app-configuration-script.sh Part 1/4: DNS Resolution

This documentation aims to describe DNS resolution process of LibreRouter. There are 3 different DNS servers (Unbound Tor and DjDNS) on LibreRouter that work together us one DNS resolution system, to provide the best open source solutions for anonymity and security.
Here is the list of servers and interfaces/ports DNS servers are listening. Unbound is running on 10.0.0.1:53 Tor is running on 10.0.0.1:9053 DjDNS running on 10.0.0.1:8053 At first any DNS request comes to Unbound, which is the main dns server, then if needed unbound will forward the request to Tor or DjDNS. Lets describe DNS resolution steps in more details. (Please see DNS resolution picture).

Step: 1 Classified domains resolution We have integrated shallalist domains list into unbound, so when DNS request comes at first unbound will check if it’s classified. Classified domain are going to be resolved to local services ip addresses or be blocked. Here is the list of domains

Chat domains – these domains are going to be resolved to IP address 10.0.0.250. We have WebRTC running on 10.0.0.250, so when you type some chat domain you will get WebRTC in your browser.
Search engines – these domains are going to be resolved to IP address 10.0.0.251 by unbound. We have Yacy running on 10.0.0.251, so when you type some search engine domain you will get Yacy in your browser.
Social networks – these domains are going to be resolved to IP address 10.0.0.252 by unbound. We have Friendica running on 10.0.0.252, so when you type some social network domain you will get Friendica in your browser.
Storage - these domains are going to be resolved to IP address 10.0.0.253 by unbound. We have Owncloud running on 10.0.0.253, so when you type some storage domain you will get Owncloud in your browser.
Webmail - these domains are going to be resolved to IP address 10.0.0.254 by unbound. We have Mailpile running on 10.0.0.254, so when you type some storage domain you will get Mailpile in your browser.
Blocking – this group includes tracker, redirector, governmental, spyware domains. - these domains are going to be resolved to IP address 10.0.0.1 by unbound. We have Webmin running on 10.0.0.1, so when you type some storage domain you will get Webmin administration interface in your browser to allow/deny given domain Step: 2 .onion domains resolution If incoming DNS request is for .onion domain then it will be forwarded To Tor DNS server running on 10.0.0.1:9053. Tor DNS server will resolve that request qithin Tor network and resolved ip address will be from 10.192.0.0/16 network. Step: 3 .i2p domains resolution If incoming DNS request is for .i2p domain then it will be resolved to ip address 10.191.0.1 by unbound. Step: 4 Other domains resolution by DjDNS If incoming DNS request in not in classified domains, nor is .onion neither .i2p then dns request will be forwarded to DjDNS server running on 10.0.0.1:8053 Step: 5 Other domains resolution by Tor + DNSSEC This step is tacking place if DjDNS could not resolve other domains resolution request at step 4: This time DNS request again will be forwarded to Tor DNS server (10.0.0.1:9053) but this time with DNSSEC validation.

Unbound dns configuration is implemented by configure_unbound() function. (lines 491-726 of app-configuration-script.sh) Tor dns configuration is implemented by configure_tor() function. (lines 411-474 of app-configuration-script.sh)

##Intelligence IP, Domain Providers:

###Connection Flow 3: Squid Open SSL Tunnel

When user it's using a HTTPS connection to a darknet domain, this traffic it's considered as insecure. On darknet domains, squid will open the SSL tunnel and inspect for possible exploits, virus and attacks to the user. If this connection it's to a HTTPS regular domain, this SSL tunnel will be not open nor inspected. Will be routed directly to the internet (ex: https://yourbank.com)

###Connection Flow 4: Squid Content Filtering Virus & Anonymous HTTP Headers

Content filtering will be done if it's a HTTPS open SSL tunnel, or a regular HTTP petition.

Squid will do mainly two process of it.

With I-cmp/clamav plugin, filter all possible viruses.
Remove from HTTP headers all possible identification to you. Connection Flow 5: IPS & Exploits: Suricata

If traffic it's a HTTPS open SSL tunnel (only in darknet domains), or a regular HTTP petition, then Suricata will inspect traffic, too.

Suricata will be configured with rules to avoid, mainly, browser exploits (usually in darknets, to take control of browser).

Loading VRT ruleset from snort and other IPS.

Connection Flow 6: Connection to Outside

If connection pass all blocks and Connection Flow filters, then this petition can reach the internet. Otherwise will be blocked. And will reach in this way

I2P domains/eepSite (ex: i2p2.i2p) will be redirected to I2P
SSL Regular domains (ex: https://yourbank.com) will reach te internet directly (remember no regular connections if you don't allow)
Hidden services (ex: asdf1234.onion) will go through TOR
HTTP (ex: http://news.com) will go through TOR to the internet site Access from outside model (Bypass Router / Closed Ports

There's a first version of Superbrowser for linux 32bit. It's needed to have Java installed

https://cloud.Librerouter.com:8083/public.php?service=files&t=6eacefffe8443befe42af8114988c474

There's a first version of Superbrowser for windows 32bit. It doens't have I2P network conneciton

https://cloud.Librerouter.com:8083/public.php?service=files&t=8d6e823f6d24dd12605084084299e0fb

#Steps to setup on LibreRouter on A20-OLinuXIno-LIME2 and assemble it.**

There are several seperate modules that need to be connected to A20-OLinuXIno-LIME2.

