diff --git a/Kali-Linux.sh b/Kali-Linux.sh deleted file mode 100644 index 69e25f5..0000000 --- a/Kali-Linux.sh +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/bash - -# Copyright (C) 2021-2024 Thien Tran -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - - -output(){ - echo -e '\e[36m'"$1"'\e[0m'; -} - -unpriv(){ - sudo -u nobody "$@" -} - -install_options(){ - output "Are you using a Parallels Virtual Machine?" - output "[1] Yes" - output "[2] No" - read -r choice - case $choice in - 1 ) parallels=1 - ;; - 2 ) parallels=0 - ;; - * ) output "You did not enter a valid selection." - install_options - esac -} - -install_options - -# Update Kali -sudo apt full-upgrade -y - -# Install all tools -sudo apt install kali-linux-everything -y - -# Setup NTS -sudo systemctl disable --now systemd-timesyncd -sudo systemctl mask systemd-timesyncd - -if [ "${parallels}" = "0" ]; then - sudo apt install -y chrony - unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf - sudo systemctl restart chronyd -fi - -# Kernel hardening -unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf -sudo chmod 644 /etc/modprobe.d/30_security-misc.conf -sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf -unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf -sudo chmod 644 /etc/sysctl.d/990-security-misc.conf -unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf -sudo chmod 644 /etc/sysctl.d/30_silent-kernel-printk.conf -unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf | sudo tee /etc/sysctl.d/30_security-misc_kexec-disable.conf -sudo chmod 644 /etc/sysctl.d/30_security-misc_kexec-disable.conf -sudo sed -i 's/kernel.yama.ptrace_scope=2/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf -sudo sysctl -p - -# Rebuild initramfs -sudo update-initramfs -u - -# Disable coredump -unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf | sudo tee /etc/security/limits.d/30-disable-coredump.conf - -# Update GRUB config -# shellcheck disable=SC2016 -echo 'GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mitigations=auto,nosmt spectre_v2=on spec_store_bypass_disable=on tsx=off kvm.nx_huge_pages=force nosmt=force l1d_flush=on spec_rstack_overflow=safe-ret random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=force_isolation efi=disable_early_pci_dma iommu=force iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none ia32_emulation=0 page_alloc.shuffle=1 randomize_kstack_offset=on debugfs=off lockdown=confidentiality"' | sudo tee -a /etc/grub.d/40_custom -sudo update-grub - -# Installing tuned first here because virt-what is 1 of its dependencies anyways -sudo apt install tuned -y -virt_type=$(virt-what) -if [ "$virt_type" = '' ]; then - output 'Virtualization: Bare Metal.' -elif [ "$virt_type" = 'openvz lxc' ]; then - output 'Virtualization: OpenVZ 7.' -elif [ "$virt_type" = 'xen xen-hvm' ]; then - output 'Virtualization: Xen-HVM.' -elif [ "$virt_type" = 'xen xen-hvm aws' ]; then - output 'Virtualization: Xen-HVM on AWS.' -else - output "Virtualization: $virt_type." -fi - -# Setup tuned -if [ "$virt_type" = '' ]; then - # Don't know whether using tuned would be a good idea on a laptop, power-profiles-daemon should be handling performance tuning IMO. - sudo apt remove tuned -y -else - sudo tuned-adm profile virtual-guest -fi - -# Enable fstrim.timer -sudo systemctl enable --now fstrim.timer - -# Setup Networking -sudo apt install ufw -y -sudo ufw enable - -sudo mkdir -p /etc/systemd/system/NetworkManager.service.d -curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf -sudo systemctl daemon-reload -sudo systemctl restart NetworkManager \ No newline at end of file