358 lines
13 KiB
Bash
358 lines
13 KiB
Bash
|
#!/bin/bash
|
|||
|
# -----------------------------------------------------------
|
|||
|
# a simple post-install script to be used on a fedora system
|
|||
|
# there's a lot to be done yet...
|
|||
|
# -----------------------------------------------------------
|
|||
|
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# verify sufficient privileges before running the rest
|
|||
|
# -----------------------------------------------------------
|
|||
|
if [[ "$(id -u)" -ne 0 ]]; then
|
|||
|
echo "[x] Run as root. Exiting."
|
|||
|
exit 1
|
|||
|
fi
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# stores current folder, expects it to be a non-privileged
|
|||
|
# user's home (as you sudo-up, say, from your home before
|
|||
|
# running this)
|
|||
|
# -----------------------------------------------------------
|
|||
|
tadyma=`pwd`
|
|||
|
utils_fol=$tadyma/utils
|
|||
|
# msfile location
|
|||
|
msfC_file=/usr/share/applications/metasploit-framework.desktop
|
|||
|
(xset r rate 217 87)
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# upgrade packages (clear cache also) before proceeding with
|
|||
|
# any installations; enable testing repos to savor fresh juice
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf config-manager --set-enabled updates
|
|||
|
dnf config-manager --set-enabled updates-testing
|
|||
|
dnf --setopt deltarpm=true upgrade --refresh
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# install kernel-devel before anything else
|
|||
|
dnf install -yy kernel-devel
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# enable rpmfusion-free repo
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf install -yy http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm
|
|||
|
dnf config-manager --set-enabled rpmfusion-free
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# zsh + oh-my-zsh + git + vim + rsync
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf install -yy zsh git vim rsync
|
|||
|
cd
|
|||
|
sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
|
|||
|
cd $tadyma
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# install the most important tools
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf install -yy htop whois screen feh scrot gpicview p7zip unar
|
|||
|
dnf install -yy gnome-terminal terminator oathtool
|
|||
|
dnf install -yy gmrun redshift gparted ethtool keepassxc
|
|||
|
dnf install -yy xarchiver xfce4-settings screenfetch neofetch galculator
|
|||
|
dnf install -yy lightdm light-locker gnome-disk-utility thunderbird firefox vlc
|
|||
|
dnf install -yy lightdm-gtk-greeter-settings notify-send libreoffice-core
|
|||
|
dnf install -yy lxtask lxappearance lxdm lxpolkit volumeicon i3lock tor privoxy
|
|||
|
# -----------------------------------------------------------
|
|||
|
# install class2-importance tools
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf install -yy oggconvert pinta pdfmod youtube-dl
|
|||
|
#putty audacity guitarix frama-c
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# thermal
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf install -yy tlp tlp-rdw
|
|||
|
# -----------------------------------------------------------
|
|||
|
# thinkpads only (additional batteries support, not needed here)
|
|||
|
# -----------------------------------------------------------
|
|||
|
#dnf install http://repo.linrunner.de/fedora/tlp/repos/releases/tlp-release.fc$(rpm -E %fedora).noarch.rpm
|
|||
|
# akmod-tp_smapi (TLP repo) – optional ThinkPad only, tp-smapi is needed for battery charge thresholds, recalibration and specific status output of tlp-stat
|
|||
|
# akmod-acpi_call (TLP repo) – optional ThinkPad only, acpi-call is needed for battery charge thresholds and recalibration on Sandy Bridge and newer models (X220/T420, X230/T430 et al.)
