From 0ba5f3b6bd6d0910dbce81e0ae8d946ac55acd8f Mon Sep 17 00:00:00 2001 From: 71Zombie <76274154+71Zombie@users.noreply.github.com> Date: Tue, 26 Oct 2021 10:02:43 -0400 Subject: [PATCH] Added new repo and packages --- 0-preinstall.sh | 34 +++---- 1-setup.sh | 6 ++ 2-user.sh | 5 + 3-post-setup.sh | 27 +++++ 4-pen-tools.sh | 49 ++++++++- dotfiles/blackarch/strap.sh | 193 ++++++++++++++++++++++++++++++++++++ 6 files changed, 294 insertions(+), 20 deletions(-) create mode 100644 dotfiles/blackarch/strap.sh diff --git a/0-preinstall.sh b/0-preinstall.sh index 91bc94b..c50a418 100644 --- a/0-preinstall.sh +++ b/0-preinstall.sh @@ -54,26 +54,26 @@ echo "--------------------------------------" # disk prep -mkfs.ext3/dev/hda -mkfs.ext3/dev/sda1 -mkfs.ext3/dev/sda2 -mkfs.ext3/dev/sda3 -mkfs.ext3/dev/${DISK} +#mkfs.ext3/dev/hda +#mkfs.ext3/dev/sda1 +#mkfs.ext3/dev/sda2 +#mkfs.ext3/dev/sda3 +#mkfs.ext3/dev/${DISK} -cryptluks > /dev/sda -cryptluks > /dev/sda1 -cryptluks > /dev/sda2 -cryptluks > /dev/nvme0 -cryptluks > /dev/mvme1 +#cryptluks > /dev/sda +#cryptluks > /dev/sda1 +#cryptluks > /dev/sda2 +#cryptluks > /dev/nvme0 +#cryptluks > /dev/mvme1 -dd if=/dev/zero of=/dev/${DISK} bs=512 count=1 -dd if=/dev/zero of=/dev/sda1 bs=512 count=1 -dd if=/dev/zero of=/dev/sda2 bs=512 count=1 -dd if=/dev/zero of=/dev/sda3 bs=512 count=1 +#dd if=/dev/zero of=/dev/${DISK} bs=512 count=1 +#dd if=/dev/zero of=/dev/sda1 bs=512 count=1 +#dd if=/dev/zero of=/dev/sda2 bs=512 count=1 +#dd if=/dev/zero of=/dev/sda3 bs=512 count=1 -dd if=/dev/zero of=/dev/nvme0 bs=512 count=1 -dd if=/dev/zero of=/dev/nvme1 bs=512 count=1 -dd if=/dev/zero of=/dev/nvme2 bs=512 count=1 +#dd if=/dev/zero of=/dev/nvme0 bs=512 count=1 +#dd if=/dev/zero of=/dev/nvme1 bs=512 count=1 +#dd if=/dev/zero of=/dev/nvme2 bs=512 count=1 sgdisk -Z ${DISK} # zap all on disk #dd if=/dev/zero of=${DISK} bs=1M count=200 conv=fdatasync status=progress diff --git a/1-setup.sh b/1-setup.sh index b26994d..dfd40d0 100644 --- a/1-setup.sh +++ b/1-setup.sh @@ -65,9 +65,11 @@ PKGS=( 'xorg-xinit' 'xterm' 'plasma-desktop' # KDE Load second +#-------------------------------------# 'alsa-plugins' # audio plugins 'alsa-utils' # audio utils 'apparmor' # Security module +'appimagelauncher' 'ark' # compression 'audiocd-kio' 'autoconf' # build @@ -98,6 +100,7 @@ PKGS=( 'element-desktop-git' # Matrix client 'exfat-utils' 'fail2ban' # Intrusion prevention +'flameshot 'flex' 'fuse2' 'fuse3' @@ -108,6 +111,7 @@ PKGS=( 'gcc' 'gimp' # Photo editing 'git' +'gitkraken' 'gparted' # partition management 'gptfdisk' 'grub' @@ -139,6 +143,7 @@ PKGS=( 'nano' 'neofetch' 'networkmanager' +'nodejs' 'ntfs-3g' 'okular' 'openbsd-netcat' @@ -186,6 +191,7 @@ PKGS=( 'xdg-desktop-portal-kde' 'xdg-user-dirs' 'zeroconf-ioslave' +'zulucrypt' 'zip' 'zsh' 'zsh-syntax-highlighting' diff --git a/2-user.sh b/2-user.sh index 461621d..8b478cc 100755 --- a/2-user.sh +++ b/2-user.sh @@ -32,6 +32,7 @@ PKGS=( 'dxvk-bin' # DXVK DirectX to Vulcan 'firefox' 'github-desktop-bin' # Github Desktop sync +'intellij-idea-community-edition' 'lightly-git' 'mangohud' # Gaming FPS Counter 'mangohud-common' @@ -42,8 +43,11 @@ PKGS=( 'nordic-theme' 'noto-fonts-emoji' 'papirus-icon-theme' +'playonlinux' # Wine frontend +'pidgin' 'plasma-pa' 'ocs-url' # install packages from websites +'ungoogled-chromium' 'sddm-nordic-theme-git' 'snapper-gui-git' 'ttf-droid' @@ -52,6 +56,7 @@ PKGS=( 'ttf-roboto' 'zoom' # video conferences 'snap-pac' +'youtube-dl-gui-git' ) for PKG in "${PKGS[@]}"; do diff --git a/3-post-setup.sh b/3-post-setup.sh index 