Added new repo and packages
This commit is contained in:
parent
e6ae67e2be
commit
0ba5f3b6bd
|
|
@ -54,26 +54,26 @@ echo "--------------------------------------"
|
||||||
|
|
||||||
# disk prep
|
# disk prep
|
||||||
|
|
||||||
mkfs.ext3/dev/hda
|
#mkfs.ext3/dev/hda
|
||||||
mkfs.ext3/dev/sda1
|
#mkfs.ext3/dev/sda1
|
||||||
mkfs.ext3/dev/sda2
|
#mkfs.ext3/dev/sda2
|
||||||
mkfs.ext3/dev/sda3
|
#mkfs.ext3/dev/sda3
|
||||||
mkfs.ext3/dev/${DISK}
|
#mkfs.ext3/dev/${DISK}
|
||||||
|
|
||||||
cryptluks > /dev/sda
|
#cryptluks > /dev/sda
|
||||||
cryptluks > /dev/sda1
|
#cryptluks > /dev/sda1
|
||||||
cryptluks > /dev/sda2
|
#cryptluks > /dev/sda2
|
||||||
cryptluks > /dev/nvme0
|
#cryptluks > /dev/nvme0
|
||||||
cryptluks > /dev/mvme1
|
#cryptluks > /dev/mvme1
|
||||||
|
|
||||||
dd if=/dev/zero of=/dev/${DISK} bs=512 count=1
|
#dd if=/dev/zero of=/dev/${DISK} bs=512 count=1
|
||||||
dd if=/dev/zero of=/dev/sda1 bs=512 count=1
|
#dd if=/dev/zero of=/dev/sda1 bs=512 count=1
|
||||||
dd if=/dev/zero of=/dev/sda2 bs=512 count=1
|
#dd if=/dev/zero of=/dev/sda2 bs=512 count=1
|
||||||
dd if=/dev/zero of=/dev/sda3 bs=512 count=1
|
#dd if=/dev/zero of=/dev/sda3 bs=512 count=1
|
||||||
|
|
||||||
dd if=/dev/zero of=/dev/nvme0 bs=512 count=1
|
#dd if=/dev/zero of=/dev/nvme0 bs=512 count=1
|
||||||
dd if=/dev/zero of=/dev/nvme1 bs=512 count=1
|
#dd if=/dev/zero of=/dev/nvme1 bs=512 count=1
|
||||||
dd if=/dev/zero of=/dev/nvme2 bs=512 count=1
|
#dd if=/dev/zero of=/dev/nvme2 bs=512 count=1
|
||||||
|
|
||||||
sgdisk -Z ${DISK} # zap all on disk
|
sgdisk -Z ${DISK} # zap all on disk
|
||||||
#dd if=/dev/zero of=${DISK} bs=1M count=200 conv=fdatasync status=progress
|
#dd if=/dev/zero of=${DISK} bs=1M count=200 conv=fdatasync status=progress
|
||||||
|
|
|
||||||
|
|
@ -65,9 +65,11 @@ PKGS=(
|
||||||
'xorg-xinit'
|
'xorg-xinit'
|
||||||
'xterm'
|
'xterm'
|
||||||
'plasma-desktop' # KDE Load second
|
'plasma-desktop' # KDE Load second
|
||||||
|
#-------------------------------------#
|
||||||
'alsa-plugins' # audio plugins
|
'alsa-plugins' # audio plugins
|
||||||
'alsa-utils' # audio utils
|
'alsa-utils' # audio utils
|
||||||
'apparmor' # Security module
|
'apparmor' # Security module
|
||||||
|
'appimagelauncher'
|
||||||
'ark' # compression
|
'ark' # compression
|
||||||
'audiocd-kio'
|
'audiocd-kio'
|
||||||
'autoconf' # build
|
'autoconf' # build
|
||||||
|
|
@ -98,6 +100,7 @@ PKGS=(
|
||||||
'element-desktop-git' # Matrix client
|
'element-desktop-git' # Matrix client
|
||||||
'exfat-utils'
|
'exfat-utils'
|
||||||
'fail2ban' # Intrusion prevention
|
'fail2ban' # Intrusion prevention
|
||||||
|
'flameshot
|
||||||
'flex'
|
'flex'
|
||||||
'fuse2'
|
'fuse2'
|
||||||
'fuse3'
|
'fuse3'
|
||||||
|
|
@ -108,6 +111,7 @@ PKGS=(
|
||||||
'gcc'
|
'gcc'
|
||||||
'gimp' # Photo editing
|
'gimp' # Photo editing
|
||||||
'git'
|
'git'
|
||||||
|
'gitkraken'
|
||||||
'gparted' # partition management
|
'gparted' # partition management
|
||||||
'gptfdisk'
|
'gptfdisk'
|
||||||
'grub'
|
'grub'
|
||||||
|
|
@ -139,6 +143,7 @@ PKGS=(
