-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1954ca9
commit 240bd92
Showing
12 changed files
with
229 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| FROM alpine:3.18 AS BUILDER | ||
|
|
||
| RUN apk add openssl-dev libnl3-dev linux-headers git alpine-sdk | ||
|
|
||
| COPY --chmod=755 build.sh /build.sh | ||
|
|
||
| WORKDIR /hostapd-mana | ||
| RUN git clone https://github.com/sensepost/hostapd-mana . &&\ | ||
| git checkout 1302a7204d9118efa0668df1924c938dbe8d1b11 | ||
|
|
||
| WORKDIR /hostapd-mana/hostapd | ||
| RUN /build.sh | ||
|
|
||
|
|
||
| FROM alpine:3.18 | ||
|
|
||
| RUN apk add libnl3 libssl3 | ||
|
|
||
| COPY --from=BUILDER /hostapd-mana/hostapd/hostapd_cli /usr/bin/hostapd-mana_cli | ||
| COPY --from=BUILDER /hostapd-mana/hostapd/hostapd /usr/sbin/hostapd-mana | ||
| COPY --from=BUILDER /hostapd-mana/hostapd/nt_password_hash /usr/bin/nt_password_hash | ||
|
|
||
| WORKDIR /hostapd_configs | ||
|
|
||
| COPY --chmod=755 /hostapd_configs/hostapd.conf.template /hostapd_configs/hostapd.conf.template | ||
| COPY --chmod=755 /hostapd_configs/hostapd.radius_client.template /hostapd_configs/hostapd.radius_client.template | ||
| COPY /hostapd_configs/hostapd.eap_user /hostapd_configs/hostapd.eap_user | ||
|
|
||
| COPY certs /certs | ||
| COPY output /output | ||
|
|
||
| COPY --chmod=755 entrypoint.sh /entrypoint.sh | ||
|
|
||
| ENTRYPOINT ["/entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,48 @@ | ||
| # hostapd-docker | ||
| # hostapd-mana RADIUS Docker | ||
|
|
||
| Quick Alpine Hostapd Docker | ||
|
|
||
|
|
||
| ## Get certificate to use: | ||
|
|
||
| https://go-acme.github.io/lego/usage/cli/obtain-a-certificate/ | ||
|
|
||
| https://go-acme.github.io/lego/dns/cloudflare/ | ||
|
|
||
|
|
||
|  | ||
|
|
||
|
|
||
|
|
||
| example: | ||
| ``` | ||
| docker run --rm -it -v certs:/.lego/certificates \ | ||
| -e "[email protected]" \ | ||
| -e "CF_DNS_API_TOKEN=PLtbXXXXXXXXXXXXXXXVRqda" \ | ||
| goacme/lego --email "[email protected]" --dns cloudflare --domains "wifi.example.com" -a run | ||
| ``` | ||
|
|
||
| ## Create RADIUS server | ||
|
|
||
|
|
||
|
|
||
| ## Use RADIUS server | ||
|
|
||
|
|
||
| Point Access Point or hostapd to your RADIUS server | ||
|
|
||
| ### hostapd | ||
|
|
||
| ``` | ||
| eap_server=0 | ||
| auth_server_addr=127.0.0.1 | ||
| auth_server_port=1812 | ||
| auth_server_shared_secret=P@ssw0rd | ||
| ``` | ||
|
|
||
| -p 1813:1813/udp -p 1812:1812/udp | ||
|
|
||
|  | ||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| #!/bin/sh | ||
|
|
||
