mirror of
https://github.com/kforney/pentest-distro-builder.git
synced 2025-01-12 18:28:21 -07:00
230 lines
8.5 KiB
Bash
230 lines
8.5 KiB
Bash
|
#!/bin/bash
|
||
|
set -e
|
||
|
|
||
|
SOURCEDIR=$(dirname $0)
|
||
|
ROOTDIR="$1"
|
||
|
|
||
|
# Do not start services during installation.
|
||
|
echo "I: disabling services during setup"
|
||
|
echo exit 101 > $ROOTDIR/usr/sbin/policy-rc.d
|
||
|
chmod +x $ROOTDIR/usr/sbin/policy-rc.d
|
||
|
|
||
|
# enable for apt-cacher-ng
|
||
|
echo "I: enabling apt cacher"
|
||
|
echo "Acquire::http { Proxy \"http://localhost:3142\"; };" > $ROOTDIR/etc/apt/apt.conf.d/50apt-cacher-ng
|
||
|
|
||
|
#configure temporary networking
|
||
|
echo "I: configuring temporary networking"
|
||
|
rm $ROOTDIR/etc/resolv.conf
|
||
|
echo -e "# ParrotDNS/OpenNIC
|
||
|
nameserver 1.1.1.1
|
||
|
nameserver 139.99.96.146
|
||
|
nameserver 37.59.40.15
|
||
|
nameserver 185.121.177.177
|
||
|
|
||
|
# Round Robin
|
||
|
options rotate" > $ROOTDIR/etc/resolv.conf
|
||
|
|
||
|
# Configure apt.
|
||
|
echo "I: configuring apt"
|
||
|
export DEBIAN_FRONTEND=noninteractive
|
||
|
cat $SOURCEDIR/parrotsec.gpg | chroot $ROOTDIR apt-key add -
|
||
|
echo > $ROOTDIR/etc/apt/sources.list
|
||
|
mkdir -p $ROOTDIR/etc/apt/sources.list.d/
|
||
|
mkdir -p $ROOTDIR/etc/apt/apt.conf.d/
|
||
|
echo "deb http://deb.parrotsec.org/parrot stable main contrib non-free" > $ROOTDIR/etc/apt/sources.list.d/parrot.list
|
||
|
chroot $ROOTDIR apt update
|
||
|
chroot $ROOTDIR apt -y install parrot-core
|
||
|
|
||
|
echo "I: copying custom apt configs"
|
||
|
cp $SOURCEDIR/etc/apt/sources.list $ROOTDIR/etc/apt/sources.list
|
||
|
cp $SOURCEDIR/etc/apt/apt.conf.d/50raspi $ROOTDIR/etc/apt/apt.conf.d/50raspi
|
||
|
chroot $ROOTDIR apt update
|
||
|
|
||
|
# Regenerate SSH host keys on first boot.
|
||
|
echo "I: regenerating ssh keys"
|
||
|
chroot $ROOTDIR apt-get install -y openssh-server rng-tools
|
||
|
rm -f $ROOTDIR/etc/ssh/ssh_host_*
|
||
|
mkdir -p $ROOTDIR/etc/systemd/system
|
||
|
cp $SOURCEDIR/etc/systemd/system/regen-ssh-keys.service $ROOTDIR/etc/systemd/system/regen-ssh-keys.service
|
||
|
chroot $ROOTDIR systemctl enable regen-ssh-keys ssh
|
||
|
|
||
|
# Configure.
|
||
|
echo "I: configuring boot and network setups"
|
||
|
cp $SOURCEDIR/boot/cmdline.txt $ROOTDIR/boot/cmdline.txt
|
||
|
cp $SOURCEDIR/boot/config.txt $ROOTDIR/boot/config.txt
|
||
|
cp -r $SOURCEDIR/etc/default $ROOTDIR/etc/default
|
||
|
cp $SOURCEDIR/etc/fstab $ROOTDIR/etc/fstab
|
||
|
cp $SOURCEDIR/etc/modules $ROOTDIR/etc/modules
|
||
|
cp $SOURCEDIR/etc/network/interfaces $ROOTDIR/etc/network/interfaces
|
||
|
|
||
|
FILE="$SOURCEDIR/config/authorized_keys"
|
||
|
if [ -f $FILE ]; then
|
||
|
echo "I: Adding authorized_keys."
|
||
|
mkdir -p $ROOTDIR/root/.ssh/
|
||
|
cp $FILE $ROOTDIR/root/.ssh/
|
||
|
else
|
||
|
echo "I: No authorized_keys, allowing root login with password on SSH."
|
||
|
sed -i "s/.*PermitRootLogin.*/PermitRootLogin yes/" $ROOTDIR/etc/ssh/sshd_config
|
||
|
fi
|
||
|
|
||
|
# Install kernel.
|
||
|
echo "I: installing kernel"
|
||
|
mkdir -p $ROOTDIR/lib/modules
|
||
|
chroot $ROOTDIR apt install -y ca-certificates curl binutils git-core kmod
|
||
|
wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update -O $ROOTDIR/usr/local/sbin/rpi-update
|
||
|
chmod a+x $ROOTDIR/usr/local/sbin/rpi-update
|
||
|
SKIP_WARNING=1 SKIP_BACKUP=1 ROOT_PATH=$ROOTDIR BOOT_PATH=$ROOTDIR/boot $ROOTDIR/usr/local/sbin/rpi-update
|
||
|
|
||
|
# Install extra packages.
|
||
|
echo "I: installing extra packages"
|
||
|
chroot $ROOTDIR apt install -y apt-utils nano whiptail netbase less iputils-ping net-tools isc-dhcp-client parrot-core anacron fake-hwclock ntp fail2ban needrestart sudo
|
||
|
chroot $ROOTDIR apt install -y parrot-interface parrot-mate firefox-esr
|
||
|
chroot $ROOTDIR apt install -y parrot-pico geany bleachbit
|
||
|
|
||
|
# Clean some shit.
|
||
|
echo "I: cleaning unwanted packages"
|
||
|
chroot $ROOTDIR apt -y purge firejail samba qt4-designer qttools5-dev-tools texlive-latex-extra-doc texlive-pstricks-doc texlive-pictures-doc texlive-latex-recommended-doc texlive-latex-base-doc texlive-fonts-recommended-doc texlive-pstricks-doc python-mpltoolkits.basemap-data leafpad xpra ferret minicom xpdf gvim imagemagick imagemagick-* openjdk-10-* android-sdk libandroid* leafpad xpra ferret minicom xpdf gvim imagemagick imagemagick-* vega firefox
|
||
|
|
||
|
echo "Manually enabling pulseaudio"
|
||
|
systemctl --user enable pulseaudio.service || true
|
||
|
|
||
|
echo "Doing some magic on networking stuff"
|
||
|
systemctl enable NetworkManager || true
|
||
|
systemctl enable resolvconf || true
|
||
|
#rm /etc/resolv.conf || true
|
||
|
#ln -s etc/resolvconf/run/resolv.conf etc/resolv.conf || true
|
||
|
mkdir -p /etc/systemd/network /etc/udev/rules.d
|
||
|
ln -sf /dev/null "/etc/systemd/network/90-mac-for-usb.link"
|
||
|
ln -sf /dev/null "/etc/systemd/network/99-default.link"
|
||
|
echo > "/etc/udev/rules.d/73-special-net-names.rules"
|
||
|
|
||
|
echo "Manually disabling inetd"
|
||
|
systemctl disable inetd || true
|
||
|
|
||
|
echo "Manually disabling mariadb"
|
||
|
systemctl disable mariadb || true
|
||
|
|
||
|
echo "Manually disabling postgresql"
|
||
|
systemctl disable postgresql || true
|
||
|
|
||
|
echo "Manualy disabling redis-server"
|
||
|
systemctl disable redis-server || true
|
||
|
|
||
|
echo "Manually disabling nginx"
|
||
|
systemctl disable nginx || true
|
||
|
|
||
|
echo "Manually disaling phpsessionclean"
|
||
|
sudo systemctl disable phpsessionclean.timer || true
|
||
|
|
||
|
echo "Manually disabling apt-daily systemd timers"
|
||
|
sudo systemctl disable apt-daily-upgrade.timer || true
|
||
|
sudo systemctl disable apt-daily.time || true
|
||
|
|
||
|
echo "Manually disabling couchdb"
|
||
|
systemctl disable couchdb || true
|
||
|
|
||
|
echo "Manually disabling miredo"
|
||
|
systemctl disable miredo || true
|
||
|
|
||
|
echo "Manualy disabling redis-server"
|
||
|
systemctl disable redis-server || true
|
||
|
|
||
|
echo "Manually disabling samba"
|
||
|
systemctl disable smbd samba || true
|
||
|
|
||
|
echo "Manually disabling snmpd"
|
||
|
systemctl disable snmpd || true
|
||
|
|
||
|
echo "Manually disabling nmbd"
|
||
|
systemctl disable nmbd || true
|
||
|
|
||
|
echo "Manually disabling snapd"
|
||
|
systemctl disable snapd || true
|
||
|
|
||
|
echo "Manually disabling openvas services"
|
||
|
systemctl disable openvas-scanner.service || true
|
||
|
systemctl disable openvas-manager.service || true
|
||
|
systemctl disable greenbone-security-assistant || true
|
||
|
|
||
|