|
||||||
'nano'
|
'nano'
|
||||||
'neofetch'
|
'neofetch'
|
||||||
'networkmanager'
|
'networkmanager'
|
||||||
|
'nodejs'
|
||||||
'ntfs-3g'
|
'ntfs-3g'
|
||||||
'okular'
|
'okular'
|
||||||
'openbsd-netcat'
|
'openbsd-netcat'
|
||||||
|
|
@ -186,6 +191,7 @@ PKGS=(
|
||||||
'xdg-desktop-portal-kde'
|
'xdg-desktop-portal-kde'
|
||||||
'xdg-user-dirs'
|
'xdg-user-dirs'
|
||||||
'zeroconf-ioslave'
|
'zeroconf-ioslave'
|
||||||
|
'zulucrypt'
|
||||||
'zip'
|
'zip'
|
||||||
'zsh'
|
'zsh'
|
||||||
'zsh-syntax-highlighting'
|
'zsh-syntax-highlighting'
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ PKGS=(
|
||||||
'dxvk-bin' # DXVK DirectX to Vulcan
|
'dxvk-bin' # DXVK DirectX to Vulcan
|
||||||
'firefox'
|
'firefox'
|
||||||
'github-desktop-bin' # Github Desktop sync
|
'github-desktop-bin' # Github Desktop sync
|
||||||
|
'intellij-idea-community-edition'
|
||||||
'lightly-git'
|
'lightly-git'
|
||||||
'mangohud' # Gaming FPS Counter
|
'mangohud' # Gaming FPS Counter
|
||||||
'mangohud-common'
|
'mangohud-common'
|
||||||
|
|
@ -42,8 +43,11 @@ PKGS=(
|
||||||
'nordic-theme'
|
'nordic-theme'
|
||||||
'noto-fonts-emoji'
|
'noto-fonts-emoji'
|
||||||
'papirus-icon-theme'
|
'papirus-icon-theme'
|
||||||
|
'playonlinux' # Wine frontend
|
||||||
|
'pidgin'
|
||||||
'plasma-pa'
|
'plasma-pa'
|
||||||
'ocs-url' # install packages from websites
|
'ocs-url' # install packages from websites
|
||||||
|
'ungoogled-chromium'
|
||||||
'sddm-nordic-theme-git'
|
'sddm-nordic-theme-git'
|
||||||
'snapper-gui-git'
|
'snapper-gui-git'
|
||||||
'ttf-droid'
|
'ttf-droid'
|
||||||
|
|
@ -52,6 +56,7 @@ PKGS=(
|
||||||
'ttf-roboto'
|
'ttf-roboto'
|
||||||
'zoom' # video conferences
|
'zoom' # video conferences
|
||||||
'snap-pac'
|
'snap-pac'
|
||||||
|
'youtube-dl-gui-git'
|
||||||
)
|
)
|
||||||
|
|
||||||
for PKG in "${PKGS[@]}"; do
|
for PKG in "${PKGS[@]}"; do
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,32 @@ sudo cat <<EOF > /etc/sddm.conf
|
||||||
Current=Nordic
|
Current=Nordic
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------
|
||||||
|
|
||||||
|
sudo ufw limit 22/tcp
|
||||||
|
sudo ufw allow 80/tcp
|
||||||
|
sudo ufw allow 443/tcp
|
||||||
|
sudo ufw default deny incoming
|
||||||
|
sudo ufw default allow outgoing
|
||||||
|
|
||||||
|
# --- Harden /etc/sysctl.conf
|
||||||
|
sudo sysctl kernel.modules_disabled=1
|
||||||
|
sudo sysctl -a
|
||||||
|
sudo sysctl -A
|
||||||
|
sudo sysctl mib
|
||||||
|
sudo sysctl net.ipv4.conf.all.rp_filter
|
||||||
|
sudo sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
|
||||||
|
|
||||||
|
# --- PREVENT IP SPOOFS
|
||||||
|
cat <<EOF > /etc/host.conf
|
||||||
|
order bind,hosts
|
||||||
|
multi on
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# --- Enable fail2ban
|
||||||
|
sudo cp fail2ban.local /etc/fail2ban/
|
||||||
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------
|
# ------------------------------------------------------------------------
|
||||||
|
|
||||||
echo -e "\nEnabling essential services"
|
echo -e "\nEnabling essential services"
