Installazione ed impostazione chiavi
Lato server
apt install wireguardDal file /etc/sysctl.d/99-sysctl.con decommentare la seguete riga:
net.ipv4.ip_forward=1Ed eseguire le seguenti operazioni che caricano la modifica e creano chiave pubblica e privata lato server:
sysctl -w net.ipv4.ip_forward=1
umask 077 ; wg genkey > /etc/wireguard/server_priv.key
wg pubkey < /etc/wireguard/server_priv.key > /etc/wireguard/server_pub.keyLato client (Arch)
sudo pacman -S wireguard-tools
sudo bash -c "umask 077 ; wg genkey > /etc/wireguard/client_priv.key"
sudo bash -c "wg pubkey < /etc/wireguard/client_priv.key > /etc/wireguard/client_pub.key"Configurazione
Lato server
Creo il file /etc/wireguard/wg0.conf inserendo il seguente contenuto (ho configurato anche un ip per collegarmi tramite cellulare):
[Interface]
Address = 172.16.0.1/24
ListenPort = 51820
PrivateKey = '*******************************************='
# Firewall rules
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enx3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enx3 -j MASQUERADE
[Peer]
# Client #1 details - Arch
PublicKey = '*******************************************='
# Traffic to route to this client
AllowedIPs = 172.16.0.2/32
[Peer]
# Client #1 details - Pixel8a
PublicKey = '*******************************************='
# Traffic to route to this client
AllowedIPs = 172.16.0.3/32Ora posso fare partire la VPN lato server:
systemctl enable --now wg-quick@wg0.serviceLato client (Arch)
Come utente root devo creare il file /etc/wireguard/myvpn.conf inserendo il seguente contenuto:
[Interface]
Address = 172.16.0.2/24
PrivateKey = '*******************************************='
# Set to your desired DNS server
# DNS = 9.9.9.9
[Peer]
PublicKey = '*******************************************='
# Endpoint (server) can be a domain name or IP address
Endpoint = 195.231.80.77:51820
# Traffic to route to server
AllowedIPs = 0.0.0.0/0, ::/0Ora posso attivare/disattivare la VPN anche lato client.
sudo wg-quick up myvpn
sudo wg-quick down myvpnQuello che vedranno tutti sarà l’indirizzo ip del VPS.
ClamAV
apt install clamav clamav-daemon
systemctl stop clamav-freshclam
freshclam
systemctl start clamav-freshclam
systemctl enable clamav-freshclam
clamscan -r /path/to/dir
clamscan --infected --remove --recursive /path/to/dir
clamscan --infected --recursive --exclude-dir="^/sys" /