This repository has been archived by the owner on Sep 22, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
05-security.sh
159 lines (124 loc) · 4.85 KB
/
05-security.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#!/bin/sh
# Function to configure the firewall
configure_firewall(){
# Configure the firewall
echo "-----------------------------------------------------"
echo "Configuring the firewall..."
echo "-----------------------------------------------------"
sudo echo 'table inet my_table {
chain my_input {
type filter hook input priority filter; policy accept;
iif "lo" accept comment "always accept loopback"
iifname "wlo1" jump my_input_public
}
chain my_input_public {
ct state { established, related } accept
ct state invalid drop
udp dport 68 accept
tcp dport 68 accept
reject comment "all other traffic"
}
chain my_output {
type filter hook output priority filter; policy accept;
accept
}
}' > /etc/nftables.conf
# Reload the firewall
sudo systemctl restart nftables.service
}
main(){
clear
echo " _________ .__ __ "
echo " / _____/ ____ ____ __ __ _______ |__|_/ |_ ___.__. "
echo " \_____ \ _/ __ \_/ ___\ | | \\_ __ \| |\ __\< | | "
echo " / \\ ___/\ \___ | | / | | \/| | | | \___ | "
echo "/_______ / \___ >\___ >|____/ |__| |__| |__| / ____| "
echo " \/ \/ \/ \/ "
echo ""
echo "by Puchy (2023)"
echo "-----------------------------------------------------"
echo "This install the software that I use to secure my systems and in my CTFs."
echo "WARNING: This only install the software, secure a system is a more complex thing."
echo "I recommend you to read the Arch Wiki for mor info: https://wiki.archlinux.org/title/Security"
echo "-----------------------------------------------------"
echo ""
# Make a list of the software to install
software=(
"nmap" # Network exploration tool and security / port scanner
"wireshark-qt" # Network protocol analyzer
"bitwarden" # Password manager
"iptables-nft" # Firewall
"clamav" # Antivirus
"john" # Password cracker
"hashcat" # Password cracker
"zaproxy" # Web application security scanner
"hydra" # Password cracker
"traceroute" # Traceroute utility
"exploitdb" # Offensive Security’s Exploit Database Archive (searchsploit)
"gobuster" # A directory/file & DNS busting tool.
"webshells" # A collection of webshells for use in penetration testing
"sqlmap" # Automatic SQL injection and database takeover tool
)
# Install the software
echo "-----------------------------------------------------"
echo "Installing the software..."
echo "-----------------------------------------------------"
sudo pacman -Syy --noconfirm "${software[@]}"
# Prepare the software necesary from AUR
echo "-----------------------------------------------------"
echo "Preparing the software from AUR..."
echo "-----------------------------------------------------"
aur_software=(
"whatweb" # Web scanner
"burpsuite" # Security testing of web applications
"wordlists" # great set of wordlists. In /usr/share/wordlists
)
# Install the software from AUR
echo "-----------------------------------------------------"
echo "Installing the software from AUR..."
echo "-----------------------------------------------------"
paru -Syy --noconfirm "${aur_software[@]}"
# Some configurations
echo "-----------------------------------------------------"
echo "Configuring the login..."
echo "-----------------------------------------------------"
# Enter delay after a failed login attempt
sudo sed -i '/^auth/!b;n;n;a\auth optional pam_faildelay.so delay=4000000' /etc/pam.d/system-login
# Lock the root account
sudo passwd -l root
# Question to the user if configure the firewall
while true; do
echo "-----------------------------------------------------"
echo "Do you want to setup simple firewall configuration? (y/n)"
echo "-----------------------------------------------------"
read -r continue
case $continue in
"Y"|"y"|"")
configure_firewall
break
;;
"N"|"n")
echo "-----------------------------------------------------"
echo "Firewall configuration aborted."
echo "-----------------------------------------------------"
;;
*)
echo "Invalid option. Please select Y or N."
;;
esac
done
# Configure the antivirus
echo "-----------------------------------------------------"
echo "Configuring the antivirus..."
echo "-----------------------------------------------------"
# Update the antivirus database
freshclam
# Enable the antivirus
sudo systemctl enable clamav-freshclam.service
sudo systemctl enable clamav-daemon.service
# Start the antivirus
sudo systemctl start clamav-freshclam.service
sudo systemctl start clamav-daemon.service
}
# MAIN
main