-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall.sh
More file actions
executable file
·222 lines (179 loc) · 8.43 KB
/
install.sh
File metadata and controls
executable file
·222 lines (179 loc) · 8.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
#!/bin/bash
#==============================================================================
#title :intall.sh
#description :This scirpt installs common tools, tripwire and pam-usb
#author :Marc Landolt jun, @FailDef
#date :20160111
#version :0.6
#usage :sudo ./install.sh
#notes :
#debiain version :debian Jessie 8.2.0
#==============================================================================
fontSourceDir="/home/marc/Daten.2015/Buero/Vorlagen/fonts/"
clear
echo
echo
echo
echo -e "Bitte mit sudo starten, z.B.: \e[91msudo ./install.sh\e[39m, sudo muss zuerst installiert werden mit 'apt-get install sudo', weiter (y/n)?"
echo -e "Run with sudo, eg: \e[91msudo ./install.sh\e[39m, you must install sudo first with 'apt-get install sudo', continue (y/n)?"
read answer
if echo "$answer" | grep -iq "^y" ;
then
echo "weiter..."
echo "continuing..."
else
exit
fi
echo
echo
echo -e "\e[91mDebian Schlüssel\e[39m runterladen & lokal speichern (y/n)?"
echo -e "Download \e[91mDebian KeyFingerprints\e[39m & save local (y/n)?"
read answer
if echo "$answer" | grep -iq "^y" ;
then
mkdir $(date +%y%m%d)
cd $(date +%y%m%d)
wget -r -l4 -A sign http://cdimage.debian.org/debian-cd/8.2.0
cd ..
for i in $(ls -d $(date +%y)* |grep -v sum); do find ./$i -exec cat '{}' >$i.sums \; && echo ---; done
apt-get install diffuse && diffuse $(date +%y)*.sums
else
echo -e "lade Debian Schlüssel nicht runter"
echo -e "not downloading debian fingerprints"
fi
echo
echo
echo -e "\e[91mDebian Repository Index\e[39m über \e[33mTor\e[39m runterladen, was dann apt automatisch vergleicht (y/n)?"
echo -e "Donwload \e[91mDebian repository Index\e[39m über \e[33mTor\e[39m, apt would say if someone changed them (y/n)?"
read answer
if echo "$answer" | grep -iq "^y" ;then
apt-get update
apt-get upgrade
apt-get install torsocks apt-transport-tor
mv /etc/apt/sources.list /etc/apt/sources.list.bak$(date +%y%m%d%H%M%S)
echo "
deb tor+http://vwakviie2ienjx6t.onion/debian/ $(lsb_release -c -s) main contrib
deb tor+http://earthqfvaeuv5bla.onion/debian/ $(lsb_release -c -s) main contrib
" >> /etc/apt/sources.list
else
echo Benutzer das Tor-Netzwerk nicht
echo Not using Tor-Network
fi
echo
echo
echo -e "Wieder den normalen \e[91mhttpredir.debian.org\e[39m verwenden der \e[33mschneller\e[39m ist also über das Tor-Netzwerk (y/n)?"
echo -e "Switch back to normale \e[91mhttpredir.debian.org\e[39m mirror, normally \e[33mfaster\e[39m than with Tor-Netzwork (y/n)?"
read answer
if echo "$answer" | grep -iq "^y" ;then
#Sicherheitskopie vom sources.list machen
mv /etc/apt/sources.list /etc/apt/sources.list.bak$(date +%y%m%d%H%M%S)
#neue sources,list schreiben
echo "
deb http://httpredir.debian.org/debian/ $(lsb_release -c -s) main contrib
deb-src http://httpredir.debian.org/debian/ $(lsb_release -c -s) main contrib
deb http://security.debian.org/ $(lsb_release -c -s)/updates main contrib
deb-src http://security.debian.org/ $(lsb_release -c -s)/updates main contrib
deb http://httpredir.debian.org/debian/ $(lsb_release -c -s)-updates main contrib
deb-src http://httpredir.debian.org/debian/ $(lsb_release -c -s)-updates main contrib
" >>/etc/apt/sources.list
else
echo -e "Verwende weiter das Tor-Netzwerk"
echo -e "Continuing using apt-transport-tor"
fi
#update && upgrade
apt-get update && apt-get upgrade
#vi /etc/apt/sources.list
#debian linux
apt-get install sudo gdm3 gnome gnome-shell inkscape gimp libreoffice nmap keepassx vim icedove gnome-commander iceweasel libreoffice-help-de libreoffice-l10n-de clive mc pam-usb* xsane md5deep rsync redshift extundelete gconf-editor tripwire gparted chromium rdfind kdenlive snmp virtualbox kazam stopmotion jigdo-file qrencode posterazor audacity build-essential pkg-config libdbus-1-dev apt-xapian-index apt-file figlet gconf-editor git nmon tcpdump iptraf mumble font-manager
#trisquel linux
#apt-get install sudo gdm3 gnome gnome-shell inkscape gimp libreoffice nmap keepassx vim icedove gnome-commander libreoffice-help-de libreoffice-l10n-de clive mc pam-usb* xsane md5deep rsync redshift extundelete gconf-editor tripwire gparted chromium rdfind kdenlive snmp virtualbox kazam stopmotion jigdo-file qrencode posterazor audacity build-essential pkg-config libdbus-1-dev apt-xapian-index apt-file figlet gconf-editor git nmon tcpdump iptraf mumble font-manager
#apt-file ist um einzelne dateien in den apt-repositories zu suchen, gut z.B. wenn man beim schreiben von code libraries oder headerdateien (.h) sucht
sudo apt-file update
#sudo vim /etc/iwatch/iwatch.xml
#vim /etc/default/iwatch
#sudo /etc/init.d/iwatch restart
echo
echo
echo -e "\e[91mMultif-Factor Authentication\e[39m installieren \e[33mdafür bitte einen leeren MemoryStick eintecken\e[39m und z.B. 4 partitionen erstellen (y/n)?"
