ObeseTermite/cyberpatriot-linux-script
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

first commit

Browse source
This commit is contained in:
termite 2024-11-26 11:00:08 -08:00
commit 488a3acab4
7 changed files with 341 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
README.md Normal file
View file

@ -0,0 +1,28 @@
first add the users that are authorized to the end of usersnorm (BUT KEEP THE EXISTING ONES) (all users that should be on the system)
then add any system users that might be unusually tied to the system you are currently working on (extra applications/things i might have missed)
run the command in "usefulcommands.txt" to list all users, and paste that into userstest (idk why i havent automated this yet, i havent touched this script in like a year lol)
run "debiandetox.sh", respond yes or no appropriately (read the users you are removing before you remove them, most likely it is a system user that is just there due to an extra program)
what the script does
attempts to remove common forbidden applications (outputs the removed applications to removedapps.txt, in order to allow for you to fix your fuckup)
installs and enables ufw
changes password settings for users in "/etc/login.defs"
enables tcp_syncookies in /etc/sysctl.conf
turns off root login in ssh
turns on autoupdate (IMPORTANT: SEPERATE FROM GUI AUTOUPDATE)
attempts to remove users that shouldnt be on the machine (outputs removed users to removedusers.txt)
installs and enables freshclam (currently borked, but it probably wouldnt give points anyways)
usually gets around 20 points round 1, 10 points in round 2, 5 points in round 3
usefulcommands.txt is probably going to help you more than the script tbh

125
debiandetox.sh Normal file
View file

@ -0,0 +1,125 @@
#! /bin/bash
#CYBERPATRIOT DEBIAN-DETOX MERCER ISLAND RED TEAM SCRIPT v0.2
sudo apt update
sudo apt upgrade
#removing packages that match keyword, asking user for confirmation just in case
sudo dpkg --get-selections | grep -i 'shark\|hydra\|nginx\|Samba\|snmp\|Nfs\|sendmail\|Xinetd\|crack\|telnet\|apache' | tr -d "[:blank:]" | sed 's/install//g' |
while read -r CURRENT_LINE
do
echo "purge this package $CURRENT_LINE?"
read response < /dev/tty
if [[ $response =~ ^[Yy]$ ]]
then
echo "$CURRENT_LINE" >> removedapps.txt
yes | sudo apt purge $CURRENT_LINE
else
echo "skipped removal"
fi
done
#prints out packages that don't adhere to default ubuntu install
LINEA=1
LINEB=1
while read -r CURRENT_LINEA
do
MATCH=0
while read -r CURRENT_LINEB
do
if [ "$CURRENT_LINEA" == "$CURRENT_LINEB" ]
then
((MATCH++))
fi
((LINEB++))
done < "packnorm.txt"
if [ $MATCH -eq 0 ]
then
echo "$CURRENT_LINEA is sus"
fi
((LINEA++))
done <<< "$( sudo dpkg --get-selections | tr -d "[:blank:]" | sed 's/install//g')"
#installs ufw and enables it
sudo apt install ufw
sudo ufw enable
#changes the password settings for all the users to be more secure
sudo sed -i "s/\(^PASS_MAX_DAYS* *\).*/\1 15/" /etc/login.defs
sudo sed -i "s/\(^PASS_MIN_DAYS* *\).*/\1 1/" /etc/login.defs
sudo sed -i "s/\(^PASS_WARN_AGE* *\).*/\1 5/" /etc/login.defs
#turns on cookie protection or some shit idk
sudo sed -i "s/\(^net.ipv4.tcp_syncookies*=*\).*/\11/" /etc/sysctl.conf
#turns off root login in ssh
sudo sed -i "s/\(^PermitRootLogin* *\).*/\1 no/" /etc/ssh/sshd_config
#Turns on autoupdate
sudo sed -i 's/\(^APT::Periodic::Update-Package-Lists* *\).*/\1 "1";/' /etc/apt/apt.conf.d/10periodic
#removes all bad users
LINEA=1
LINEB=1
while read -r CURRENT_LINEA
do
MATCH=0
while read -r CURRENT_LINEB
do
if [ "$CURRENT_LINEA" == "$CURRENT_LINEB" ]
then
((MATCH++))
fi
((LINEB++))
done < "usersnorm.txt"
if [ $MATCH -eq 0 ]
then
echo "kill the user $CURRENT_LINEA?"
read response < /dev/tty
if [[ $response =~ ^[Yy]$ ]]
then
echo "$CURRENT_LINEA" >> removedusers.txt
yes | sudo deluser "$CURRENT_LINEA"
echo "user $CURRENT_LINEA combusted"
else
echo "skipped removal"
fi
fi
((LINEA++))
done <<< "$(awk -F':' '{ print $1}' /etc/passwd)"
#removes all non admins
LINEA=1
LINEB=1
while read -r CURRENT_LINEA
do
MATCH=0
while read -r CURRENT_LINEB
do
if [ "$CURRENT_LINEA" == "$CURRENT_LINEB" ]
then
((MATCH++))
fi
((LINEB++))
done < "sudonorm.txt"
if [ $MATCH -eq 0 ]
then
echo "kill the user $CURRENT_LINEA?"
read response < /dev/tty
if [[ $response =~ ^[Yy]$ ]]
then
echo "$CURRENT_LINEA" >> removedusers.txt
yes | sudo deluser "$CURRENT_LINEA" sudo
echo "user $CURRENT_LINEA has been un-sudoed"
else
echo "skipped removal"
fi
fi
((LINEA++))
done <<< "$(grep '^sudo:.*$' /etc/group | cut -d: -f4)"

