-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcustomize.bash
197 lines (162 loc) · 6.62 KB
/
customize.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
#!/bin/bash
set -e
set -x
run_as_user() {
local cmd="$@"
local _UID=$(getent passwd $NORMAL_USER | cut -d: -f3)
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$_UID/bus su --whitelist-environment=DBUS_SESSION_BUS_ADDRESS - $NORMAL_USER -c "cd $(pwd) && $cmd"
}
if [ "$1" ]; then
NORMAL_USER="$1"
else
NORMAL_USER="sanduuz"
fi
if [ "$UID" != "0" ]; then
echo "This tool needs to be run as root!" 1>&2
exit 1
fi
DATA_DIRECTORY="DATA"
if [ ! -d "$DATA_DIRECTORY" ]; then
echo "ERROR: Directory 'DATA' does not exist." 1>&2
exit 1
fi
echo "Allowing NOPASSWD for sudo group"
echo "%sudo ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/nopasswd
echo "Adding $NORMAL_USER to group sudo"
adduser $NORMAL_USER sudo
echo "Installing non-free firmware and microcode"
echo "deb http://deb.debian.org/debian/ buster contrib non-free" > /etc/apt/sources.list.d/non-free.list
apt -y update
apt -y install firmware-iwlwifi firmware-misc-nonfree intel-microcode
rmmod iwlwifi || true
rmmod cfg80211 || true
modprobe cfg80211 || true
modprobe iwlwifi || true
echo "Configuring autologout on console logins"
cat > /etc/profile.d/auto-logout.sh <<EOF
case "\$(tty)" in
/dev/tty[1-9])
TMOUT=600
;;
esac
EOF
echo "Disabling suspend on laptop lid close"
if ! grep -q ^HandleLidSwitch=ignore /etc/systemd/logind.conf; then
echo HandleLidSwitch=ignore >> /etc/systemd/logind.conf
echo HandleLidSwitchDocked=ignore >> /etc/systemd/logind.conf
fi
echo "Disabling sleeping on battery"
run_as_user "dconf write /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type \"'nothing'\""
run_as_user "dconf write /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type \"'nothing'\""
echo "Configuring WireShark"
echo "wireshark-common wireshark-common/install-setuid boolean false" | debconf-set-selections
echo "Installing other packages"
apt -y update
apt -y install rsync default-jdk virt-manager ufw \
apt-file python3-pip python3-lxml curl vim gimp jq picocom \
meld ssh zip git pv screen bmon pwgen xmlstarlet dos2unix \
debsecan lsof apt-show-versions sshfs binwalk rlwrap pavucontrol \
manpages-dev apt-mirror dislocker d-feet strace ltrace \
binutils-multiarch libguestfs-tools chromium memtest86+ \
tcpdump whois wireshark openvpn socat golang nano wget \
tshark traceroute apt-transport-https python3-requests \
tree pass gdb axel cmake
echo "Installing python modules"
python3 -m pip install requests flake8
echo "Installing Sublime Text"
wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | apt-key add -
echo "deb https://download.sublimetext.com/ apt/stable/" | tee /etc/apt/sources.list.d/sublime-text.list
apt -y update
apt -y install sublime-text
echo "Installing Sublime Text plugins"
if [ ! -d "/home/$NORMAL_USER/.config" ]; then
echo "WARNING: /home/$NORMAL_USER/.config directory does not exist. Creating..." 1>&2
run_as_user mkdir -p /home/$NORMAL_USER/.config
fi
echo "Running st_helper.py"
python3 helpers/st_helper.py
echo "Disabling SSH"
systemctl disable --now ssh
echo "Enabling UFW"
ufw enable
echo "Updating apt-file database"
apt-file update
echo "Updating configurations"
(
cat <<EOF
dconf write /org/gnome/desktop/wm/preferences/focus-mode "'click'"
