Added new repo and packages
This commit is contained in:
parent
e6ae67e2be
commit
0ba5f3b6bd
|
|
@ -54,26 +54,26 @@ echo "--------------------------------------"
|
|||
|
||||
# disk prep
|
||||
|
||||
mkfs.ext3/dev/hda
|
||||
mkfs.ext3/dev/sda1
|
||||
mkfs.ext3/dev/sda2
|
||||
mkfs.ext3/dev/sda3
|
||||
mkfs.ext3/dev/${DISK}
|
||||
#mkfs.ext3/dev/hda
|
||||
#mkfs.ext3/dev/sda1
|
||||
#mkfs.ext3/dev/sda2
|
||||
#mkfs.ext3/dev/sda3
|
||||
#mkfs.ext3/dev/${DISK}
|
||||
|
||||
cryptluks > /dev/sda
|
||||
cryptluks > /dev/sda1
|
||||
cryptluks > /dev/sda2
|
||||
cryptluks > /dev/nvme0
|
||||
cryptluks > /dev/mvme1
|
||||
#cryptluks > /dev/sda
|
||||
#cryptluks > /dev/sda1
|
||||
#cryptluks > /dev/sda2
|
||||
#cryptluks > /dev/nvme0
|
||||
#cryptluks > /dev/mvme1
|
||||
|
||||
dd if=/dev/zero of=/dev/${DISK} bs=512 count=1
|
||||
dd if=/dev/zero of=/dev/sda1 bs=512 count=1
|
||||
dd if=/dev/zero of=/dev/sda2 bs=512 count=1
|
||||
dd if=/dev/zero of=/dev/sda3 bs=512 count=1
|
||||
#dd if=/dev/zero of=/dev/${DISK} bs=512 count=1
|
||||
#dd if=/dev/zero of=/dev/sda1 bs=512 count=1
|
||||
#dd if=/dev/zero of=/dev/sda2 bs=512 count=1
|
||||
#dd if=/dev/zero of=/dev/sda3 bs=512 count=1
|
||||
|
||||
dd if=/dev/zero of=/dev/nvme0 bs=512 count=1
|
||||
dd if=/dev/zero of=/dev/nvme1 bs=512 count=1
|
||||
dd if=/dev/zero of=/dev/nvme2 bs=512 count=1
|
||||
#dd if=/dev/zero of=/dev/nvme0 bs=512 count=1
|
||||
#dd if=/dev/zero of=/dev/nvme1 bs=512 count=1
|
||||
#dd if=/dev/zero of=/dev/nvme2 bs=512 count=1
|
||||
|
||||
sgdisk -Z ${DISK} # zap all on disk
|
||||
#dd if=/dev/zero of=${DISK} bs=1M count=200 conv=fdatasync status=progress
|
||||
|
|
|
|||
|
|
@ -65,9 +65,11 @@ PKGS=(
|
|||
'xorg-xinit'
|
||||
'xterm'
|
||||
'plasma-desktop' # KDE Load second
|
||||
#-------------------------------------#
|
||||
'alsa-plugins' # audio plugins
|
||||
'alsa-utils' # audio utils
|
||||
'apparmor' # Security module
|
||||
'appimagelauncher'
|
||||
'ark' # compression
|
||||
'audiocd-kio'
|
||||
'autoconf' # build
|
||||
|
|
@ -98,6 +100,7 @@ PKGS=(
|
|||
'element-desktop-git' # Matrix client
|
||||
'exfat-utils'
|
||||
'fail2ban' # Intrusion prevention
|
||||
'flameshot
|
||||
'flex'
|
||||
'fuse2'
|
||||
'fuse3'
|
||||
|
|
@ -108,6 +111,7 @@ PKGS=(
|
|||
'gcc'
|
||||
'gimp' # Photo editing
|
||||
'git'
|
||||
'gitkraken'
|
||||
'gparted' # partition management
|
||||
'gptfdisk'
|
||||
'grub'
|
||||
|
|
@ -139,6 +143,7 @@ PKGS=(
|
|||
'nano'
|
||||
'neofetch'
|
||||
'networkmanager'
|
||||
'nodejs'
|
||||
'ntfs-3g'
|
||||
'okular'
|
||||
'openbsd-netcat'
|
||||
|
|
@ -186,6 +191,7 @@ PKGS=(
|
|||
'xdg-desktop-portal-kde'
|
||||
'xdg-user-dirs'
|
||||
'zeroconf-ioslave'
|
||||
'zulucrypt'
|
||||