#Steps to setup on LibreRouter in an Banapi Router and assemble it.**

There are several seperate modules that need to be connected to A20-OLinuXIno-LIME2.

#Steps to setup on LibreRouter in an Explained and assemble it.**

There are several seperate modules that need to be connected to A20-OLinuXIno-LIME2.

#Steps to setup on LibreRouter in an IM6REX and assemble it.**

There are several seperate modules that need to be connected to A20-OLinuXIno-LIME2.

#Executing scripts.

In this step you need to download and execute the following scripts on your machine with given order.

#Workflow of scripts.

##1. app-installation-script.sh (Initialization script)**

Script workflow

Check User

You need to run script as root user

Check Platform

Platform should be Debian 7/8, Ubuntu 12.04/14.04, Trisquel 7.0

Check Hardware

If you are running this script on odroid it should detect Intel processor

Check Requirements (Only for Physical/Virtual machine)

Machine should match the requirements mentioned above

Check Internet

Check Internet connection

Check If Assembled (Only gor LibreRouter)

All neccessary modules should be connected to odroid board

Configure Bridge Interfaces (Only for LibreRouter)

eth0 and wlan0 will be bridged into interface br0
eth1 and wlan1 will be bridged into interface br1
In ethernet network, br0 should be connected to Internet and br0 to local network
In wireless network, bridge interdace with wore powerful wlan will be connected to Internet and other one to local network

Prepare perositories

Update repositories for necessary packages

Download packages

Download necessary packages

Install packages

Install necessary packages

add diagram of the installation script upgraded

#app-configuration-script.sh (Parametrization script)**

It aims to configure all the packages and services.

Check User

You need to run script as root user

Get variables

Get variables values defined by app-installation-script.sh

Configure network interfaces

External interface will be configured to get ip dinamically
Internal interface will be configured with static ip address 10.0.0.1/24 There are also 4 virtual interfaces
:1 10.0.0.251/24 for Yacy services
:2 10.0.0.252/24 for Friendica services
:3 10.0.0.253/24 for Owncloud services
:4 10.0.0.254/24 for Mailpile services

Configure DNS resolution

Unbound DNS will be configured to listed 10.0.0.1:53
Tor DNS will be configured to listed 10.0.0.1:9053
DjDNS will be configured to listed 10.0.0.1:8053

##DNS resolution process.

###Classified domains

Search engines - will be resolved to ip address 10.0.0.251 (Yacy) by unbound.
Social networks - will be resolved to ip address 10.0.0.252 (friendics) by unbound.
Storages - Will be resolved to ip address 10.0.0.253 (Owncloud) by unbound.
Webmails - Will be resolved to ip address 10.0.0.254 (MailPile) by unbound.

###Local, i2p and onion domains

.local - will be resolved to local ip address (10.0.0.0/24 network) by unbound.
.i2p - will be resolved to ip address 10.191.0.1 by unbound.
.onion - unbound will forward this zone to Tor DNS running on 10.0.0.1:9053

###Other domain names

Any other domain name will be resolved by DjDNS,P2P or OpenNIC with CryptoDNS.

Configure Reverse proxy

License

You can check out the full license here

This project is licensed under the terms of the GNU GPL V2 license.

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// This wizard should ask the customer about and is pending in the project to be developed: -a) Do you want your protect your privacy or just user Librerouter services? if yes then mode bridge if not then mode equals server. -b) Mode Transparent firewall Bridge:

Lets configure the Internet access (WAN)

Do you want to conect your Librerouter to your Internet router via cable or WLAN?

```
    if WLAN
```

Please specify your internet router SSID Please specify your encryption methods WPA or WPA2 WEP not allowed no encryption not allowed Please specifiy your SSID password The daemon should check the conection getting up If not especify error conditions

if Cable:

*If Cable and DHCP: Please specify if you would use fix IP or DHCP client? If DHCP Then setup dhcp client in the interface and try to receive IP The daemon should check the conection getting up If not especify error conditions

If Cable and FIX IP address: *Please provide the IP address Please provide the default GW Please provide the DNS server Trying ping against the IPs If correct finish The daemon should check the conections answers If not especify error conditions

Lets configure the Internal access (LAN Intranet) -Do you want to setup your internal protected network via cable or WLAN?