|
|||
|
# kernel-devel (Fedora repo) – optional, needed for the akmod packages above
|
|||
|
#dnf install akmod-tp_smapi akmod-acpi_call kernel-devel
|
|||
|
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# set up python environment - TO DO
|
|||
|
# -----------------------------------------------------------
|
|||
|
#dnf install python python3 \
|
|||
|
#ipython
|
|||
|
# python env
|
|||
|
|
|||
|
#virtualenv utils/venv
|
|||
|
#source utils/venv/bin/activate
|
|||
|
#virtualenv --clear
|
|||
|
#virtualenv --clear /utils/venv
|
|||
|
#rmvirtualenv utils/venv
|
|||
|
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# install openh264 for video support, see:
|
|||
|
# https://fedoraproject.org/wiki/OpenH264
|
|||
|
# https://ask.fedoraproject.org/en/question/95637/h264-videos-not-working-in-firefox/
|
|||
|
# https://ask.fedoraproject.org/en/question/120605/video-problems-on-firefox-on-fedora-28/
|
|||
|
# https://www.youtube.com/html5
|
|||
|
dnf install -yy gstreamer1-plugin-openh264 mozilla-openh264
|
|||
|
dnf install -yy ffmpeg-libs compat-ffmpeg28
|
|||
|
#dnf groupupdate -yy multimedia
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# install additional packages
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf install -yy flatpak
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# much fun
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf install -yy cmatrix
|
|||
|
#espeak fortune-mod banner dog
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# nw-sec
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf install -yy nmap aircrack-ng nethogs iptraf-ng wireshark nmap-ncat
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# create a directory for utils in user's home
|
|||
|
# -----------------------------------------------------------
|
|||
|
#mkdir $utils_fol
|
|||
|
#cd $utils_fol
|
|||
|
|
|||
|
# hashcat
|
|||
|
#git clone https://github.com/hashcat/hashcat.git
|
|||
|
|
|||
|
# John-the-Ripper
|
|||
|
#git clone https://github.com/magnumripper/JohnTheRipper.git -b bleeding-jumbo john
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# metasploit framework - [!] add metasploit-framework.desktop to /usr/share/applications
|
|||
|
# for metasploit to be accessible to all root users, install it in root's home
|
|||
|
# -----------------------------------------------------------
|
|||
|
##cd /root
|
|||
|
##curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall -y
|
|||
|
### next step expects metasploit .desktop file to be present in relative root dir
|
|||
|
##cp metasploit-framework.desktop $msfC_file && chmod 0644 $msfC_file
|
|||
|
##unset msfC_file
|
|||
|
|
|||
|
cd $utils_fol
|
|||
|
|
|||
|
# mitmproxy
|
|||
|
#pip3 install mitmproxy
|
|||
|
|
|||
|
# setoolkit
|
|||
|
#sudo dnf install git python-pexpect python-pefile python-crypto pyOpenSSL
|
|||
|
#git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
|
|||
|
|
|||
|
# sdtool
|
|||
|
#git clone https://github.com/BertoldVdb/sdtool.git
|
|||
|
|
|||
|
# int0x80
|
|||
|
# git clone https://github.com/int0x80/anti-forensics.git
|
|||
|
# git clone https://github.com/int0x80/windows.git
|
|||
|
# git clone https://github.com/int0x80/SweetSecurity.git
|
|||
|
# git clone https://github.com/int0x80/1337-Noms-The-Hacker-Cookbook.git
|
|||
|
# git clone https://github.com/int0x80/Packt-Publishing-Free-Learning.git
|
|||
|
# git clone https://github.com/int0x80/killallthehumans.git
|
|||
|
# git clone https://github.com/int0x80/githump.git
|
|||
|
# git clone https://github.com/int0x80/reversing.git
|
|||
|
# git clone https://github.com/int0x80/blog.git
|
|||
|
# git clone https://github.com/int0x80/iot-stuff.git
|
|||
|
# git clone https://github.com/int0x80/notes.git
|
|||
|
# git clone https://github.com/int0x80/dotfiles.git
|
|||
|
|
|||
|
|
|||
|
# vermaden's scripts
|
|||
|
# git clone https://github.com/vermaden/scripts.git $HOME/utils/vermaden-scripts
|
|||
|
|
|||
|
cd $tadyma
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# ibus - typing
|
|||
|
#imsettings-switch
|
|||
|
#ibus-setup ibus-daemon
|
|||
|
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# youtube-dl
|
|||
|
#youtube-dl -v --user-agent -- --prefer-free-formats <yt link>
|
|||
|
# convert it later with oggconvert
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# nmcli
|
|||
|
#nmcli device wifi rescan
|
|||
|
#nmcli device wifi list
|
|||
|
#nmcli con up free
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# [!] warning - possibly(?) GNOME-dependent
|
|||
|
# -----------------------------------------------------------
|
|||
|
#dnf install evince
|
|||
|
#gnome-sound-recorder
|
|||
|
dnf install -yy gnome-calculator
|
|||
|
# tiling terminal - not really necessary
|
|||
|
# tilix \
|
|||
|
# disk image burner, got enough of these
|
|||
|
# brasero \ - vital
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf install -yy xed nemo nemo-desktop