91a16f8..e8f69ea 100644 --- a/3-post-setup.sh +++ b/3-post-setup.sh @@ -24,6 +24,32 @@ sudo cat < /etc/sddm.conf Current=Nordic EOF +# ------------------------------------------------------------------------ + +sudo ufw limit 22/tcp +sudo ufw allow 80/tcp +sudo ufw allow 443/tcp +sudo ufw default deny incoming +sudo ufw default allow outgoing + +# --- Harden /etc/sysctl.conf +sudo sysctl kernel.modules_disabled=1 +sudo sysctl -a +sudo sysctl -A +sudo sysctl mib +sudo sysctl net.ipv4.conf.all.rp_filter +sudo sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp' + +# --- PREVENT IP SPOOFS +cat < /etc/host.conf +order bind,hosts +multi on +EOF + +# --- Enable fail2ban +sudo cp fail2ban.local /etc/fail2ban/ + + # ------------------------------------------------------------------------ echo -e "\nEnabling essential services" @@ -37,4 +63,5 @@ sudo systemctl enable NetworkManager.service sudo systemctl enable bluetooth sudo systemctl enable ufw sudo systemctl enable fail2ban +sudo systemctl start fail2ban #sudo systemctl enable --now portmaster diff --git a/4-pen-tools.sh b/4-pen-tools.sh index 8de4848..92137ed 100644 --- a/4-pen-tools.sh +++ b/4-pen-tools.sh @@ -11,22 +11,56 @@ # #------------------------------------------------------------------------------------ -echo -e "\nFINAL SETUP AND CONFIGURATION" +echo -e "\nFINAL SETUP AND CONFIGURATION\n" + +ehco -e"\nInstalling black arch repository\n" + +#mkdir $HOME/blackarch +#cp /root/BetterArch/dotfiles/blackarch/strap.sh $HOME/blackarch +#cd $HOME/blackarch +#chmod +x strap.sh +#sudo pacman -Syu + +mkdir blackman +cd blackman +wget https://raw.github.com/BlackArch/blackarch/master/packages/blackman/PKGBUILD +makepkg -s -echo -e "\nInstalling penetration testing tools" PKGS=( +'3proxy' +'a2sv' 'airgeddon-git' # Audit wireless networks +'autosploit' +'backdoor-factory' 'ba-pentest-commons-meta' 'bettercap' # Networking swiss army knife +'blue-hydra' +'firefox-security-toolkit' +#----------------# +'gitgraber' +'githack' +'github-dorks' +'githubcloner' +'gitleaks' +'gitmails' +'gitminer' +'gitrecon' +'gitrob' +'gittools' +#----------------# + 'metasploit' # Exploit 'nmap' # Network scanning 'sherlock-git' +'sploitctl' +'torctl' +'wireshark-qt' ) for PKG in "${PKGS[@]}"; do echo "INSTALLING: ${PKG}" - sudo pacman -S "$PKG" --noconfirm --needed + sudo blackman -i "$PKG" done @@ -51,6 +85,15 @@ git clone https://github.com/evyatarmeged/Raccoon.git cd Raccoon python setup.py install # Subsequent changes to the source code will not be reflected in calls to raccoon when this is used +cd $HOME/git +git clone https://github.com/haad/proxychains +cd proxychains +./configure +make +sudo make install + +cd ~ + echo " ############################################################################### diff --git a/dotfiles/blackarch/strap.sh b/dotfiles/blackarch/strap.sh new file mode 100644 index 0000000..57a1112 --- /dev/null +++ b/dotfiles/blackarch/strap.sh @@ -0,0 +1,193 @@ +#!/bin/sh +# strap.sh - install and setup BlackArch Linux keyring + +# mirror file to fetch and write +MIRROR_F="blackarch-mirrorlist" + +# simple error message wrapper +err() +{ + echo >&2 "$(tput bold; tput setaf 1)[-] ERROR: ${*}$(tput sgr0)" + + exit 1337 +} + +# simple warning message wrapper +warn() +{ + echo >&2 "$(tput bold; tput setaf 1)[!] WARNING: ${*}$(tput sgr0)" +} + +# simple echo wrapper +msg() +{ + echo "$(tput bold; tput setaf 2)[+] ${*}$(tput sgr0)" +} + +# check for root privilege +check_priv() +{ + if [ "$(id -u)" -ne 0 ]; then + err "you must be root" + fi +} + +# make