commit 488a3acab45ca52f7086a18c4f2a1b4a610ffa07
Author: termite <termite@mudf.lat>
Date:   Tue Nov 26 11:00:08 2024 -0800

    first commit

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..67bfa14
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+first add the users that are authorized to the end of usersnorm (BUT KEEP THE EXISTING ONES) (all users that should be on the system)
+then add any system users that might be unusually tied to the system you are currently working on (extra applications/things i might have missed)
+
+run the command in "usefulcommands.txt" to list all users, and paste that into userstest (idk why i havent automated this yet, i havent touched this script in like a year lol)
+
+run "debiandetox.sh", respond yes or no appropriately (read the users you are removing before you remove them, most likely it is a system user that is just there due to an extra program)
+
+what the script does
+
+    attempts to remove common forbidden applications (outputs the removed applications to removedapps.txt, in order to allow for you to fix your fuckup)
+
+    installs and enables ufw
+
+    changes password settings for users in "/etc/login.defs"
+
+    enables tcp_syncookies in /etc/sysctl.conf
+
+    turns off root login in ssh
+
+    turns on autoupdate (IMPORTANT: SEPERATE FROM GUI AUTOUPDATE)
+
+    attempts to remove users that shouldnt be on the machine (outputs removed users to removedusers.txt)
+
+    installs and enables freshclam (currently borked, but it probably wouldnt give points anyways)
+
+    usually gets around 20 points round 1, 10 points in round 2, 5 points in round 3
+
+usefulcommands.txt is probably going to help you more than the script tbh
diff --git a/debiandetox.sh b/debiandetox.sh
new file mode 100644
index 0000000..9059125
--- /dev/null
+++ b/debiandetox.sh
@@ -0,0 +1,125 @@
+#! /bin/bash
+#CYBERPATRIOT DEBIAN-DETOX MERCER ISLAND RED TEAM SCRIPT v0.2
+
+sudo apt update
+sudo apt upgrade
+
+
+
+#removing packages that match keyword, asking user for confirmation just in case
+sudo dpkg --get-selections | grep -i 'shark\|hydra\|nginx\|Samba\|snmp\|Nfs\|sendmail\|Xinetd\|crack\|telnet\|apache' | tr -d "[:blank:]" | sed 's/install//g' | 
+while read -r CURRENT_LINE
+do
+    echo "purge this package $CURRENT_LINE?"
+    read response < /dev/tty
+    if [[ $response =~ ^[Yy]$ ]]
+    then
+    	echo "$CURRENT_LINE" >> removedapps.txt
+        yes | sudo apt purge $CURRENT_LINE
+    else 
+        echo "skipped removal"
+    fi
+
+done
+
+#prints out packages that don't adhere to default ubuntu install
+LINEA=1
+LINEB=1
+
+while read -r CURRENT_LINEA
+	do
+        MATCH=0
+        while read -r CURRENT_LINEB
+            do
+            if [ "$CURRENT_LINEA" == "$CURRENT_LINEB" ]
+            then
+            ((MATCH++))
+            fi
+            ((LINEB++))
+        done < "packnorm.txt"
+        if [ $MATCH -eq 0 ]
+		then
+			echo "$CURRENT_LINEA is sus"
+		fi
+    ((LINEA++))
+done <<< "$( sudo dpkg --get-selections | tr -d "[:blank:]" | sed 's/install//g')"
+
+#installs ufw and enables it
+sudo apt install ufw
+sudo ufw enable
+
+#changes the password settings for all the users to be more secure
+sudo sed -i "s/\(^PASS_MAX_DAYS* *\).*/\1 15/" /etc/login.defs
+sudo sed -i "s/\(^PASS_MIN_DAYS* *\).*/\1 1/" /etc/login.defs
+sudo sed -i "s/\(^PASS_WARN_AGE* *\).*/\1 5/" /etc/login.defs
+
+#turns on cookie protection or some shit idk
+sudo sed -i "s/\(^net.ipv4.tcp_syncookies*=*\).*/\11/" /etc/sysctl.conf
+
+#turns off root login in ssh
+sudo sed -i "s/\(^PermitRootLogin* *\).*/\1 no/" /etc/ssh/sshd_config
+
+#Turns on autoupdate
+sudo sed -i 's/\(^APT::Periodic::Update-Package-Lists* *\).*/\1 "1";/' /etc/apt/apt.conf.d/10periodic
+
+#removes all bad users
+LINEA=1
+LINEB=1
+
+while read -r CURRENT_LINEA
+	do
+        MATCH=0
+        while read -r CURRENT_LINEB
+            do
+            if [ "$CURRENT_LINEA" == "$CURRENT_LINEB" ]
+            then
+            ((MATCH++))
+            fi
+            ((LINEB++))
+        done < "usersnorm.txt"
+        if [ $MATCH -eq 0 ]
+	then
+		echo "kill the user $CURRENT_LINEA?"