|
||||||
|
|
@ -37,4 +63,5 @@ sudo systemctl enable NetworkManager.service
|
||||||
sudo systemctl enable bluetooth
|
sudo systemctl enable bluetooth
|
||||||
sudo systemctl enable ufw
|
sudo systemctl enable ufw
|
||||||
sudo systemctl enable fail2ban
|
sudo systemctl enable fail2ban
|
||||||
|
sudo systemctl start fail2ban
|
||||||
#sudo systemctl enable --now portmaster
|
#sudo systemctl enable --now portmaster
|
||||||
|
|
|
||||||
|
|
@ -11,22 +11,56 @@
|
||||||
#
|
#
|
||||||
#------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------
|
||||||
|
|
||||||
echo -e "\nFINAL SETUP AND CONFIGURATION"
|
echo -e "\nFINAL SETUP AND CONFIGURATION\n"
|
||||||
|
|
||||||
|
ehco -e"\nInstalling black arch repository\n"
|
||||||
|
|
||||||
|
#mkdir $HOME/blackarch
|
||||||
|
#cp /root/BetterArch/dotfiles/blackarch/strap.sh $HOME/blackarch
|
||||||
|
#cd $HOME/blackarch
|
||||||
|
#chmod +x strap.sh
|
||||||
|
#sudo pacman -Syu
|
||||||
|
|
||||||
|
mkdir blackman
|
||||||
|
cd blackman
|
||||||
|
wget https://raw.github.com/BlackArch/blackarch/master/packages/blackman/PKGBUILD
|
||||||
|
makepkg -s
|
||||||
|
|
||||||
echo -e "\nInstalling penetration testing tools"
|
|
||||||
|
|
||||||
PKGS=(
|
PKGS=(
|
||||||
|
'3proxy'
|
||||||
|
'a2sv'
|
||||||
'airgeddon-git' # Audit wireless networks
|
'airgeddon-git' # Audit wireless networks
|
||||||
|
'autosploit'
|
||||||
|
'backdoor-factory'
|
||||||
'ba-pentest-commons-meta'
|
'ba-pentest-commons-meta'
|
||||||
'bettercap' # Networking swiss army knife
|
'bettercap' # Networking swiss army knife
|
||||||
|
'blue-hydra'
|
||||||
|
'firefox-security-toolkit'
|
||||||
|
#----------------#
|
||||||
|
'gitgraber'
|
||||||
|
'githack'
|
||||||
|
'github-dorks'
|
||||||
|
'githubcloner'
|
||||||
|
'gitleaks'
|
||||||
|
'gitmails'
|
||||||
|
'gitminer'
|
||||||
|
'gitrecon'
|
||||||
|
'gitrob'
|
||||||
|
'gittools'
|
||||||
|
#----------------#
|
||||||
|
|
||||||
'metasploit' # Exploit
|
'metasploit' # Exploit
|
||||||
'nmap' # Network scanning
|
'nmap' # Network scanning
|
||||||
'sherlock-git'
|
'sherlock-git'
|
||||||
|
'sploitctl'
|
||||||
|
'torctl'
|
||||||
|
'wireshark-qt'
|
||||||
)
|
)
|
||||||
|
|
||||||
for PKG in "${PKGS[@]}"; do
|
for PKG in "${PKGS[@]}"; do
|
||||||
echo "INSTALLING: ${PKG}"
|
echo "INSTALLING: ${PKG}"
|
||||||
sudo pacman -S "$PKG" --noconfirm --needed
|
sudo blackman -i "$PKG"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -51,6 +85,15 @@ git clone https://github.com/evyatarmeged/Raccoon.git
|
||||||
cd Raccoon
|
cd Raccoon
|
||||||
python setup.py install # Subsequent changes to the source code will not be reflected in calls to raccoon when this is used
|
python setup.py install # Subsequent changes to the source code will not be reflected in calls to raccoon when this is used
|
||||||
|
|
||||||
|
cd $HOME/git
|
||||||
|
git clone https://github.com/haad/proxychains
|
||||||
|
cd proxychains
|
||||||
|
./configure
|
||||||
|
make
|
||||||
|
sudo make install
|
||||||
|
|
||||||
|
cd ~
|
||||||
|
|
||||||
|
|