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# flatpak
|
|||
|
# add flathub repo; profit
|
|||
|
#flatpak --user remote-add flathub https://flathub.org/repo/flathub.flatpakrepo
|
|||
|
# install sweet stuff...
|
|||
|
#flatpak install --user https://www.flathub.org/repo/appstream/org.signal.Signal.flatpakref
|
|||
|
#flatpak install --user https://flathub.org/repo/appstream/com.discordapp.Discord.flatpakref
|
|||
|
|
|||
|
# HW video decode support for Intel integrated graphics in fedora
|
|||
|
# rpm-fusion needs to be installed beforehand
|
|||
|
dnf install -yy libva-intel-driver
|
|||
|
|
|||
|
# ---------------------------------
|
|||
|
# graphics
|
|||
|
# lspci -k | grep -A 2 -E "(VGA|3D)"
|
|||
|
# inxi -b
|
|||
|
|
|||
|
# so that flashtool would work, add user (fedora) to group dialout
|
|||
|
#adduser fedora dialout
|
|||
|
gpasswd -a fedora dialout
|
|||
|
|
|||
|
# no-more-secrets
|
|||
|
#cd $utils_fol
|
|||
|
#git clone https://github.com/bartobri/no-more-secrets.git
|
|||
|
#cd ./no-more-secrets
|
|||
|
#make nms
|
|||
|
#make sneakers
|
|||
|
#sudo make install
|
|||
|
#systemctl list-units --type=target | nms
|
|||
|
|
|||
|
|
|||
|
# ----------------------
|
|||
|
# at
|
|||
|
#at = "systemctl suspend" -t 13:37 Thu
|
|||
|
|
|||
|
# ----------------------
|
|||
|
# shred
|
|||
|
#shred -n 2 -zuv $( find . -xdev -type f -exec ls {} \; | tail -100)
|
|||
|
|
|||
|
# ----------------------
|
|||
|
# netstat
|
|||
|
#netstat -anp|more
|
|||
|
|
|||
|
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# misc - mostly not in fedora repos
|
|||
|
# -----------------------------------------------------------
|
|||
|
# https://atom.io
|
|||
|
#atom
|
|||
|
rpm --import https://packagecloud.io/AtomEditor/atom/gpgkey
|
|||
|
sh -c 'echo -e "[Atom]\nname=Atom Editor\nbaseurl=https://packagecloud.io/AtomEditor/atom/el/7/\$basearch\nenabled=1\ngpgcheck=0\nrepo_gpgcheck=1\ngpgkey=https://packagecloud.io/AtomEditor/atom/gpgkey" > /etc/yum.repos.d/atom.repo'