If WLAN then: -Please specify your internal new WLAN name SSID Please specifiy your SSID WPA2 CCMP password The daemon should check the connection getting up If not especify error conditions The IP addresses are 10.0.0.1 forced (if the guy another then hack the box)

if Cable then: -Please be aware we use this internal range: 10.0.0.100 to 200 Gateway 10.0.0.1 and DNS -Please plug a cable Detecting link Link up Now your connected

c) Mode Server only WAN external bridge will be used and then all WLAN and ETH will be all 4 interfaces in the same Bridge NIC logical interface.Do you want to use a cable or want Librerouter connect to your router or switch?

if WLAN

if Cable: If Cable and DHCP: Please specify if you would use fix IP or DHCP client? If DHCP Then setup dhcp client in the interface and try to receive IP The daemon should check the connection getting up If not specify error conditions

If Cable and FIX IP address: Please provide the IP address Please provide the default GW Please provide the DNS server Trying ping against the IPs If correct finish The daemon should check the connections answers If not specify error conditions /////////////////////////////////////////////////////////////////////////////////////////////////// mode 2

Do you want to use a cable or want librerouter connect to your router or switch?

if WLAN

if Cable:

If Cable and DHCP:

Please specify if you would use fix IP or DHCP client? If DHCP Then setup dhcp client in the interface and try to receive IP The daemon should check the connection getting up If not specify error conditions

If Cable and FIX IP address:

Please provide the IP address Please provide the default GW Please provide the DNS server Trying ping against the IPs If correct finish The daemon should check the connections answers If not specify error conditions

Kernel & Forensics Threat CageOS Protection Several Exploit GrSecurity Memory-based protection schemes PaX Mandatory access control scheme SELinux Cold Boot Attack TRESOR Potentially hostile/injected code from non-code containing memory pages KERNEXEC System Threat CageOS Protection Toolchain compilation (fortify) libc patches MAC Spoof MAC Address randomizer Hardware Serial number identification HDD/RAM serial number changer Vulnerable on bootloader Bootloader password protection Vulnerable on boot partition modifications /boot partition Read only. Needed to change only on kernel upgrades SSH root login directly Disable SSH root login Physical reboot Disable control+alt+del on inittab & /etc/acpi/powerbtn-acpi-support.sh Brute force attack on services Fail2Ban ICMP Flood Protection IPTables not answer ICMP requests Network accept all port connection IPTables DROP policy by default Virus infection on other network OS Clamav Intrusion Detection System Suricata Hidden software exploits RKHunter Software security holes Debian Security repositories Untrusted Cronjobs Block cronjobs for everybody in cron.deny Binaries with root permission Disable unwanted SUID/SGID binaries Insecure network programs Block rlogink,telnet,tftp,ftp,rsh,rexec IP spoof sysctl hardening configuration IP spoof Darknet preconfigure TOR extra security SocksPort 9050 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddr DNS leak protection Usage of OpenNIC Hidden code on apps Verifiable builds Take advantage of already logged in sessions Bash usage of VLOCK and/or TMOUT to protect your bash login Direct access to HDD data Full disk LUKS encryption Exploits of shared resources & hardware Docker SSH Old protocol weak SSH only protocol V2 allowed Computer stealing Secured&encrypted backup on decentralized storage grid Rootkit Use OpenSource & RKHunter Software backdoor Use OpenSource Hardware backdoor Use OpenHardware Packet Sniffing Using HTTPS Everywhere Security Responsible for building Tor circuits Tor client running on Librerouter Exploit Quantum protection Yes, suricata Intrusion Prevention System Yes Browser exploit protection Yes Protection against IP/location discovery Yes & agent Workstation does not have to trust Gateway No IP/DNS protocol leak protection Only if you configure manually Updates Operating System Updates Persist once updated Update Notifications Yes on LED and TFT display Important news notifications Yes on LED and TFT display Decentralized System Updates Using APT P2P Fingerprint Network/web Fingerprint Maximum possible protection with Agent (pc (windows/linux/mac) & mobile (android/ios) Clearnet traffic Routing model it's described in Network page Surf the deepweb with regular browser Yes but not recommended Randomized update notifications Yes Privacy Enhanced Browser Yes, Tor Browser with patches Hides your time zone (set to UTC) Yes Secure gpg.conf Yes Enable secure SSH access Yes, through physical TFT with external network disconnect Auto Disable logins Only logins are possible on configuration mode, activated through physical TFT with external network disconnect Internet of the Things protection Yes, it's described in Network page Misc HTTP Header Anonymous Yes Big clock skew attack against NTP Tot blocked VPN Support Configurable through TFT Ad-bloking track protection Yes Root password configuration Yes, mandatory on first boot and later on TFT configuration panel Wifi password configuratio Yes, manadatory on first boot and later on TFT configuration panel Internal WIFI device without password or WEP encryption No

paisakya / librekernel Goto Github PK

librekernel's Introduction

Can u define the project in a line here ?

Is there are any similar projects like this ?

is their any demo showing that it is acutally did what is claimed ?

3 ways to have Linux with no blobs:

Libre or not libre libraries in the App##

Software APPs and their Dependencies Status

Service The descentralized Social networkNetwork

Service The descentralized Video Conference

Configure Reverse proxy

License

librekernel's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent