pentest-distro-builder/modules/parrot-build/raspberry/customize.sh

230 lines
8.5 KiB
Bash
Raw Normal View History

#!/bin/bash
set -e
SOURCEDIR=$(dirname $0)
ROOTDIR="$1"
# Do not start services during installation.
echo "I: disabling services during setup"
echo exit 101 > $ROOTDIR/usr/sbin/policy-rc.d
chmod +x $ROOTDIR/usr/sbin/policy-rc.d
# enable for apt-cacher-ng
echo "I: enabling apt cacher"
echo "Acquire::http { Proxy \"http://localhost:3142\"; };" > $ROOTDIR/etc/apt/apt.conf.d/50apt-cacher-ng
#configure temporary networking
echo "I: configuring temporary networking"
rm $ROOTDIR/etc/resolv.conf
echo -e "# ParrotDNS/OpenNIC
nameserver 1.1.1.1
nameserver 139.99.96.146
nameserver 37.59.40.15
nameserver 185.121.177.177
# Round Robin
options rotate" > $ROOTDIR/etc/resolv.conf
# Configure apt.
echo "I: configuring apt"
export DEBIAN_FRONTEND=noninteractive
cat $SOURCEDIR/parrotsec.gpg | chroot $ROOTDIR apt-key add -
echo > $ROOTDIR/etc/apt/sources.list
mkdir -p $ROOTDIR/etc/apt/sources.list.d/
mkdir -p $ROOTDIR/etc/apt/apt.conf.d/
echo "deb http://deb.parrotsec.org/parrot stable main contrib non-free" > $ROOTDIR/etc/apt/sources.list.d/parrot.list
chroot $ROOTDIR apt update
chroot $ROOTDIR apt -y install parrot-core
echo "I: copying custom apt configs"
cp $SOURCEDIR/etc/apt/sources.list $ROOTDIR/etc/apt/sources.list
cp $SOURCEDIR/etc/apt/apt.conf.d/50raspi $ROOTDIR/etc/apt/apt.conf.d/50raspi
chroot $ROOTDIR apt update
# Regenerate SSH host keys on first boot.
echo "I: regenerating ssh keys"
chroot $ROOTDIR apt-get install -y openssh-server rng-tools
rm -f $ROOTDIR/etc/ssh/ssh_host_*
mkdir -p $ROOTDIR/etc/systemd/system
cp $SOURCEDIR/etc/systemd/system/regen-ssh-keys.service $ROOTDIR/etc/systemd/system/regen-ssh-keys.service
chroot $ROOTDIR systemctl enable regen-ssh-keys ssh
# Configure.
echo "I: configuring boot and network setups"
cp $SOURCEDIR/boot/cmdline.txt $ROOTDIR/boot/cmdline.txt
cp $SOURCEDIR/boot/config.txt $ROOTDIR/boot/config.txt
cp -r $SOURCEDIR/etc/default $ROOTDIR/etc/default
cp $SOURCEDIR/etc/fstab $ROOTDIR/etc/fstab
cp $SOURCEDIR/etc/modules $ROOTDIR/etc/modules
cp $SOURCEDIR/etc/network/interfaces $ROOTDIR/etc/network/interfaces
FILE="$SOURCEDIR/config/authorized_keys"
if [ -f $FILE ]; then
echo "I: Adding authorized_keys."
mkdir -p $ROOTDIR/root/.ssh/
cp $FILE $ROOTDIR/root/.ssh/
else
echo "I: No authorized_keys, allowing root login with password on SSH."
sed -i "s/.*PermitRootLogin.*/PermitRootLogin yes/" $ROOTDIR/etc/ssh/sshd_config
fi
# Install kernel.
echo "I: installing kernel"
mkdir -p $ROOTDIR/lib/modules
chroot $ROOTDIR apt install -y ca-certificates curl binutils git-core kmod
wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update -O $ROOTDIR/usr/local/sbin/rpi-update
chmod a+x $ROOTDIR/usr/local/sbin/rpi-update
SKIP_WARNING=1 SKIP_BACKUP=1 ROOT_PATH=$ROOTDIR BOOT_PATH=$ROOTDIR/boot $ROOTDIR/usr/local/sbin/rpi-update
# Install extra packages.
echo "I: installing extra packages"
chroot $ROOTDIR apt install -y apt-utils nano whiptail netbase less iputils-ping net-tools isc-dhcp-client parrot-core anacron fake-hwclock ntp fail2ban needrestart sudo