74
script/debiandetox.sh Normal file
View file

@ -0,0 +1,74 @@
#! /bin/bash
#CYBERPATRIOT DEBIAN-DETOX MERCER ISLAND RED TEAM SCRIPT v0.2
sudo apt update
sudo apt upgrade
#removing packages that match keyword, asking user for confirmation just in case
sudo dpkg --get-selections | grep -i 'shark\|hydra\|nginx\|Samba\|snmp\|Nfs\|sendmail\|Xinetd\|crack\|telnet\|apache' | tr -d "[:blank:]" | sed 's/install//g' |
while read -r CURRENT_LINE
do
echo "purge this package $CURRENT_LINE?"
read response < /dev/tty
if [[ $response =~ ^[Yy]$ ]]
then
echo "$CURRENT_LINE" >> removedapps.txt
yes | sudo apt purge $CURRENT_LINE
else
echo "skipped removal"
fi
done
#installs ufw and enables it
sudo apt install ufw
sudo ufw enable
#changes the password settings for all the users to be more secure
sudo sed -i "s/\(^PASS_MAX_DAYS* *\).*/\1 15/" /etc/login.defs
sudo sed -i "s/\(^PASS_MIN_DAYS* *\).*/\1 1/" /etc/login.defs
sudo sed -i "s/\(^PASS_WARN_AGE* *\).*/\1 5/" /etc/login.defs
#turns on cookie protection or some shit idk
sudo sed -i "s/\(^net.ipv4.tcp_syncookies*=*\).*/\11/" /etc/sysctl.conf
#turns off root login in ssh
sudo sed -i "s/\(^PermitRootLogin* *\).*/\1 no/" /etc/ssh/sshd_config
#Turns on autoupdate
sudo sed -i 's/\(^APT::Periodic::Update-Package-Lists* *\).*/\1 "1";/' /etc/apt/apt.conf.d/10periodic
#removes all bad users
LINEA=1
LINEB=1
while read -r CURRENT_LINEA
do
MATCH=0
while read -r CURRENT_LINEB
do
if [ "$CURRENT_LINEA" == "$CURRENT_LINEB" ]
then
((MATCH++))
fi
((LINEB++))
done < "usersnorm.txt"
if [ $MATCH -eq 0 ]
then
echo "kill the user $CURRENT_LINEA?"
read response < /dev/tty
if [[ $response =~ ^[Yy]$ ]]
then
echo "$CURRENT_LINEA" >> removedusers.txt
yes | sudo deluser "$CURRENT_LINEA"
echo "user $CURRENT_LINEA combusted"
else
echo "skipped removal"
fi
fi
((LINEA++))
done <<< "$(awk -F':' '{ print $1}' /etc/passwd)"
#removes all non admins
#autoremoves all packages that are no longer required (might break something, but i dont care)

1
script/packnorm.txt Normal file
View file

@ -0,0 +1 @@

1
script/sudonorm.txt Normal file
View file

@ -0,0 +1 @@

67
script/usersnorm.txt Normal file
View file

@ -0,0 +1,67 @@
root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
systemd-network
systemd-resolve
messagebus
systemd-timesync
syslog
_apt
tss
uuidd
systemd-oom
tcpdump
avahi-autoipd
usbmux
dnsmasq
kernoops
cups-pk-helper
rtkit
whoopsie
sssd
speech-dispatcher
fwupd-refresh
nm-openvpn
colord
geoclue
pulse
hplip
gdm
twellick
jplofe
pmccleery
wbraddock
ealderson
lchong
sswailem
pprice
sknowles
tcolby
jchutney
sweinsberg
sjacobs
lspencer
mralbern
jrobinson
gsheldern
coshearn
jlaslen
kshelvern
jtholdon
belkarn
bharper

45
usefulcommands.txt Normal file
View file

@ -0,0 +1,45 @@
quick command list:
find file:
sudo find -name "example"
lists all users:
awk -F':' '{ print $1}' /etc/passwd
prints all administrator users:
grep '^sudo:.*$' /etc/group | cut -d: -f4
add user to group:
sudo usermod -a -G GROUP USERNAME
remove user from group:
sudo deluser USERNAME GROUP
sign into account of user:
sudo su - USERNAME
change password:
passwd
check if UFW is enabled:
sudo ufw status
enable ufw:
sudo ufw enable
find active services:
systemctl list-units --type=service --state=active
temporarily stop service:
sudo service SERVICE stop
sudo systemctl stop SERVICE
remove service:
update-rc.d -f SERVICE remove
sudo systemctl disable SERVICE
config ssh:
sudo gedit /etc/ssh/sshd_config
print out whole directory tree with perms, ignoring a few directories:
ls -Rl / -I{home,var,tmp}