From 5c73afabe07195ca88eee3e7eb820a3db6f6b3c6 Mon Sep 17 00:00:00 2001 From: Tommy Date: Thu, 26 May 2022 16:43:33 -0400 Subject: [PATCH] Kicksecure --- debian/debian.sh | 31 --------- fedora/fedora.sh | 26 ------- fedora/protonvpn.sh | 9 --- fedora/usb.sh | 3 - {debian => kicksecure}/element.sh | 0 {fedora => kicksecure}/emails.sh | 2 +- kicksecure/kicksecure.sh | 83 +++++++++++++++++++++++ {fedora-brave => kicksecure}/nextcloud.sh | 2 +- kicksecure/protonvpn.sh | 20 ++++++ {debian => kicksecure}/signal.sh | 0 kicksecure/usb.sh | 3 + 11 files changed, 108 insertions(+), 71 deletions(-) delete mode 100644 debian/debian.sh delete mode 100644 fedora/protonvpn.sh delete mode 100644 fedora/usb.sh rename {debian => kicksecure}/element.sh (100%) rename {fedora => kicksecure}/emails.sh (80%) create mode 100644 kicksecure/kicksecure.sh rename {fedora-brave => kicksecure}/nextcloud.sh (78%) create mode 100644 kicksecure/protonvpn.sh rename {debian => kicksecure}/signal.sh (100%) create mode 100644 kicksecure/usb.sh diff --git a/debian/debian.sh b/debian/debian.sh deleted file mode 100644 index 237e26e..0000000 --- a/debian/debian.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -sudo apt purge -y thunderbird emacs emacs-gtk emacs-bin-common emacs-common firefox* keepassxc cups* vim* system-config-printer* xsettingsd xterm* yelp* -sudo apt autoremove -y -sudo apt autoclean -sudo apt install -y eog qt5ct qt5-style-plugins arc-theme - -git config --global http.proxy http://127.0.0.1:8082 -git clone https://github.com/horst3180/arc-icon-theme -mv arc-icon-theme/Arc /usr/share/icons -rm -rf arc-icon-theme - -echo "export export QT_QPA_PLATFORMTHEME=gtk2" | sudo tee /etc/environment - -sudo mkdir /etc/gtk-3.0 -echo '[Settings] -gtk-theme-name=Arc-Dark -gtk-application-prefer-dark-theme=1 -' | sudo tee /etc/gtk-3.0/settings.ini - -sudo mkdir /etc/gtk-4.0 -echo '[Settings] -gtk-theme-name=Arc-Dark -gtk-application-prefer-dark-theme=1 -' | sudo tee /etc/gtk-4.0/settings.ini - -sudo cat > /etc/dconf/db/local.d/custom <<- 'EOF' -[org/gnome/desktop/interface] -gtk-theme='Arc-Dark' -icon-theme='Arc' -EOF diff --git a/fedora/fedora.sh b/fedora/fedora.sh index 286020d..de49fd4 100644 --- a/fedora/fedora.sh +++ b/fedora/fedora.sh @@ -17,29 +17,3 @@ sudo cat > /etc/dconf/db/local.d/custom <<- 'EOF' gtk-theme='Arc-Dark' icon-theme='Arc' EOF - -sudo dconf update - -sudo cat > /etc/systemd/user/update-user-flatpaks.service <<- 'EOF' -[Unit] -Description=Update user Flatpaks - -[Service] -Type=oneshot -ExecStart=/usr/bin/flatpak --user update -y - -[Install] -WantedBy=default.target -EOF - -sudo cat > /etc/systemd/user/update-user-flatpaks.timer <<- 'EOF' -[Unit] -Description=Update user Flatpaks daily - -[Timer] -OnCalendar=daily -Persistent=true - -[Install] -WantedBy=timers.target -EOF diff --git a/fedora/protonvpn.sh b/fedora/protonvpn.sh deleted file mode 100644 index fb982e5..0000000 --- a/fedora/protonvpn.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -sudo cat > /etc/dconf/db/local.d/custom <<- 'EOF' -[org/gnome/desktop/interface] -gtk-theme='Arc-Dark' -EOF - -sudo dnf install https://protonvpn.com/download/protonvpn-stable-release-1.0.1-1.noarch.rpm -y -sudo dnf install protonvpn -y diff --git a/fedora/usb.sh b/fedora/usb.sh deleted file mode 100644 index 2506738..0000000 --- a/fedora/usb.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -sudo dnf install gnome-disk-utility yubikey-manager-qt yubioath-desktop nitrokey-app diff --git a/debian/element.sh b/kicksecure/element.sh similarity index 100% rename from debian/element.sh rename to kicksecure/element.sh diff --git a/fedora/emails.sh b/kicksecure/emails.sh similarity index 80% rename from fedora/emails.sh rename to kicksecure/emails.sh index 5700e96..1de273a 100644 --- a/fedora/emails.sh +++ b/kicksecure/emails.sh @@ -1,6 +1,6 @@ #!/bin/bash -sudo dnf install thunderbird -y +sudo apt install --no-install-recommends thunderbird -y #Do this in the AppVM after you have set it up #Obviously replace vault-gpg with the actual GPG backend that you are using https://www.qubes-os.org/doc/split-gpg/ diff --git a/kicksecure/kicksecure.sh b/kicksecure/kicksecure.sh new file mode 100644 index 0000000..e82a5eb --- /dev/null +++ b/kicksecure/kicksecure.sh @@ -0,0 +1,83 @@ +#!