||||||
echo "
|
echo "
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,193 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# strap.sh - install and setup BlackArch Linux keyring
|
||||||
|
|
||||||
|
# mirror file to fetch and write
|
||||||
|
MIRROR_F="blackarch-mirrorlist"
|
||||||
|
|
||||||
|
# simple error message wrapper
|
||||||
|
err()
|
||||||
|
{
|
||||||
|
echo >&2 "$(tput bold; tput setaf 1)[-] ERROR: ${*}$(tput sgr0)"
|
||||||
|
|
||||||
|
exit 1337
|
||||||
|
}
|
||||||
|
|
||||||
|
# simple warning message wrapper
|
||||||
|
warn()
|
||||||
|
{
|
||||||
|
echo >&2 "$(tput bold; tput setaf 1)[!] WARNING: ${*}$(tput sgr0)"
|
||||||
|
}
|
||||||
|
|
||||||
|
# simple echo wrapper
|
||||||
|
msg()
|
||||||
|
{
|
||||||
|
echo "$(tput bold; tput setaf 2)[+] ${*}$(tput sgr0)"
|
||||||
|
}
|
||||||
|
|
||||||
|
# check for root privilege
|
||||||
|
check_priv()
|
||||||
|
{
|
||||||
|
if [ "$(id -u)" -ne 0 ]; then
|
||||||
|
err "you must be root"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# make a temporary directory and cd into
|
||||||
|
make_tmp_dir()
|
||||||
|
{
|
||||||
|
tmp="$(mktemp -d /tmp/blackarch_strap.XXXXXXXX)"
|
||||||
|
|
||||||
|
trap 'rm -rf $tmp' EXIT
|
||||||
|
|
||||||
|
cd "$tmp" || err "Could not enter directory $tmp"
|
||||||
|
}
|
||||||
|
|
||||||
|
check_internet()
|
||||||
|
{
|
||||||
|
tool='curl'
|
||||||
|
tool_opts='-s --connect-timeout 8'
|
||||||
|
|
||||||
|
if ! $tool $tool_opts https://example.com/ > /dev/null 2>&1; then
|
||||||
|
err "You don't have an Internet connection!"
|
||||||
|
fi
|
||||||
|
|
||||||
|
return $SUCCESS
|
||||||
|
}
|
||||||
|
|
||||||
|
# retrieve the BlackArch Linux keyring
|
||||||
|
fetch_keyring()
|
||||||
|
{
|
||||||
|
curl -s -O \
|
||||||
|
'https://www.blackarch.org/keyring/blackarch-keyring.pkg.tar.xz'
|
||||||
|
|
||||||
|
curl -s -O \
|
||||||
|
'https://www.blackarch.org/keyring/blackarch-keyring.pkg.tar.xz.sig'
|
||||||
|
}
|
||||||
|
|
||||||
|
# verify the keyring signature
|
||||||
|
# note: this is pointless if you do not verify the key fingerprint
|
||||||
|
verify_keyring()
|
||||||
|
{
|
||||||
|
if ! gpg --keyserver keyserver.ubuntu.com \
|
||||||
|
--recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3 > /dev/null 2>&1
|
||||||
|
then
|
||||||
|
if ! gpg --keyserver hkps://keyserver.ubuntu.com:443 \
|
||||||
|
--recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3 > /dev/null 2>&1
|
||||||
|
then
|
||||||
|
if ! gpg --keyserver hkp://pgp.mit.edu:80 \
|
||||||
|
--recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3 > /dev/null 2>&1
|
||||||
|
then
|
||||||
|
err "could not verify the key. Please check: https://blackarch.org/faq.html"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! gpg --keyserver-options no-auto-key-retrieve \
|
||||||
|
--with-fingerprint blackarch-keyring.pkg.tar.xz.sig > /dev/null 2>&1
|
||||||
|
then
|
||||||
|
err "invalid keyring signature. please stop by irc.blackarch.org:1337/blackarch"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# delete the signature files