'zip'
|
||||
'zsh'
|
||||
'zsh-syntax-highlighting'
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ PKGS=(
|
|||
'dxvk-bin' # DXVK DirectX to Vulcan
|
||||
'firefox'
|
||||
'github-desktop-bin' # Github Desktop sync
|
||||
'intellij-idea-community-edition'
|
||||
'lightly-git'
|
||||
'mangohud' # Gaming FPS Counter
|
||||
'mangohud-common'
|
||||
|
|
@ -42,8 +43,11 @@ PKGS=(
|
|||
'nordic-theme'
|
||||
'noto-fonts-emoji'
|
||||
'papirus-icon-theme'
|
||||
'playonlinux' # Wine frontend
|
||||
'pidgin'
|
||||
'plasma-pa'
|
||||
'ocs-url' # install packages from websites
|
||||
'ungoogled-chromium'
|
||||
'sddm-nordic-theme-git'
|
||||
'snapper-gui-git'
|
||||
'ttf-droid'
|
||||
|
|
@ -52,6 +56,7 @@ PKGS=(
|
|||
'ttf-roboto'
|
||||
'zoom' # video conferences
|
||||
'snap-pac'
|
||||
'youtube-dl-gui-git'
|
||||
)
|
||||
|
||||
for PKG in "${PKGS[@]}"; do
|
||||
|
|
|
|||
|
|
@ -24,6 +24,32 @@ sudo cat <<EOF > /etc/sddm.conf
|
|||
Current=Nordic
|
||||
EOF
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
|
||||
sudo ufw limit 22/tcp
|
||||
sudo ufw allow 80/tcp
|
||||
sudo ufw allow 443/tcp
|
||||
sudo ufw default deny incoming
|
||||
sudo ufw default allow outgoing
|
||||
|
||||
# --- Harden /etc/sysctl.conf
|
||||
sudo sysctl kernel.modules_disabled=1
|
||||
sudo sysctl -a
|
||||
sudo sysctl -A
|
||||
sudo sysctl mib
|
||||
sudo sysctl net.ipv4.conf.all.rp_filter
|
||||
sudo sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
|
||||
|
||||
# --- PREVENT IP SPOOFS
|
||||
cat <<EOF > /etc/host.conf
|
||||
order bind,hosts
|
||||
multi on
|
||||
EOF
|
||||
|
||||
# --- Enable fail2ban
|
||||
sudo cp fail2ban.local /etc/fail2ban/
|
||||
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
|
||||
echo -e "\nEnabling essential services"
|
||||
|
|
@ -37,4 +63,5 @@ sudo systemctl enable NetworkManager.service
|
|||
sudo systemctl enable bluetooth
|
||||
sudo systemctl enable ufw
|
||||
sudo systemctl enable fail2ban
|
||||
sudo systemctl start fail2ban
|
||||
#sudo systemctl enable --now portmaster
|
||||
|
|
|
|||
|
|
@ -11,22 +11,56 @@
|
|||
#
|
||||
#------------------------------------------------------------------------------------
|
||||
|
||||
echo -e "\nFINAL SETUP AND CONFIGURATION"
|
||||
echo -e "\nFINAL SETUP AND CONFIGURATION\n"
|
||||
|
||||
ehco -e"\nInstalling black arch repository\n"
|
||||
|
||||
#mkdir $HOME/blackarch
|
||||
#cp /root/BetterArch/dotfiles/blackarch/strap.sh $HOME/blackarch
|
||||
#cd $HOME/blackarch
|
||||
#chmod +x strap.sh
|
||||
#sudo pacman -Syu
|
||||
|
||||
mkdir blackman
|
||||
cd blackman
|
||||
wget https://raw.github.com/BlackArch/blackarch/master/packages/blackman/PKGBUILD
|
||||
makepkg -s
|
||||
|
||||