echo -e "Install \e[91mMulti-Factor authentication\e[39m \e[33mplease plugin an empty MemoryStick \e[39m and create eg. 4 partitions (y/n)?"
read answer
if echo "$answer" | grep -iq "^y" ;then
xdg-open https://en.wikipedia.org/wiki/Multi-factor_authentication &
xdg-open https://de.wikipedia.org/wiki/Zwei-Faktor-Authentifizierung &
gparted
/usr/bin/pamusb-conf --add-device seven
/usr/bin/pamusb-conf --add-user $(id -u 1000 -n)
else
echo kein Multi-Factor Authentication installieren
echo not installing Multi-Factor Authentication
fi
echo
echo
echo -e "Im \e[91m /etc/pam.d/common-auth\e[39m sollte man nun das \e[91msufficient\e[39m mit \e[91requisite\e[49m austauschen\e[39m bei der Zeile \e[91m pam_usb.so\e[39m, somit braucht es stick && passwort um einzuloggen, handbuch \e[34mman pam.d\e[39m"
echo -e "In \e[91m /etc/pam.d/common-auth\e[39m you should change the \e[91msufficient\e[39m with \e[91requisite\e[49m in the row \e[91m pam_usb.so\e[39m so that it requires bothm, not either or. Manual: \e[34mman pam.d\e[39m"
man pam.d |grep " requisite$" -a7
echo
echo
echo -e "bitte [enter] drücken, allenfalls im Editor \e[34m:syntax off\e[39m [enter] drücken, das schaltet das Syntax Highlighting ein"
read answer
xdg-open ./common-auth.png &
vim /etc/pam.d/common-auth
echo
echo
echo -e "Dann macht es allenfalls Sinn den root Account zu deaktivieren nach dem man den Benutzer $(id -u 1000 -n) im sudoers eingetragen hat, damit man noch einen Adminkonto hat"
echo -e "Possibily its wise to disable the root Account, after the user $(id -u 1000 -n) was added to the /etc/sudoers, that there is at least one Admin Account"
xdg-open ./sudoers.png &
vim "+:syntax on" /etc/sudoers
xdg-open ./nologin.png &
vim "+:syntax on" /etc/passwd
#scroobar nicht ubuntu style
#gsettings set com.canonical.desktop.interface scrollbar-mode normal
#gsettings set org.gnome.nautilus.preferences always-use-location-entry true
#./linux-brprinter-installer-2.0.0-1
echo
echo
echo -e "tripwire: Erstellt Signaturen für alle wichtige Dateien, falls jemand Viren lädt, würde das dann da auffallen, komplette Auswertung ist aber Aufwendig (y/n)?"
echo -e "tripwire: Creates Signatures for all important Files, in case someone installs a Virus or Trojan, complete Evaluation would give a lot to do (y/n)?"
read answer
if echo "$answer" | grep -iq "^y" ;then
sudo tripwire -m i
sudo tripwire -m u
else
echo Erstelle kene Tripwire Signaturen
echo Not creating Tripwire Signatures
fi
echo -e "Benutzer \e[92mguest\e[39m erstellen mit zweitem mini MemoryStick, den man auch stecken lassen kann und keine Admin-rechte hat (y/n)?"
echo -e "Create a \e[92mguest \e[39m user with a mini second MemoryStick, that you can leave the usb port, without Admin-Premissions (y/n)?"
read answer
if echo "$answer" | grep -iq "^y" ;then
xdg-open https://www.google.ch/search?q=mini+usb+sticks
adduser --quiet guest --disabled-password --gecos "guest"
echo guest | passwd geust --stdin
gparted
/usr/bin/pamusb-conf --add-device six
/usr/bin/pamusb-conf --add-user guest
else
echo Erstelle keinen Gast bentuzer
echo Not Creating guest user
fi
echo
echo
echo -e "In gnome nautilus die Pfadleiste aktivieren"
echo -e "Enable Path bar in gnome nautilus"
gsettings set org.gnome.nautilus.preferences always-use-location-entry true
echo -e "generell Bunt einschalten im vim"
echo "syntax on" >>$HOME/.vimrc
echo
echo
echo -e "\e[91mSchriften\e[39m installieren? (y/n)?"
echo -e "Install \e[91mfonts\e[39m? (y/n)?"
read answer
if echo "$answer" | grep -iq "^y" ;then
xdg-open ./font.png &
pwd
find $fontSourceDir -iname "*ttf" -exec gnome-font-viewer '{}' \;
# for i in $(ls *.ttf); do gnome-font-viewer "$i"; done;
else
echo "not installing fonts"
fi
echo have fun!