Jan/setup-scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
25eb56ba71412e3191118a4107105426f4aebb92
setup-scripts/ubuntu.sh
simeononsecurity 25eb56ba71 Update ubuntu.sh
2021-02-20 05:21:16 +00:00

362 lines
11 KiB
Bash
Raw Blame History

#!/bin/bash
# Define colors...
RED=`tput bold && tput setaf 1`
GREEN=`tput bold && tput setaf 2`
YELLOW=`tput bold && tput setaf 3`
BLUE=`tput bold && tput setaf 4`
NC=`tput sgr0`
function RED(){
echo -e "\n${RED}${1}${NC}"
}
function GREEN(){
echo -e "\n${GREEN}${1}${NC}"
}
function YELLOW(){
echo -e "\n${YELLOW}${1}${NC}"
}
function BLUE(){
echo -e "\n${BLUE}${1}${NC}"
}
# Testing if root...
if [ $UID -ne 0 ]
then
RED "You must run this script as root!" && echo
exit
fi
BLUE "Implementing DotFiles..."
cd; curl -#L https://github.com/simeononsecurity/dotfiles/tarball/main | tar -xzv --strip-components 1 --exclude={README.md,bootstrap.sh,.osx,LICENSE-MIT.txt}
BLUE "Adding REPOS..."
#Install pre-requisite packages.
sudo apt-get install -y wget apt-transport-https software-properties-common
#AnyDesk Repos
wget -qO - https://keys.anydesk.com/repos/DEB-GPG-KEY | apt-key add -
echo "deb http://deb.anydesk.com/ all main" > /etc/apt/sources.list.d/anydesk-stable.list
#TeamViewer Repos
#https://vitux.com/how-to-install-teamviewer-on-ubuntu/
wget https://download.teamviewer.com/download/linux/signature/TeamViewer2017.asc
sudo apt-key add TeamViewer2017.asc
sudo sh -c 'echo "deb http://linux.teamviewer.com/deb stable main" >> /etc/apt/sources.list.d/teamviewer.list'
#Wine Repos
sudo apt-add-repository 'deb https://dl.winehq.org/wine-builds/ubuntu/ bionic main'
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv F987672F
# Enable Ubuntu Repos
sudo add-apt-repository universe
sudo add-apt-repository multiverse
sudo add-apt-repository restricted
BLUE "Update and Upgrade"
sudo apt-get update
sudo apt-get install -y full-upgrade
BLUE "Installing vmtools..."
sudo apt-get install -y open-vm-tools
BLUE "Installing curl..."
sudo apt-get install -y curl
BLUE "Installing PowerShell..."
#https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-7.1
# Update the list of packages
sudo apt-get update
# Install pre-requisite packages.
sudo apt-get install -y wget apt-transport-https software-properties-common
# Download the Microsoft repository GPG keys
wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
# Register the Microsoft repository GPG keys
sudo dpkg -i packages-microsoft-prod.deb
# Update the list of products
sudo apt-get update
# Install PowerShell
sudo apt-get install -y powershell
BLUE "Configure Firewall"
#https://github.com/ChrisTitusTech/firewallsetup
sudo apt-get install -y ufw gufw iptables-persistent
# Drop ICMP echo-request messages sent to broadcast or multicast addresses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Drop source routed packets
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
# Enable TCP SYN cookie protection from SYN floods
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# Don't accept ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
# Don't send ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
# Enable source address spoofing protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
# Log packets with impossible source addresses
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
# Flush all chains
/sbin/iptables --flush
# Allow unlimited traffic on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Set default policies
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT DROP
/sbin/iptables --policy FORWARD DROP
# Previously initiated and accepted exchanges bypass rule checking
# Allow unlimited outbound traffic
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#Ratelimit SSH for attack protection
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
# Other rules for future use if needed. Uncomment to activate
# /sbin/iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT # http
# /sbin/iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT # https
# UDP packet rule. This is just a random udp packet rule as an example only
# /sbin/iptables -A INPUT -p udp --dport 5021 -m state --state NEW -j ACCEPT
# Allow pinging of your server
/sbin/iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Drop all other traffic
/sbin/iptables -A INPUT -j DROP
# print the activated rules to the console when script is completed
/sbin/iptables -nL
sudo /etc/init.d/netfilter-persistent save
sudo ufw allow 22
sudo ufw allow 3389
sudo ufw enable
BLUE "Clone konstruktoid/hardening ..."