echo -e "\nInstalling penetration testing tools"
|
||||
|
||||
PKGS=(
|
||||
'3proxy'
|
||||
'a2sv'
|
||||
'airgeddon-git' # Audit wireless networks
|
||||
'autosploit'
|
||||
'backdoor-factory'
|
||||
'ba-pentest-commons-meta'
|
||||
'bettercap' # Networking swiss army knife
|
||||
'blue-hydra'
|
||||
'firefox-security-toolkit'
|
||||
#----------------#
|
||||
'gitgraber'
|
||||
'githack'
|
||||
'github-dorks'
|
||||
'githubcloner'
|
||||
'gitleaks'
|
||||
'gitmails'
|
||||
'gitminer'
|
||||
'gitrecon'
|
||||
'gitrob'
|
||||
'gittools'
|
||||
#----------------#
|
||||
|
||||
'metasploit' # Exploit
|
||||
'nmap' # Network scanning
|
||||
'sherlock-git'
|
||||
'sploitctl'
|
||||
'torctl'
|
||||
'wireshark-qt'
|
||||
)
|
||||
|
||||
for PKG in "${PKGS[@]}"; do
|
||||
echo "INSTALLING: ${PKG}"
|
||||
sudo pacman -S "$PKG" --noconfirm --needed
|
||||
sudo blackman -i "$PKG"
|
||||
done
|
||||
|
||||
|
||||
|
|
@ -51,6 +85,15 @@ git clone https://github.com/evyatarmeged/Raccoon.git
|
|||
cd Raccoon
|
||||
python setup.py install # Subsequent changes to the source code will not be reflected in calls to raccoon when this is used
|
||||
|
||||
cd $HOME/git
|
||||
git clone https://github.com/haad/proxychains
|
||||
cd proxychains
|
||||
./configure
|
||||
make
|
||||
sudo make install
|
||||
|
||||
cd ~
|
||||
|
||||
|
||||
echo "
|
||||
###############################################################################
|
||||
|
|
|
|||
|
|
@ -0,0 +1,193 @@
|
|||
#!/bin/sh
|
||||
# strap.sh - install and setup BlackArch Linux keyring
|
||||
|
||||
# mirror file to fetch and write
|
||||
MIRROR_F="blackarch-mirrorlist"
|
||||
|
||||
# simple error message wrapper
|
||||
err()
|
||||
{
|
||||
echo >&2 "$(tput bold; tput setaf 1)[-] ERROR: ${*}$(tput sgr0)"
|
||||
|
||||
exit 1337
|
||||
}
|
||||
|
||||
# simple warning message wrapper
|
||||
warn()
|
||||
{
|
||||
echo >&2 "$(tput bold; tput setaf 1)[!] WARNING: ${*}$(tput sgr0)"
|
||||
}
|
||||
|
||||
# simple echo wrapper
|
||||
msg()
|
||||
{
|
||||
echo "$(tput bold; tput setaf 2)[+] ${*}$(tput sgr0)"
|
||||
}
|
||||
|
||||
# check for root privilege
|
||||
check_priv()
|
||||
{
|
||||
if [ "$(id -u)" -ne 0 ]; then
|
||||
err "you must be root"
|
||||
fi
|
||||
}
|
||||
|
||||
# make a temporary directory and cd into
|
||||
make_tmp_dir()
|
||||
{
|
||||
tmp="$(mktemp -d /tmp/blackarch_strap.XXXXXXXX)"
|
||||
|
||||
trap 'rm -rf $tmp' EXIT
|
||||
|
||||
cd "$tmp" || err "Could not enter directory $tmp"
|
||||
}
|
||||
|
||||
check_internet()
|
||||
{
|
||||
tool='curl'
|
||||
tool_opts='-s --connect-timeout 8'
|
||||
|
||||
if ! $tool $tool_opts https://example.com/ > /dev/null 2>&1; then
|
||||
err "You don't have an Internet connection!"