a temporary directory and cd into +make_tmp_dir() +{ + tmp="$(mktemp -d /tmp/blackarch_strap.XXXXXXXX)" + + trap 'rm -rf $tmp' EXIT + + cd "$tmp" || err "Could not enter directory $tmp" +} + +check_internet() +{ + tool='curl' + tool_opts='-s --connect-timeout 8' + + if ! $tool $tool_opts https://example.com/ > /dev/null 2>&1; then + err "You don't have an Internet connection!" + fi + + return $SUCCESS +} + +# retrieve the BlackArch Linux keyring +fetch_keyring() +{ + curl -s -O \ + 'https://www.blackarch.org/keyring/blackarch-keyring.pkg.tar.xz' + + curl -s -O \ + 'https://www.blackarch.org/keyring/blackarch-keyring.pkg.tar.xz.sig' +} + +# verify the keyring signature +# note: this is pointless if you do not verify the key fingerprint +verify_keyring() +{ + if ! gpg --keyserver keyserver.ubuntu.com \ + --recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3 > /dev/null 2>&1 + then + if ! gpg --keyserver hkps://keyserver.ubuntu.com:443 \ + --recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3 > /dev/null 2>&1 + then + if ! gpg --keyserver hkp://pgp.mit.edu:80 \ + --recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3 > /dev/null 2>&1 + then + err "could not verify the key. Please check: https://blackarch.org/faq.html" + fi + fi + fi + + if ! gpg --keyserver-options no-auto-key-retrieve \ + --with-fingerprint blackarch-keyring.pkg.tar.xz.sig > /dev/null 2>&1 + then + err "invalid keyring signature. please stop by irc.blackarch.org:1337/blackarch" + fi +} + +# delete the signature files +delete_signature() +{ + if [ -f "blackarch-keyring.pkg.tar.xz.sig" ]; then + rm blackarch-keyring.pkg.tar.xz.sig + fi +} + +# make sure /etc/pacman.d/gnupg is usable +check_pacman_gnupg() +{ + pacman-key --init +} + +# install the keyring +install_keyring() +{ + if ! pacman --config /dev/null --noconfirm \ + -U blackarch-keyring.pkg.tar.xz ; then + err 'keyring installation failed' + fi + + # just in case + pacman-key --populate +} + +# ask user for mirror +get_mirror() +{ + mirror_p="/etc/pacman.d" + mirror_r="https://blackarch.org" + + msg "fetching new mirror list..." + if ! curl -s "$mirror_r/$MIRROR_F" -o "$mirror_p/$MIRROR_F" ; then + err "we couldn't fetch the mirror list from: $mirror_r/$MIRROR_F" + fi + + msg "you can change the default mirror under $mirror_p/$MIRROR_F" +} + +# update pacman.conf +update_pacman_conf() +{ + # delete blackarch related entries if existing + sed -i '/blackarch/{N;d}' /etc/pacman.conf + + cat >> "/etc/pacman.conf" << EOF +[blackarch] +Include = /etc/pacman.d/$MIRROR_F +EOF +} + +# synchronize and update +pacman_update() +{ + if pacman -Syy; then + return $SUCCESS + fi + + warn "Synchronizing pacman has failed. Please try manually: pacman -Syy" + + return $FAILURE +} + + +pacman_upgrade() +{ + echo 'perform full system upgrade? (pacman -Su) [Yn]:' + read conf < /dev/tty + case "$conf" in + ''|y|Y) pacman -Su ;; + n|N) warn 'some blackarch packages may not work without an up-to-date system.' ;; + esac +} + +# setup blackarch linux +blackarch_setup() +{ + check_priv + msg 'installing blackarch keyring...' + make_tmp_dir + check_internet + fetch_keyring + verify_keyring + delete_signature + check_pacman_gnupg + install_keyring + echo + msg 'keyring installed successfully' + # check if pacman.conf has already a mirror + if ! grep -q "\[blackarch\]" /etc/pacman.conf; then + msg 'configuring pacman' + get_mirror + msg 'updating pacman.conf' + update_pacman_conf + fi + msg 'updating package databases' + pacman_update + msg 'BlackArch Linux is ready!' +} + +blackarch_setup