+    		read response < /dev/tty
+		if [[ $response =~ ^[Yy]$ ]]
+		then
+			echo "$CURRENT_LINEA" >> removedusers.txt
+				yes | sudo deluser "$CURRENT_LINEA"
+				echo "user $CURRENT_LINEA combusted"
+			else 
+				echo "skipped removal"
+			fi
+	fi
+    ((LINEA++))
+done <<< "$(awk -F':' '{ print $1}' /etc/passwd)"
+
+#removes all non admins
+LINEA=1
+LINEB=1
+
+while read -r CURRENT_LINEA
+	do
+        MATCH=0
+        while read -r CURRENT_LINEB
+            do
+            if [ "$CURRENT_LINEA" == "$CURRENT_LINEB" ]
+            then
+            ((MATCH++))
+            fi
+            ((LINEB++))
+        done < "sudonorm.txt"
+        if [ $MATCH -eq 0 ]
+	then
+		echo "kill the user $CURRENT_LINEA?"
+    		read response < /dev/tty
+		if [[ $response =~ ^[Yy]$ ]]
+		then
+			echo "$CURRENT_LINEA" >> removedusers.txt
+				yes | sudo deluser "$CURRENT_LINEA" sudo
+				echo "user $CURRENT_LINEA has been un-sudoed"
+			else 
+				echo "skipped removal"
+			fi
+	fi
+    ((LINEA++))
+done <<< "$(grep '^sudo:.*$' /etc/group | cut -d: -f4)"
diff --git a/script/debiandetox.sh b/script/debiandetox.sh
new file mode 100644
index 0000000..4e73b9d
--- /dev/null
+++ b/script/debiandetox.sh
@@ -0,0 +1,74 @@
+#! /bin/bash
+#CYBERPATRIOT DEBIAN-DETOX MERCER ISLAND RED TEAM SCRIPT v0.2
+
+sudo apt update
+sudo apt upgrade
+
+#removing packages that match keyword, asking user for confirmation just in case
+sudo dpkg --get-selections | grep -i 'shark\|hydra\|nginx\|Samba\|snmp\|Nfs\|sendmail\|Xinetd\|crack\|telnet\|apache' | tr -d "[:blank:]" | sed 's/install//g' | 
+while read -r CURRENT_LINE
+do
+    echo "purge this package $CURRENT_LINE?"
+    read response < /dev/tty
+    if [[ $response =~ ^[Yy]$ ]]
+    then
+    	echo "$CURRENT_LINE" >> removedapps.txt
+        yes | sudo apt purge $CURRENT_LINE
+    else 
+        echo "skipped removal"
+    fi
+
+done
+
+#installs ufw and enables it
+sudo apt install ufw
+sudo ufw enable
+
+#changes the password settings for all the users to be more secure
+sudo sed -i "s/\(^PASS_MAX_DAYS* *\).*/\1 15/" /etc/login.defs
+sudo sed -i "s/\(^PASS_MIN_DAYS* *\).*/\1 1/" /etc/login.defs
+sudo sed -i "s/\(^PASS_WARN_AGE* *\).*/\1 5/" /etc/login.defs
+
+#turns on cookie protection or some shit idk
+sudo sed -i "s/\(^net.ipv4.tcp_syncookies*=*\).*/\11/" /etc/sysctl.conf
+
+#turns off root login in ssh
+sudo sed -i "s/\(^PermitRootLogin* *\).*/\1 no/" /etc/ssh/sshd_config
+
+#Turns on autoupdate
+sudo sed -i 's/\(^APT::Periodic::Update-Package-Lists* *\).*/\1 "1";/' /etc/apt/apt.conf.d/10periodic
+
+#removes all bad users
+LINEA=1
+LINEB=1
+
+while read -r CURRENT_LINEA
+	do
+        MATCH=0
+        while read -r CURRENT_LINEB
+            do
+            if [ "$CURRENT_LINEA" == "$CURRENT_LINEB" ]
+            then
+            ((MATCH++))
+            fi
+            ((LINEB++))
+        done < "usersnorm.txt"
+        if [ $MATCH -eq 0 ]
+	then
+		echo "kill the user $CURRENT_LINEA?"