|
||||
fi
|
||||
|
||||
return $SUCCESS
|
||||
}
|
||||
|
||||
# retrieve the BlackArch Linux keyring
|
||||
fetch_keyring()
|
||||
{
|
||||
curl -s -O \
|
||||
'https://www.blackarch.org/keyring/blackarch-keyring.pkg.tar.xz'
|
||||
|
||||
curl -s -O \
|
||||
'https://www.blackarch.org/keyring/blackarch-keyring.pkg.tar.xz.sig'
|
||||
}
|
||||
|
||||
# verify the keyring signature
|
||||
# note: this is pointless if you do not verify the key fingerprint
|
||||
verify_keyring()
|
||||
{
|
||||
if ! gpg --keyserver keyserver.ubuntu.com \
|
||||
--recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3 > /dev/null 2>&1
|
||||
then
|
||||
if ! gpg --keyserver hkps://keyserver.ubuntu.com:443 \
|
||||
--recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3 > /dev/null 2>&1
|
||||
then
|
||||
if ! gpg --keyserver hkp://pgp.mit.edu:80 \
|
||||
--recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3 > /dev/null 2>&1
|
||||
then
|
||||
err "could not verify the key. Please check: https://blackarch.org/faq.html"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if ! gpg --keyserver-options no-auto-key-retrieve \
|
||||
--with-fingerprint blackarch-keyring.pkg.tar.xz.sig > /dev/null 2>&1
|
||||
then
|
||||
err "invalid keyring signature. please stop by irc.blackarch.org:1337/blackarch"
|
||||
fi
|
||||
}
|
||||
|
||||
# delete the signature files
|
||||
delete_signature()
|
||||
{
|
||||
if [ -f "blackarch-keyring.pkg.tar.xz.sig" ]; then
|
||||
rm blackarch-keyring.pkg.tar.xz.sig
|
||||
fi
|
||||
}
|
||||
|
||||
# make sure /etc/pacman.d/gnupg is usable
|
||||
check_pacman_gnupg()
|
||||
{
|
||||
pacman-key --init
|
||||
}
|
||||
|
||||
# install the keyring
|
||||
install_keyring()
|
||||
{
|
||||
if ! pacman --config /dev/null --noconfirm \
|
||||
-U blackarch-keyring.pkg.tar.xz ; then
|
||||
err 'keyring installation failed'
|
||||
fi
|
||||
|
||||
# just in case
|
||||
pacman-key --populate
|
||||
}
|
||||
|
||||
# ask user for mirror
|
||||
get_mirror()
|
||||
{
|
||||
mirror_p="/etc/pacman.d"
|
||||
mirror_r="https://blackarch.org"
|
||||
|
||||
msg "fetching new mirror list..."
|
||||
if ! curl -s "$mirror_r/$MIRROR_F" -o "$mirror_p/$MIRROR_F" ; then
|
||||
err "we couldn't fetch the mirror list from: $mirror_r/$MIRROR_F"
|
||||
fi
|
||||
|
||||
msg "you can change the default mirror under $mirror_p/$MIRROR_F"
|
||||
}
|
||||
|
||||
# update pacman.conf
|
||||
update_pacman_conf()
|
||||
{
|
||||
# delete blackarch related entries if existing
|
||||
sed -i '/blackarch/{N;d}' /etc/pacman.conf
|
||||
|
||||
cat >> "/etc/pacman.conf" << EOF
|
||||
[blackarch]
|
||||
Include = /etc/pacman.d/$MIRROR_F
|
||||
EOF
|
||||
}
|
||||
|
||||
# synchronize and update
|
||||
pacman_update()
|
||||
{
|
||||
if pacman -Syy; then
|
||||
return $SUCCESS
|
||||
fi
|
||||
|
||||
warn "Synchronizing pacman has failed. Please try manually: pacman -Syy"
|
||||
|
||||
return $FAILURE
|
||||
}
|
||||
|
||||
|
||||
pacman_upgrade()
|
||||
{
|
||||
echo 'perform full system upgrade? (pacman -Su) [Yn]:'
|
||||
read conf < /dev/tty
|
||||
case "$conf" in
|
||||
''|y|Y) pacman -Su ;;
|
||||
n|N) warn 'some blackarch packages may not work without an up-to-date system.' ;;
|
||||
esac
|
||||
}
|
||||
|
||||
# setup blackarch linux
|
||||
blackarch_setup()
|
||||
{
|
||||
check_priv
|
||||
msg 'installing blackarch keyring...'
|
||||
make_tmp_dir
|
||||
check_internet
|
||||
fetch_keyring
|
||||
verify_keyring
|
||||
delete_signature
|
||||
check_pacman_gnupg
|
||||
install_keyring
|
||||
echo
|
||||
msg 'keyring installed successfully'
|
||||
# check if pacman.conf has already a mirror
|
||||
if ! grep -q "\[blackarch\]" /etc/pacman.conf; then
|
||||
msg 'configuring pacman'
|
||||
get_mirror
|
||||
msg 'updating pacman.conf'
|
||||
update_pacman_conf
|
||||
fi
|
||||
msg 'updating package databases'
|
||||
pacman_update
|
||||
msg 'BlackArch Linux is ready!'
|
||||
}
|
||||
|
||||
blackarch_setup
|
||||
Loading…
Reference in New Issue