| # Stolen from https://git.alpinelinux.org/aports/tree/main/hostapd/APKBUILD | ||
| { sed \ | ||
| -e '/^#CONFIG_DRIVER_NL80211=y/s/^#//' \ | ||
| -e '/^#CONFIG_RADIUS_SERVER=y/s/^#//' \ | ||
| -e '/^#CONFIG_DRIVER_WIRED=y/s/^#//' \ | ||
| -e '/^#CONFIG_DRIVER_NONE=y/s/^#//' \ | ||
| -e '/^#CONFIG_IEEE80211N=y/s/^#//' \ | ||
| -e '/^#CONFIG_IEEE80211R=y/s/^#//' \ | ||
| -e '/^#CONFIG_IEEE80211AC=y/s/^#//' \ | ||
| -e '/^#CONFIG_IEEE80211AX=y/s/^#//' \ | ||
| -e '/^#CONFIG_FULL_DYNAMIC_VLAN=y/s/^#//' \ | ||
| -e '/^#CONFIG_LIBNL32=y/s/^#//' \ | ||
| -e '/^#CONFIG_ACS=y/s/^#//' \ | ||
| -e '/^#CONFIG_WEP=y/s/^#//' \ | ||
| -e '/^#CONFIG_SAE=y/s/^#//' \ | ||
| defconfig | ||
| echo "CC ?= ${CC:-gcc}" | ||
| echo "CFLAGS += -I/usr/include/libnl3" | ||
| echo "LIBS += -L/usr/lib" | ||
| } >> .config | ||
|
|
||
| CFLAGS="$CFLAGS -flto=auto" make all nt_password_hash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIDmjCCAoICCQDPrwm5Ys8s+DANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC | ||
| VUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRIwEAYDVQQKDAlT | ||
| ZW5zZVBvc3QxCzAJBgNVBAsMAklUMRkwFwYDVQQDDBB3aWZpLmV4YW1wbGUuY29t | ||
| MSEwHwYJKoZIhvcNAQkBFhJ0ZXN0ZXJAZXhhbXBsZS5jb20wHhcNMjMwNjI4MTM1 | ||
| MTIyWhcNMjMwNzI4MTM1MTIyWjCBjjELMAkGA1UEBhMCVUsxDzANBgNVBAgMBkxv | ||
| bmRvbjEPMA0GA1UEBwwGTG9uZG9uMRIwEAYDVQQKDAlTZW5zZVBvc3QxCzAJBgNV | ||
| BAsMAklUMRkwFwYDVQQDDBB3aWZpLmV4YW1wbGUuY29tMSEwHwYJKoZIhvcNAQkB | ||
| FhJ0ZXN0ZXJAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK | ||
| AoIBAQCdnyzcwaAkchow7+2Y07ozcqHACx33UKXqroQQtSfngnFd/1H6Q1ILYGiE | ||
| Mh0ctt/6hD0EKmSVF9qhivmu4q7oMqpIPb49NSkgt4Diu+K9YXhG/rtItpw6hTs2 | ||
| jXYXqK3p76ngczKoW997VGAFDkxADFRC2lzERKu02KF0fOQIzTLueVMYDGFqkSx4 | ||
| Z9ovT+AXqz9XqQnvHDN00NCUA7XDZfkqqJYXtGrq6SPbkwQkqURw73lxr74LMwJC | ||
| zbGwVV9Amp2lS4m2qfCF3Q4hy0ydPkcw5EvxkwNiaeUJTn86QI52VRybG6rQb9Jj | ||
| 1QnJgOlRy4voaKpAjRSbAwsqimNXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAF53 | ||
| xqQeQNvYIpf/vIsQMWU/77eWS5PmRnDN1rc+OrPE3AnTFavX7cT32trAX3LjDXS8 | ||
| PrzKxfSntLcBKL6wbCQfdmfUU8tTcM109uKTH18Z46OF8sQ710ogt1u+0ZXPDN5G | ||
| wpLhufdnACgrk3YavcVo7rAM2VbPZauEExaxAVBuZ6AgPRzOr51M5nIf/Re7i6ow | ||
| XMm+Q2IqEehjVmj9BBwgEfKyoskWnbegEzwCfxkGt5OaeiPlJ9yyNl49fCwo97ZF | ||
| Bdi+HW8tfKP5lzIlTXY73JuurG1SYS4lKuX/M4vwQWuUA4lfGizfl/3R8/kiiKxm | ||
| 4rYgLjp/Qw2OSd7XcGo= | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIDmjCCAoICCQDPrwm5Ys8s+DANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC | ||
| VUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRIwEAYDVQQKDAlT | ||
| ZW5zZVBvc3QxCzAJBgNVBAsMAklUMRkwFwYDVQQDDBB3aWZpLmV4YW1wbGUuY29t | ||
| MSEwHwYJKoZIhvcNAQkBFhJ0ZXN0ZXJAZXhhbXBsZS5jb20wHhcNMjMwNjI4MTM1 | ||
| MTIyWhcNMjMwNzI4MTM1MTIyWjCBjjELMAkGA1UEBhMCVUsxDzANBgNVBAgMBkxv | ||
| bmRvbjEPMA0GA1UEBwwGTG9uZG9uMRIwEAYDVQQKDAlTZW5zZVBvc3QxCzAJBgNV | ||
| BAsMAklUMRkwFwYDVQQDDBB3aWZpLmV4YW1wbGUuY29tMSEwHwYJKoZIhvcNAQkB | ||
| FhJ0ZXN0ZXJAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK | ||
| AoIBAQCdnyzcwaAkchow7+2Y07ozcqHACx33UKXqroQQtSfngnFd/1H6Q1ILYGiE | ||
| Mh0ctt/6hD0EKmSVF9qhivmu4q7oMqpIPb49NSkgt4Diu+K9YXhG/rtItpw6hTs2 | ||
| jXYXqK3p76ngczKoW997VGAFDkxADFRC2lzERKu02KF0fOQIzTLueVMYDGFqkSx4 | ||
| Z9ovT+AXqz9XqQnvHDN00NCUA7XDZfkqqJYXtGrq6SPbkwQkqURw73lxr74LMwJC | ||
| zbGwVV9Amp2lS4m2qfCF3Q4hy0ydPkcw5EvxkwNiaeUJTn86QI52VRybG6rQb9Jj | ||
| 1QnJgOlRy4voaKpAjRSbAwsqimNXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAF53 | ||
| xqQeQNvYIpf/vIsQMWU/77eWS5PmRnDN1rc+OrPE3AnTFavX7cT32trAX3LjDXS8 | ||
| PrzKxfSntLcBKL6wbCQfdmfUU8tTcM109uKTH18Z46OF8sQ710ogt1u+0ZXPDN5G | ||
| wpLhufdnACgrk3YavcVo7rAM2VbPZauEExaxAVBuZ6AgPRzOr51M5nIf/Re7i6ow | ||
| XMm+Q2IqEehjVmj9BBwgEfKyoskWnbegEzwCfxkGt5OaeiPlJ9yyNl49fCwo97ZF | ||
| Bdi+HW8tfKP5lzIlTXY73JuurG1SYS4lKuX/M4vwQWuUA4lfGizfl/3R8/kiiKxm | ||
| 4rYgLjp/Qw2OSd7XcGo= | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| -----BEGIN PRIVATE KEY----- | ||
| MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCdnyzcwaAkchow | ||
| 7+2Y07ozcqHACx33UKXqroQQtSfngnFd/1H6Q1ILYGiEMh0ctt/6hD0EKmSVF9qh | ||
| ivmu4q7oMqpIPb49NSkgt4Diu+K9YXhG/rtItpw6hTs2jXYXqK3p76ngczKoW997 | ||
| VGAFDkxADFRC2lzERKu02KF0fOQIzTLueVMYDGFqkSx4Z9ovT+AXqz9XqQnvHDN0 | ||
| 0NCUA7XDZfkqqJYXtGrq6SPbkwQkqURw73lxr74LMwJCzbGwVV9Amp2lS4m2qfCF | ||
| 3Q4hy0ydPkcw5EvxkwNiaeUJTn86QI52VRybG6rQb9Jj1QnJgOlRy4voaKpAjRSb | ||
| AwsqimNXAgMBAAECggEAUW3HHnDFS67KyxdYVsii/CsvVugnXfoDDR+FSKBd8iMY | ||
| cCgT8MdQnmH6/LhrA8eSJHimkP1ZoxCEuUnzvZ6MH5b1E4caPcK18Zn7cqb/9zhg | ||
| i8TTejgks7LaqU8hgA17c0yGJVc+B24XIT6wsEv3pmr4KOVoYVjcn/v+RRC0ObsA | ||
| 8lzOJ0bN7e/sQrhEgm6JJ+qFZHvmBAScGeWPmhxGYVkoizcyZ0fzj39OobQk4Yeu | ||
| zdcPkFAYP1J9EwC+pWw6jWCijSYT7hEVz/fuezINUXKlhR7oVMxYFtOlgGlZ5aNl | ||
| fVRsjOt6aT+rgAFhaNfLBjLJaaEMUyk9cXvaWzdHoQKBgQDQOC/OyKnN2bHWo8jh | ||
| kD7b1gBJNrvxv9p5EWnxfwooA8bbfc1+gd2tS5Kx507mkBa2+lvBRBniGia0Nngr | ||
| M653Sz+Wy4+6v82U4G0v8gR5ly/AWSeusiieUleDp7wDlLpXHoM187Doa6++5gN/ | ||
| jRBjIkrwSp1Angh9n9OVfqup8QKBgQDByqLi8CTzc5yTaWoCvZNcJQdEMrcqA7rM | ||
| HZGr8qunhR3KLIV06tTtXjqkPmPtwCaqqw94hHOBGweox24cCAVt0zr7nb7qX2MK | ||