echo "Manually disabling redsocks"
|
||
|
systemctl disable redsocks || true
|
||
|
|
||
|
echo "Manually disabling dradis"
|
||
|
systemctl disable dradis || true
|
||
|
|
||
|
echo "Manually disabling packagekit"
|
||
|
systemctl disable packagekit || true
|
||
|
|
||
|
echo "Manually disabling avahi-daemon"
|
||
|
systemctl disable avahi-daemon.socket || true
|
||
|
systemctl disable avahi-daemon.service || true
|
||
|
|
||
|
echo "Manually disabling colord-sane"
|
||
|
systemctl disable colord-sane.service || true
|
||
|
|
||
|
echo "Purging the shit out of systemd"
|
||
|
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/redis-server.service || true
|
||
|
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/smbd.service || true
|
||
|
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/nmbd.service || true
|
||
|
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/snmp.service || true
|
||
|
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/openvas-scanner.service || true
|
||
|
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/openvas-manager.service || true
|
||
|
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/redsocks.service || true
|
||
|
|
||
|
#create user
|
||
|
#chroot $ROOTDIR bash useradd -m -p $(mkpasswd -m sha-512 parrot) -s /bin/bash parrot
|
||
|
|
||
|
echo "I: creating parrot user"
|
||
|
echo 'adduser --disabled-password --gecos "" parrot' > $ROOTDIR/create-user.sh
|
||
|
echo 'echo "parrot:toor" | chpasswd' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot audio' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot cdrom' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot dip' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot video' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot plugdev' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot netdev' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot powerdev' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot scanner' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot bluetooth' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot sudo' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot fuse' >> $ROOTDIR/create-user.sh
|
||
|
echo 'adduser parrot dialout' >> $ROOTDIR/create-user.sh
|
||
|
chmod +x $ROOTDIR/create-user.sh
|
||
|
chroot $ROOTDIR /create-user.sh
|
||
|
rm $ROOTDIR/create-user.sh
|
||
|
|
||
|
|
||
|
|
||
|
#configure networking
|
||
|
echo "I: configuring networking"
|
||
|
chroot $ROOTDIR apt-get update
|
||
|
chroot $ROOTDIR apt-get -y install resolvconf
|
||
|
chroot $ROOTDIR systemctl enable resolvconf
|
||
|
chroot $ROOTDIR systemctl start resolvconf
|
||
|
chroot $ROOTDIR rm /etc/resolv.conf
|
||
|
echo -e "
|
||
|
# ParrotDNS/OpenNIC
|
||
|
nameserver 139.99.96.146
|
||
|
nameserver 37.59.40.15
|
||
|
nameserver 185.121.177.177
|
||
|
|
||
|
# Round Robin
|
||
|
options rotate" > $ROOTDIR/etc/resolvconf/resolv.conf.d/tail
|
||
|
ln -s /etc/resolvconf/run/resolv.conf $ROOTDIR/etc/resolv.conf
|
||
|
|
||
|
# Create a swapfile.
|
||
|
#echo "I: creating swapfile"
|
||
|
#dd if=/dev/zero of=$ROOTDIR/var/swapfile bs=1M count=128
|
||
|
#chroot $ROOTDIR mkswap /var/swapfile
|
||
|
#echo /var/swapfile none swap sw 0 0 >> $ROOTDIR/etc/fstab
|
||
|
|
||
|
# Done.
|
||
|
echo "I: ultimating build"
|
||
|
rm $ROOTDIR/usr/sbin/policy-rc.d
|
||
|
echo "cleaning the system with bleachbit"
|
||
|
chroot $ROOTDIR bleachbit -c system.localizations apt.autoclean apt.autoremove apt.package_lists deepscan.backup deepscan.ds_store deepscan.thumbs_db deepscan.tmp system.cache system.rotated_logs thumbnails.cache &> /dev/null && echo "done"
|
||
|
rm $ROOTDIR/etc/apt/apt.conf.d/50apt-cacher-ng
|
||
|
rm $ROOTDIR/root/.bash_history
|
||
|
|