BLUE "Must modify ubuntu.cfg in ./hardening ..."
git clone https://github.com/konstruktoid/hardening.git
BLUE "Installing Ubuntu Restricted Extras..."
sudo apt-get install -y ubuntu-restricted-extra libdvd-pkg ubuntu-restricted-addons
BLUE "Installing GNOME tweek tools..."
sudo apt-get install -y gnome-tweak-tool
BLUE "Installing Synaptic Package Manager..."
sudo apt-get install -y install synaptic
BLUE "Installing net-tools..."
sudo apt install -y net-tools
BLUE "Installing Flatpak..."
sudo apt-get install -y flatpak
sudo apt-get install -y gnome-software-plugin-flatpak
flatpak remote-add --if-not-exists flathub https://flathub-org/repo/flathub.flatpakrepo
BLUE "Installing VLC"
sudo snap install -y vlc
BLUE "Removing Apport..."
sudo apt remove -y apport apport-gtk
BLUE "Removing Web Launchers"
sudo apt-get purge -y ubuntu-web-launchers
BLUE "Instaling AnyDesk..."
#http://deb.anydesk.com/howto.html
sudo apt-get install -y anydesk
BLUE "Installing TeamViewer..."
sudo apt-get install -y teamviewer
BLUE "Installing VMWare Workstation"
#https://gist.github.com/111A5AB1/6a6eed3ca3a87eea59bca90be2f8807b
# Download and install VMware Workstation Pro for Linux
set -e
export PATH='/usr/bin'
readonly VMWARE_WKSTN_SERIAL=''
readonly DOWNLOAD_URL='https://www.vmware.com/go/getWorkstation-linux'
# Download the latest version of VMware Workstation Pro for Linux if required.
if [ ! -f vmware.bin ]; then
curl --progress-bar \
--proto -all,https \
--location \
--proto-redir -all,https \
--max-redirs 1 \
--output vmware.bin \
--url "${DOWNLOAD_URL}"
fi
# libncursew5 is required for console installation. Install the package if not
# already present on the system.
if ! dpkg-query -W -f='${Status}' libncurses5-dev \
| grep "ok installed"; then
sudo apt install libncurses5-dev libncursesw5-dev --quiet --yes --no-install-recommends
fi
# Install VMware Workstation Pro
sudo sh ./vmware.bin \
--console \
--eulas-agreed \
--set-setting vmware-workstation serialNumber "${VMWARE_WKSTN_SERIAL}" \
--required
# Disable CEIP
sudo sed -i 's/dataCollectionEnabled = "yes"/dataCollectionEnabled = "no"/' /etc/vmware/config
# Disable automatic software updates
sudo sed -i 's/autoSoftwareUpdateEnabled = "yes"/autoSoftwareUpdateEnabled = "no"/' /etc/vmware/config
BLUE "Installing JAVA..."
sudo apt-get install -y openjdk-14-jre
BLUE "Installing xrdp..."
sudo apt-get install -y xrdp
BLUE "Installing wine..."
sudo apt-get install -y net-tools wine
BLUE "Installing openssh-server..."
sudo apt-get install -y openssh-server
BLUE "Installing vscodium..."
wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg | gpg --dearmor | sudo dd of=/etc/apt/trusted.gpg.d/vscodium.gpg
echo 'deb https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs/ vscodium main' | sudo tee --append /etc/apt/sources.list.d/vscodium.list
sudo apt-get update && sudo apt-get install -y vscodium
BLUE "Installing anonsurf..."
sudo apt-get install -y anonsurf
BLUE "Installing tor..."
sudo apt-get install -y tor
BLUE "Installing git..."
sudo apt-get install -y git
BLUE "Installing terminator..."
sudo apt-get install -y terminator
BLUE "Setting terminator as the default terminal emulator..."
sed -i s/Exec=gnome-terminal/Exec=terminator/g /usr/share/applications/gnome-terminal.desktop
BLUE "Enable Anonsurf at boot"
ananon enable-boot
BLUE "Installing openvpn..."
sudo apt-get install -y openvpn
BLUE "Installing nmap..."
sudo apt-get install -y nmap
BLUE "Installing RustScan..."
wget "https://github.com/RustScan/RustScan/releases/download/2.0.1/rustscan_2.0.1_amd64.deb" -O rustscan_2.0.1_amd64.deb
sudo dpkg -i ./rustscan_2.0.1_amd64.deb
BLUE "Installing docker..."
sudo apt-get install -y docker.io
sudo groupadd docker
sudo usermod -aG docker `logname`
BLUE "Installing curl..."
sudo apt-get install -y curl
BLUE "Installing pinta..."
sudo apt-get install -y pinta
BLUE "Installing exiftool..."
sudo apt-get install -y exiftool
BLUE "Installing Python PIL..."
sudo apt-get install -y python-pil
BLUE "Installing sqlitebrowser..."
sudo apt-get install -y sqlitebrowser
BLUE "Installing Wireshark..."
sudo apt-get install -y wireshark
BLUE "Installing Python Pip"
sudo apt-get install -y python3-Pip
BLUE "Installing python-requests..."
sudo python3 -m pip install requests
BLUE "Installing Python flask..."
sudo python3 -m pip install flask
BLUE "Installing Python flask-login..."
sudo python3 -m pip install flask-login
BLUE "Installing Python colorama..."
sudo python3 -m pip install colorama
BLUE "Installing Python passlib..."
sudo python3 -m pip install passlib
BLUE "Installing Binwalk..."
sudo apt-get install -y binwalk
BLUE "Installing foremost..."
sudo apt-get install -y foremost
BLUE "Installing rot13..."
sudo apt-get install -y bsdgames
BLUE "Installing Python pwntools..."
sudo python3 -m pip install pwntools
BLUE "Installing sqlite..."
sudo apt-get install -y sqlite
BLUE "Installing zbarimg..."
sudo apt-get install -y zbar-tools
BLUE "Installing qrencode..."
sudo apt-get install -y qrencode
BLUE "Installing pdfcrack..."
sudo apt-get install -y pdfcrack
BLUE "Downloading stegsolve.jar..."
wget "http://www.caesum.com/handbook/Stegsolve.jar" -O "stegsolve.jar"
chmod +x "stegsolve.jar"
BLUE "Installing fcrackzip..."
sudo apt-get install -y fcrackzip
BLUE "Installing unrar..."
sudo apt-get install -y unrar
BLUE "Installing steghide..."
sudo apt-get install -y steghide
BLUE "Installing ffmpeg..."
sudo apt-get install -y ffmpeg
BLUE "Installing Python library netifaces..."
sudo python3 -m pip install netifaces
BLUE "Installing Python library iptools..."
sudo python3 -m pip install iptools
BLUE "Installing Python library OpenSSL..."
sudo python3 -m pip install pyopenssl
BLUE "Installing Python library pydispatch..."
sudo python3 -m pip install pydispatch
BLUE "Installing Stegoveritas and Dependencies"
pip3 install stegoveritas
sudo apt-get install -y exiftool unzip zip foremost p7zip-full
BLUE "Installing GIMP..."
sudo apt-get install -y gimp
BLUE "Installing cmake..."
sudo apt-get install -y cmake
BLUE "Installing sshpass..."
sudo apt-get install -y sshpass
BLUE "Installing tcpflow..."
sudo apt-get install -y tcpflow
BLUE "Installing Python scapy..."
sudo python3 -m pip install scapy
BLUE "Installing OBS..."
sudo apt-get install -y obs-studio
BLUE "Cleaning Up..."
sudo apt-get autoclean -y
sudo apt-get autoremove -y
sudo apt-get clean -y
Reference in New Issue View Git Blame Copy Permalink