|
||||||
|
delete_signature()
|
||||||
|
{
|
||||||
|
if [ -f "blackarch-keyring.pkg.tar.xz.sig" ]; then
|
||||||
|
rm blackarch-keyring.pkg.tar.xz.sig
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# make sure /etc/pacman.d/gnupg is usable
|
||||||
|
check_pacman_gnupg()
|
||||||
|
{
|
||||||
|
pacman-key --init
|
||||||
|
}
|
||||||
|
|
||||||
|
# install the keyring
|
||||||
|
install_keyring()
|
||||||
|
{
|
||||||
|
if ! pacman --config /dev/null --noconfirm \
|
||||||
|
-U blackarch-keyring.pkg.tar.xz ; then
|
||||||
|
err 'keyring installation failed'
|
||||||
|
fi
|
||||||
|
|
||||||
|
# just in case
|
||||||
|
pacman-key --populate
|
||||||
|
}
|
||||||
|
|
||||||
|
# ask user for mirror
|
||||||
|
get_mirror()
|
||||||
|
{
|
||||||
|
mirror_p="/etc/pacman.d"
|
||||||
|
mirror_r="https://blackarch.org"
|
||||||
|
|
||||||
|
msg "fetching new mirror list..."
|
||||||
|
if ! curl -s "$mirror_r/$MIRROR_F" -o "$mirror_p/$MIRROR_F" ; then
|
||||||
|
err "we couldn't fetch the mirror list from: $mirror_r/$MIRROR_F"
|
||||||
|
fi
|
||||||
|
|
||||||
|
msg "you can change the default mirror under $mirror_p/$MIRROR_F"
|
||||||
|
}
|
||||||
|
|
||||||
|
# update pacman.conf
|
||||||
|
update_pacman_conf()
|
||||||
|
{
|
||||||
|
# delete blackarch related entries if existing
|
||||||
|
sed -i '/blackarch/{N;d}' /etc/pacman.conf
|
||||||
|
|
||||||
|
cat >> "/etc/pacman.conf" << EOF
|
||||||
|
[blackarch]
|
||||||
|
Include = /etc/pacman.d/$MIRROR_F
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
# synchronize and update
|
||||||
|
pacman_update()
|
||||||
|
{
|
||||||
|
if pacman -Syy; then
|
||||||
|
return $SUCCESS
|
||||||
|
fi
|
||||||
|
|
||||||
|
warn "Synchronizing pacman has failed. Please try manually: pacman -Syy"
|
||||||
|
|
||||||
|
return $FAILURE
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pacman_upgrade()
|
||||||
|
{
|
||||||
|
echo 'perform full system upgrade? (pacman -Su) [Yn]:'
|
||||||
|
read conf < /dev/tty
|
||||||
|
case "$conf" in
|
||||||
|
''|y|Y) pacman -Su ;;
|
||||||
|
n|N) warn 'some blackarch packages may not work without an up-to-date system.' ;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
# setup blackarch linux
|
||||||
|
blackarch_setup()
|
||||||
|
{
|
||||||
|
check_priv
|
||||||
|
msg 'installing blackarch keyring...'
|
||||||
|
make_tmp_dir
|
||||||
|
check_internet
|
||||||
|
fetch_keyring
|
||||||
|
verify_keyring
|
||||||
|
delete_signature
|
||||||
|
check_pacman_gnupg
|
||||||
|
install_keyring
|
||||||
|
echo
|
||||||
|
msg 'keyring installed successfully'
|
||||||
|
# check if pacman.conf has already a mirror
|
||||||
|
if ! grep -q "\[blackarch\]" /etc/pacman.conf; then
|
||||||
|
msg 'configuring pacman'
|
||||||
|
get_mirror
|
||||||
|
msg 'updating pacman.conf'
|
||||||
|
update_pacman_conf
|
||||||
|
fi
|
||||||
|
msg 'updating package databases'
|
||||||
|
pacman_update
|
||||||
|
msg 'BlackArch Linux is ready!'
|
||||||
|
}
|
||||||
|
|
||||||
|
blackarch_setup
|
||||||
Loading…
Reference in New Issue