dconf write /org/gnome/desktop/session/idle-delay 'uint32 3600'
dconf write /org/gnome/settings-daemon/plugins/power/sleep-display-ac 3600
dconf write /org/gnome/settings-daemon/plugins/power/sleep-display-battery 3600
dconf write /org/gnome/settings-daemon/peripherals/touchpad/scroll-method "'two-finger-scrolling'"
dconf write /org/gnome/settings-daemon/plugins/media-keys/max-screencast-length 3600
dconf write /org/gnome/desktop/peripherals/touchpad/natural-scroll true
dconf write /org/gnome/desktop/peripherals/touchpad/speed 0.2
dconf write /org/gnome/desktop/peripherals/mouse/natural-scroll false
dconf write /org/gnome/desktop/interface/clock-show-seconds "'true'"
dconf write /org/gnome/desktop/interface/clock-show-weekday "'true'"
gsettings set org.gnome.desktop.interface gtk-theme 'Adwaita-dark'
gsettings set org.gnome.desktop.media-handling automount false
gsettings set org.gnome.desktop.media-handling automount-open false
gsettings set org.gnome.desktop.input-sources sources "[('xkb', 'us'), ('xkb', 'fi')]"
gsettings set org.gnome.desktop.interface show-battery-percentage true
gsettings set org.gnome.desktop.interface enable-hot-corners false
gsettings set org.gnome.desktop.interface clock-format 24h
gsettings set org.gnome.desktop.calendar show-weekdate true
EOF
) | run_as_user bash
echo "Updating git information"
run_as_user git config --global user.name "Sanduuz"
run_as_user git config --global user.email "[email protected]"
echo "Modifying .bashrc"
run_as_user tee -a /home/$NORMAL_USER/.bashrc <<EOF
export HISTTIMEFORMAT="%F %T "
export HISTFILESIZE=5000000
export HISTSIZE=100000
alias la="ls -al"
alias grep="grep --color=auto"
alias less="less -r"
bind '"\C-H": backward-kill-word'
bind '"\t": menu-complete'
bind "set show-all-if-ambiguous on"
bind "set menu-complete-display-prefix on"
EOF
echo "Modifying .nanorc"
run_as_user tee -a /home/$NORMAL_USER/.nanorc <<EOF
include /usr/share/nano/*.nanorc
set tabsize 4
set tabstospaces
set constantshow
set softwrap
set linenumbers
bind ^H chopwordleft main
EOF
echo "Modifying .dircolors"
run_as_user tee -a /home/$NORMAL_USER/.dircolors <<EOF
DIR 01;94
EOF
echo "Adding SSH ControlMaster to SSH config"
if [ ! -d "/home/$NORMAL_USER/.ssh/cm_socket" ]; then
echo "WARNING: /home/$NORMAL_USER/.ssh/cm_socket directory does not exist. Creating..." 1>&2
run_as_user mkdir -p /home/$NORMAL_USER/.ssh/cm_socket
fi
run_as_user tee -a /home/$NORMAL_USER/.ssh/config <<EOF
host *
controlmaster auto
controlpath ~/.ssh/cm_socket/ssh-%r@%h:%p
serveraliveinterval 60
EOF
echo "Installing Python Exploit Development Assistance for GDB"
if [ ! -d "/home/$NORMAL_USER/bin" ]; then
echo "WARNING: /home/$NORMAL_USER/bin directory does not exist. Creating..." 1>&2
run_as_user mkdir -p /home/$NORMAL_USER/bin
fi
run_as_user git clone https://github.com/longld/peda.git /home/$NORMAL_USER/bin/peda
echo "source ~/bin/peda/peda.py" >> /home/$NORMAL_USER/.gdbinit
echo "Installing volatility3"
python3 -m pip install $DATA_DIRECTORY/wheels/volatility3-2.4.0-py3-none-any.whl
ln -s /usr/local/bin/vol /usr/local/bin/volatility3
echo "Installing volatility2"
run_as_user unzip -d /home/$NORMAL_USER/bin/ $DATA_DIRECTORY/volatility_2.6_lin64_standalone.zip
ln -s /home/$NORMAL_USER/bin/volatility_2.6_lin64_standalone/volatility_2.6_lin64_standalone /usr/local/bin/volatility2
echo "It is now recommended to restart your computer."