| C5Nm98/k1Yd2BVHx3hMzIJKGfbs0kj2wJJ+ke7KoC3eFSFqk8rs2/z2WlcTGNIc7 | ||
| S8czBMzZxwKBgGtygyEnJZDnZMEJVdEoWXeiEBW32/addUUCenQ3hWsuv8BmQ9Oj | ||
| elxB4lpRrcKG2mHkAdNSrDSkIBLhBNPuYHqI5zCOrQXGknTf9xhFwI9qOCb/Gt4o | ||
| a5N/lE+JEBmc9yebxEPkFAdsAo31Lhr1FV7CxH8JUeqVYnZJMqszaaxRAoGBAJAq | ||
| IPbWU4bQsOBxAS48vY1E9pzjZaNZ1vLV5HKYOt6KhtjKOhX6RKC5AsMArvJFif5Y | ||
| 909eqVaYNyB2DBHKXc+P3kck2MweXd0xM1zcacoAl59S4d0eqgXU62wlyMiZKk8J | ||
| T8HbS9L7hNSgON6QvHlzc+u8SwBwP1H7U5s+rO4tAoGBAIS9TGLP0XQIQS3aeI5O | ||
| brlvEwuGu3mTqQk2lisPsKQgG3K/27vR7FmWR6IOcjuT5DwQJxLdg5eMK858XKEe | ||
| liczW2Wg1mroCJHGTmZH0ksJ4lKsANXNmtnP2AZWBeED90A2psihnkA2eOL4SQ8v | ||
| vECbqT+v3y9zstztkB8Ts39/ | ||
| -----END PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| #!/bin/sh | ||
|
|
||
| # defaults | ||
| password=P@ssw0rd | ||
| range=0.0.0.0/0 | ||
| domain=example.com | ||
|
|
||
| domain=wifi.example.com /hostapd_configs/hostapd.conf.template > /hostapd_configs/hostapd.conf | ||
|
|
||
| password=P@ssw0rd range=0.0.0.0/0 /hostapd_configs/hostapd.radius_client.template > /hostapd_configs/hostapd.radius_client | ||
|
|
||
|
|
||
| # Add flag for verbosity | ||
| hostapd-mana /hostapd_configs/hostapd.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| #!/bin/sh | ||
|
|
||
| cat <<END | ||
| driver=none | ||
| logger_syslog=-1 | ||
| logger_syslog_level=4 | ||
| logger_stdout=-1 | ||
| logger_stdout_level=4 | ||
| # we _do_ want to handle EAP please | ||
| eap_server=1 | ||
| eap_user_file=/hostapd_configs/hostapd.eap_user | ||
| # and we want to be a radius server | ||
| radius_server_clients=/hostapd_configs/hostapd.radius_client | ||
| radius_server_auth_port=1812 | ||
| radius_server_acct_port=1813 | ||
| # we have some certs we'll generate | ||
| ca_cert=/certs/$domain.issuer.crt | ||
| server_cert=/certs/$domain.crt | ||
| private_key=/certs/$domain.key | ||
| mana_wpe=1 | ||
| mana_credout=/output/hostapd.credout | ||
| END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Hostapd-manas default EAP User file to try accept as many creds as possible | ||
|
|
||
| * PEAP,TTLS,TLS,MD5,GTC | ||
| * TTLS-MSCHAPV2,MSCHAPV2,MD5,GTC,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP "1234test" [2] | ||
| "t" TTLS-MSCHAPV2,MSCHAPV2,MD5,GTC,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP "1234test" [2] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| #!/bin/sh | ||
|
|
||
| cat <<END | ||
| # RADIUS client configuration for the RADIUS server | ||
| $range $password | ||
| END |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.