+    		read response < /dev/tty
+		if [[ $response =~ ^[Yy]$ ]]
+		then
+			echo "$CURRENT_LINEA" >> removedusers.txt
+				yes | sudo deluser "$CURRENT_LINEA"
+				echo "user $CURRENT_LINEA combusted"
+			else 
+				echo "skipped removal"
+			fi
+	fi
+    ((LINEA++))
+done <<< "$(awk -F':' '{ print $1}' /etc/passwd)"
+
+#removes all non admins
+
+#autoremoves all packages that are no longer required (might break something, but i dont care)
diff --git a/script/packnorm.txt b/script/packnorm.txt
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/script/packnorm.txt
@@ -0,0 +1 @@
+
diff --git a/script/sudonorm.txt b/script/sudonorm.txt
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/script/sudonorm.txt
@@ -0,0 +1 @@
+
diff --git a/script/usersnorm.txt b/script/usersnorm.txt
new file mode 100644
index 0000000..84da009
--- /dev/null
+++ b/script/usersnorm.txt
@@ -0,0 +1,67 @@
+root
+daemon
+bin
+sys
+sync
+games
+man
+lp
+mail
+news
+uucp
+proxy
+www-data
+backup
+list
+irc
+gnats
+nobody
+systemd-network
+systemd-resolve
+messagebus
+systemd-timesync
+syslog
+_apt
+tss
+uuidd
+systemd-oom
+tcpdump
+avahi-autoipd
+usbmux
+dnsmasq
+kernoops
+cups-pk-helper
+rtkit
+whoopsie
+sssd
+speech-dispatcher
+fwupd-refresh
+nm-openvpn
+colord
+geoclue
+pulse
+hplip
+gdm
+twellick
+jplofe
+pmccleery
+wbraddock
+ealderson
+lchong
+sswailem
+pprice
+sknowles
+tcolby
+jchutney
+sweinsberg
+sjacobs
+lspencer
+mralbern
+jrobinson
+gsheldern
+coshearn
+jlaslen
+kshelvern
+jtholdon
+belkarn
+bharper
diff --git a/usefulcommands.txt b/usefulcommands.txt
new file mode 100644
index 0000000..12622a3
--- /dev/null
+++ b/usefulcommands.txt
@@ -0,0 +1,45 @@
+quick command list:
+
+find file:
+sudo find -name "example"
+
+lists all users:
+awk -F':' '{ print $1}' /etc/passwd
+
+prints all administrator users:
+grep '^sudo:.*$' /etc/group | cut -d: -f4
+
+add user to group:
+sudo usermod -a -G GROUP USERNAME
+
+remove user from group:
+sudo deluser USERNAME GROUP
+
+sign into account of user:
+sudo su - USERNAME
+
+change password:
+passwd
+
+check if UFW is enabled:
+sudo ufw status
+
+enable ufw:
+sudo ufw enable
+
+find active services:
+systemctl list-units --type=service --state=active
+
+temporarily stop service:
+sudo service SERVICE stop
+sudo systemctl stop SERVICE
+
+remove service:
+update-rc.d -f SERVICE remove
+sudo systemctl disable SERVICE
+
+config ssh:
+sudo gedit /etc/ssh/sshd_config
+
+print out whole directory tree with perms, ignoring a few directories:
+ls -Rl / -I{home,var,tmp}