/bin/bash +#Adding KickSecure's signing key +sudo apt install --no-install-recommends curl -y +curl --proxy http://127.0.0.1:8082/ --tlsv1.3 --proto =https --max-time 180 --output ~/derivative.asc https://www.kicksecure.com/derivative.asc +sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc +echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.kicksecure.com bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list + +#Distribution morphing +sudo apt install --no-install-recommends kicksecure-qubes-cli -y +sudo mv /etc/apt/sources.list ~/ +sudo touch /etc/apt/sources.list + +#Enabling SUID Disabler and Permission Hardener +sudo systemctl enable --now permission-hardening + +#Install LKRG +sudo apt install --no-install-recommends lkrg-dkms linux-headers-amd64 -y + +#Enable hardened malloc +echo "/usr/lib/libhardened_malloc.so/libhardened_malloc.so" | sudo tee /etc/ld.so.preload + +#Reduce kernel information leaks +#Will break a lot of applications. The apps I use on Whonix work fine with it so I am enabling it. +sudo systemctl enable --now hide-hardware-info.service + +#Debloat +sudo apt purge -y thunderbird emacs emacs-gtk emacs-bin-common emacs-common firefox* keepassxc cups* vim* system-config-printer* xsettingsd xterm* yelp* +sudo apt autoremove -y +sudo apt autoclean + +#Theming +sudo apt install --no-install-recommend qubes-gpg-split qubes-u2f-proxy eog qt5ct qt5-style-plugins arc-theme -y + +git config --global http.proxy http://127.0.0.1:8082 +git clone https://github.com/horst3180/arc-icon-theme +mv arc-icon-theme/Arc /usr/share/icons +rm -rf arc-icon-theme + +echo "export export QT_QPA_PLATFORMTHEME=gtk2" | sudo tee /etc/environment + +sudo mkdir /etc/gtk-3.0 +echo '[Settings] +gtk-theme-name=Arc-Dark +gtk-application-prefer-dark-theme=1 +' | sudo tee /etc/gtk-3.0/settings.ini + +sudo mkdir /etc/gtk-4.0 +echo '[Settings] +gtk-theme-name=Arc-Dark +gtk-application-prefer-dark-theme=1 +' | sudo tee /etc/gtk-4.0/settings.ini + +sudo cat > /etc/dconf/db/local.d/custom <<- 'EOF' +[org/gnome/desktop/interface] +gtk-theme='Arc-Dark' +icon-theme='Arc' +EOF + +sudo dconf update + +sudo cat > /etc/systemd/user/update-user-flatpaks.service <<- 'EOF' +[Unit] +Description=Update user Flatpaks + +[Service] +Type=oneshot +ExecStart=/usr/bin/flatpak --user update -y + +[Install] +WantedBy=default.target +EOF + +sudo cat > /etc/systemd/user/update-user-flatpaks.timer <<- 'EOF' +[Unit] +Description=Update user Flatpaks daily + +[Timer] +OnCalendar=daily +Persistent=true + +[Install] +WantedBy=timers.target +EOF \ No newline at end of file diff --git a/fedora-brave/nextcloud.sh b/kicksecure/nextcloud.sh similarity index 78% rename from fedora-brave/nextcloud.sh rename to kicksecure/nextcloud.sh index 9f5d58f..c5f8c41 100644 --- a/fedora-brave/nextcloud.sh +++ b/kicksecure/nextcloud.sh @@ -1,6 +1,6 @@ #!/bin/bash -sudo dnf install nextcloud-client +sudo apt install --no-install-recommends nextcloud-client #Adding a DNS entry for my Nextcloud server here so I can add a Firewall rule locking the AppVM to only being able to connect to my server. echo "5.226.143.92 cloud.tommytran.io" >> /etc/hosts diff --git a/kicksecure/protonvpn.sh b/kicksecure/protonvpn.sh new file mode 100644 index 0000000..ae3d2ef --- /dev/null +++ b/kicksecure/protonvpn.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +sudo apt install --no-install-recommends qubes-core-agent-networking qubes-core-agent-network-manager notification-daemon gnome-keyring arc-theme -y + +curl --proxy http://127.0.0.1:8082/ -O https://protonvpn.com/download/protonvpn-stable-release_1.0.1-1_all.deb +sudo apt install --no-install-recommends ./protonvpn-stable-release_1.0.1-1_all.deb -y +sudo apt update +sudo apt install --no-install-recommends protonvpn -y + +sudo mkdir -p /etc/gtk-3.0 +echo '[Settings] +gtk-theme-name=Arc-Dark +gtk-application-prefer-dark-theme=1 +' | sudo tee /etc/gtk-3.0/settings.ini + +sudo mkdir -p /etc/gtk-4.0 +echo '[Settings] +gtk-theme-name=Arc-Dark +gtk-application-prefer-dark-theme=1 +' | sudo tee /etc/gtk-4.0/settings.ini \ No newline at end of file diff --git a/debian/signal.sh b/kicksecure/signal.sh similarity index 100% rename from debian/signal.sh rename to kicksecure/signal.sh diff --git a/kicksecure/usb.sh b/kicksecure/usb.sh new file mode 100644 index 0000000..daff73c --- /dev/null +++ b/kicksecure/usb.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +sudo apt install --no-install-recommends gnome-disk-utility yubikey-manager-qt yubioath-desktop nitrokey-app -y