chroot $ROOTDIR apt install -y parrot-interface parrot-mate firefox-esr
chroot $ROOTDIR apt install -y parrot-pico geany bleachbit
# Clean some shit.
echo "I: cleaning unwanted packages"
chroot $ROOTDIR apt -y purge firejail samba qt4-designer qttools5-dev-tools texlive-latex-extra-doc texlive-pstricks-doc texlive-pictures-doc texlive-latex-recommended-doc texlive-latex-base-doc texlive-fonts-recommended-doc texlive-pstricks-doc python-mpltoolkits.basemap-data leafpad xpra ferret minicom xpdf gvim imagemagick imagemagick-* openjdk-10-* android-sdk libandroid* leafpad xpra ferret minicom xpdf gvim imagemagick imagemagick-* vega firefox
echo "Manually enabling pulseaudio"
systemctl --user enable pulseaudio.service || true
echo "Doing some magic on networking stuff"
systemctl enable NetworkManager || true
systemctl enable resolvconf || true
#rm /etc/resolv.conf || true
#ln -s etc/resolvconf/run/resolv.conf etc/resolv.conf || true
mkdir -p /etc/systemd/network /etc/udev/rules.d
ln -sf /dev/null "/etc/systemd/network/90-mac-for-usb.link"
ln -sf /dev/null "/etc/systemd/network/99-default.link"
echo > "/etc/udev/rules.d/73-special-net-names.rules"
echo "Manually disabling inetd"
systemctl disable inetd || true
echo "Manually disabling mariadb"
systemctl disable mariadb || true
echo "Manually disabling postgresql"
systemctl disable postgresql || true
echo "Manualy disabling redis-server"
systemctl disable redis-server || true
echo "Manually disabling nginx"
systemctl disable nginx || true
echo "Manually disaling phpsessionclean"
sudo systemctl disable phpsessionclean.timer || true
echo "Manually disabling apt-daily systemd timers"
sudo systemctl disable apt-daily-upgrade.timer || true
sudo systemctl disable apt-daily.time || true
echo "Manually disabling couchdb"
systemctl disable couchdb || true
echo "Manually disabling miredo"
systemctl disable miredo || true
echo "Manualy disabling redis-server"
systemctl disable redis-server || true
echo "Manually disabling samba"
systemctl disable smbd samba || true
echo "Manually disabling snmpd"
systemctl disable snmpd || true
echo "Manually disabling nmbd"
systemctl disable nmbd || true
echo "Manually disabling snapd"
systemctl disable snapd || true
echo "Manually disabling openvas services"
systemctl disable openvas-scanner.service || true
systemctl disable openvas-manager.service || true
systemctl disable greenbone-security-assistant || true
echo "Manually disabling redsocks"
systemctl disable redsocks || true
echo "Manually disabling dradis"
systemctl disable dradis || true
echo "Manually disabling packagekit"
systemctl disable packagekit || true
echo "Manually disabling avahi-daemon"
systemctl disable avahi-daemon.socket || true
systemctl disable avahi-daemon.service || true
echo "Manually disabling colord-sane"
systemctl disable colord-sane.service || true
echo "Purging the shit out of systemd"
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/redis-server.service || true
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/smbd.service || true
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/nmbd.service || true
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/snmp.service || true
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/openvas-scanner.service || true
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/openvas-manager.service || true
sed -i "s/WantedBy=multi-user.target//g" /lib/systemd/system/redsocks.service || true
#create user
#chroot $ROOTDIR bash useradd -m -p $(mkpasswd -m sha-512 parrot) -s /bin/bash parrot
echo "I: creating parrot user"
echo 'adduser --disabled-password --gecos "" parrot' > $ROOTDIR/create-user.sh
echo 'echo "parrot:toor" | chpasswd' >> $ROOTDIR/create-user.sh
echo 'adduser parrot audio' >> $ROOTDIR/create-user.sh
echo 'adduser parrot cdrom' >> $ROOTDIR/create-user.sh
echo 'adduser parrot dip' >> $ROOTDIR/create-user.sh
echo 'adduser parrot video' >> $ROOTDIR/create-user.sh
echo 'adduser parrot plugdev' >> $ROOTDIR/create-user.sh
echo 'adduser parrot netdev' >> $ROOTDIR/create-user.sh
echo 'adduser parrot powerdev' >> $ROOTDIR/create-user.sh
echo 'adduser parrot scanner' >> $ROOTDIR/create-user.sh
echo 'adduser parrot bluetooth' >> $ROOTDIR/create-user.sh
echo 'adduser parrot sudo' >> $ROOTDIR/create-user.sh
echo 'adduser parrot fuse' >> $ROOTDIR/create-user.sh
echo 'adduser parrot dialout' >> $ROOTDIR/create-user.sh
chmod +x $ROOTDIR/create-user.sh
chroot $ROOTDIR /create-user.sh
rm $ROOTDIR/create-user.sh
#configure networking
echo "I: configuring networking"
chroot $ROOTDIR apt-get update
chroot $ROOTDIR apt-get -y install resolvconf
chroot $ROOTDIR systemctl enable resolvconf
chroot $ROOTDIR systemctl start resolvconf
chroot $ROOTDIR rm /etc/resolv.conf
echo -e "
# ParrotDNS/OpenNIC
nameserver 139.99.96.146
nameserver 37.59.40.15
nameserver 185.121.177.177
# Round Robin
options rotate" > $ROOTDIR/etc/resolvconf/resolv.conf.d/tail
ln -s /etc/resolvconf/run/resolv.conf $ROOTDIR/etc/resolv.conf
# Create a swapfile.
#echo "I: creating swapfile"
#dd if=/dev/zero of=$ROOTDIR/var/swapfile bs=1M count=128
#chroot $ROOTDIR mkswap /var/swapfile
#echo /var/swapfile none swap sw 0 0 >> $ROOTDIR/etc/fstab
# Done.
echo "I: ultimating build"
rm $ROOTDIR/usr/sbin/policy-rc.d
echo "cleaning the system with bleachbit"
chroot $ROOTDIR bleachbit -c system.localizations apt.autoclean apt.autoremove apt.package_lists deepscan.backup deepscan.ds_store deepscan.thumbs_db deepscan.tmp system.cache system.rotated_logs thumbnails.cache &> /dev/null && echo "done"
rm $ROOTDIR/etc/apt/apt.conf.d/50apt-cacher-ng
rm $ROOTDIR/root/.bash_history