|
|||
|
dnf install -yy atom
|
|||
|
#dnf install atom-beta
|
|||
|
|
|||
|
|
|||
|
# ----------- D O C K E R ------------------
|
|||
|
# to be configured...
|
|||
|
|
|||
|
|
|||
|
# adding repo necessary, see https://www.virualbox.org
|
|||
|
#virtualbox
|
|||
|
# see https://www.torproject.org
|
|||
|
#tor-browser
|
|||
|
# see https://www.mega.nz
|
|||
|
#mega-sync
|
|||
|
# adding repo necessary, see https://www.vivaldi.com
|
|||
|
#vivaldi-stable
|
|||
|
#https://help.vivaldi.com/article/html5-proprietary-media-on-linux/
|
|||
|
|
|||
|
# to be configured also^...
|
|||
|
|
|||
|
# pulls a ton of KDE deps
|
|||
|
#kdeconnect-indicator kdeconnectd
|
|||
|
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# openbox
|
|||
|
# -----------------------------------------------------------
|
|||
|
# ./config/openbox/helper.sh
|
|||
|
#
|
|||
|
# https://github.com/vermaden/scripts.git
|
|||
|
|
|||
|
# we might need these for (maybe not) window pausing
|
|||
|
# dnf install -yy xprop xdotool zenity xbindkeys
|
|||
|
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# change plymouth theme
|
|||
|
# -----------------------------------------------------------
|
|||
|
plymouth-set-default-theme -R details # sets it to "details" and rebuilds initrd
|
|||
|
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# zswap
|
|||
|
# -----------------------------------------------------------
|
|||
|
# add "zswap/enabled=1" at the and of the line "GRUB_CMDLINE_LINUX.."
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# configure zram
|
|||
|
# -----------------------------------------------------------
|
|||
|
dnf install -yy zram
|
|||
|
modprobe zram
|
|||
|
# getconf _NPROCESSORS_ONLN # number of compressing threads == no. cpu cores
|
|||
|
# cat /sys/block/zram0/max_comp_streams
|
|||
|
# grep MemTotal /proc/meminfo | grep -E --only-matching '[[:digit:]]+' # mem KiB
|
|||
|
# cat /sys/block/zram0/disksize
|
|||
|
systemctl start zram.service
|
|||
|
# echo "2010222K" > /sys/block/zram0/disksize # create a 2GiB zswap device
|
|||
|
# mkswap /dev/zram0 # format as swap
|
|||
|
# swapon -p 100 /dev/zram0 # turn zram swap on
|
|||
|
# systemctl enable zram-swap.service
|
|||
|
# systemctl start zram-swap.service
|
|||
|
|
|||
|
|
|||
|
# decrease swappiness - use more ram - temporary solution
|
|||
|
#sudo sysctl vm.swappiness = 20
|
|||
|
# current swappiness level
|
|||
|
#cat /proc/sys/vm/swappiness
|
|||
|
# permanent solution
|
|||
|
echo "vm.swappiness = 20" >> /etc/sysctl.conf
|
|||
|
|
|||
|
|
|||
|
systemctl disable ModemManager.service
|
|||
|
systemctl disable plymouth-quit-wait.service
|
|||
|
systemctl disable plymouth-start.service
|
|||
|
#systemctl disable livesys-late.service
|
|||
|
systemctl disable plymouth-read-write.service
|
|||
|
|
|||
|
|
|||
|
# -----------------------------------------------------------
|
|||
|
# headless
|
|||
|
# -----------------------------------------------------------
|
|||
|
# to be configured...
|
|||
|
|
|||
|
# kickstart
|
|||
|
# https://docs.fedoraproject.org/en-US/fedora/f29/install-guide/advanced/Kickstart_Installations/#chap-kickstart-installations
|
|||
|
|
|||
|
# vnc
|
|||
|
# https://docs.fedoraproject.org/en-US/fedora/f29/install-guide/advanced/VNC_Installations/#chap-vnc-installations
|
|||
|
|
|||
|
|
|||
|
# -------------------------------------------------------------
|
|||
|
# "file" hashes generation based on a wordlist of supposed pwds
|
|||
|
# dunno why I'm doing this
|
|||
|
#while read line \
|
|||
|
#do\
|
|||
|
# echo -e " `mkpasswd --method=\$\6\$ ` < $line " >> filehashes ; \
|
|||
|
#done < file
|
|||
|
|