Install an Ubuntu Minimal Distro with your (security) favorite apps

Currently adapted for Ubuntu 9.10, 10.04 and 10.10

1. The OS

You can use UNEBOOTIN to permit a boot on an USB drive.

The Minimal CD downloads packages from online archives at installation time instead of providing them on the install CD itself. Downloading packages at install time reduces the size of the install CD to approximately 5 to 20MB depending on architecture, as well as providing only the packages needed for installation. The download time savings achieved by using a Minimal CD can be significant, as only current packages are downloaded, so there is no need to upgrade packages immediately after installation. The Minimal CD uses a text-based installer like the Alternate CD, making the CD image as compact as possible.

To install, boot your computer from the the Minimal CD and type “cli” (command line install) at the prompt. You can then follow the instructions from the text-based installer. After the base system installed, log in, and type “tasksel” to select the system to install.

https://help.ubuntu.com/community/Installation/MinimalCD

2. The applications

Here is a small script I launch to build the rest of my Ubuntu system (with GNOME).

#!/bin/bash
# chmod +x go.sh

#######################################################################
# Ubuntu-Desktop-Minimal: Post-install script to install only the bare
# essentials software you want of an Ubuntu Desktop.
# Tested with Ubuntu 9.04,9.10,10.04 and 10.10 - for GNOME Oriented Desktop
#######################################################################
# This script ADD or clean, but does NOT remove or rollback
# to a previous situation. This script is dedicated to run on an Minimal
# Ubuntu Distro, but can be also executed on a normal one, but it will produce
# warnings about objects that already exists.
#######################################################################

# Notes to readers :
# First, download the ISO from https://help.ubuntu.com/community/Installation/MinimalCD
# Build your small distro with your requirements, by following the instructions.

# VARIABLES
INSTALLED_SOFTWARE=InstalledSoftware.txt
BACKUP_FOLDER=~/backups
OLDCONF=$(dpkg -l|grep "^rc"|awk '{print $2}')
CURKERNEL=$(uname -r|sed 's/-*[a-z]//g'|sed 's/-386//g')
LINUXPKG="linux-(image|headers|ubuntu-modules|restricted-modules)"
METALINUXPKG="linux-(image|headers|restricted-modules)-(generic|i386|server|common|rt|xen)"
OLDKERNELS=$(dpkg -l|awk '{print $2}'|grep -E $LINUXPKG |grep -vE $METALINUXPKG|grep -v $CURKERNEL)
REPO=`lsb_release -s -c`
YELLOW="\033[1;33m"
RED="\033[0;31m"
ENDCOLOR="\033[0m"

#######################################################################
# SCRIPT
if [ $USER != root ]; then
  echo -e $RED"Error: must be root"
  echo -e $YELLOW"Exiting..."$ENDCOLOR
  exit 0
fi

# echo Your current Ubuntu version is $UBUNTU_VERSION
#######################################################################
case "$1" in
# HELP
--help)
     echo "=================="
echo Your UBUNTU Flavor is $REPO
     echo "=================="
     echo " Usage: $0 [Option]"
     echo " Here are the available options"
     echo " --help        Give you this page."
     echo " Setup         Install extra softwares."
     echo " Firewall      Configure ufw firewall."
     echo " BackupConf    Backup the vital config files."
     echo " Sysctl        Update Sysctl Files with more agressive options."
     echo " Update        Update the packages."
     echo " DistUpgrade   Upgrade to the last Dev Distro."
     echo " Clean         Purge the obsolete files and caches."
     echo " Services      Manage the running services."
     echo " Repositories  Add Extra repositories."
     echo " Alias         Add some aliases."
     echo " Go            Update and Clean."
     echo "=================="
     echo " "
     exit 1
;;
Alias)
        # Root
        echo alias ll=\'ls -lsah\' >> /root/.profile
        echo alias hm=\'cd /home/null/\' >> /root/.profile
;;
BackupConf)
        mkdir $BACKUP_FOLDER
        echo -e $YELLOW"Backup the configuration to $BACKUP_FOLDER"$ENDCOLOR
        echo "Saving your x11 conf"
        cp /etc/X11/xorg.conf $BACKUP_FOLDER/xorg.conf
        echo "Saving your Package Listing"
        cp /etc/apt/sources.list $BACKUP_FOLDER/sources.list
        echo "Saving your grub menu.lst - if exists"
        cp /boot/grub/menu.lst $BACKUP_FOLDER/menu.lst
        echo "Saving your grub.cfg"
        cp /boot/grub/grub.cfg $BACKUP_FOLDER/grub.cfg
        echo "Saving your Sysctl config"
        cp /etc/sysctl.conf $BACKUP_FOLDER/sysctl.conf

        # dpkg --get-selections > $INSTALLED_SOFTWARE
        # dpkg --set-selections < $INSTALLED_SOFTWARE
        # dselect
        apt-cache search . | grep ^i >> $BACKUP_FOLDER/$INSTALLED_SOFTWARE
;;

Repositories)
        echo -e $YELLOW"Add Specific Repositories"$ENDCOLOR
        add-apt-repository ppa:ubuntu-mozilla-security/ppa
        add-apt-repository ppa:tualatrix/ppa
        add-apt-repository âdeb http://archive.canonical.com/ $REPO partnerâ

        read -p "Add repository Canonical Partners (y/N)?"
        [ "$REPLY" == "y" ] && add-apt-repository "deb http://archive.canonical.com/ubuntu $REPO partner"
        read -p "Add repository launchpad Medibuntu (y/N)?"
        [ "$REPLY" == "y" ] && add-apt-repository "deb http://ppa.launchpad.net/tualatrix/ubuntu $REPO main"
        read -p "Add repository BackTrack from Offensive Security (y/N)?"
        [ "$REPLY" == "y" ] && add-apt-repository "deb http://repo.offensive-security.com/dist/bt4 binary"
        echo -e $YELLOW"Updating packages"$ENDCOLOR
        apt-get update
;;

Setup)
        echo -e $YELLOW"Install softwares ..."$ENDCOLOR
        read -p "Install Graphical Basic Gnome Desktop ? (y/N)"
        [ "$REPLY" == "y" ] && apt-get install -y --no-install-recommends ubuntu-desktop gnome-core gnome-utils synaptic gnome-terminal nautilus gnome-nettool ntfsprogs update-manager gdebi gdm gnome-panel gnome-themes-ubuntu network-manager-gnome human-theme synaptic
        read -p "Install Basic Tools (Require GUI) ? (y/N)"
        [ "$REPLY" == "y" ] && apt-get install firefox filezilla flashplugin-nonfree gedit gparted alsa-utils wifi-radar
        if [ "$REPO" = "karmic" ]; then
                # Works in 9.10
                read -p "Install Java ? (y/N)"
                [ "$REPLY" == "y" ] && apt-get install sun-java6-bin sun-java6-jre sun-java6-plugin && java -version
        elif [ "$REPO" = "lucid" ]; then
                # Works in 10.4
                read -p "Install Java ? (y/N)"
                [ "$REPLY" == "y" ] && apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts && java -version
        elif [ "$REPO" = "maverik" ]; then
                # Works in 10.10
                read -p "Install Java ? (y/N)"
                [ "$REPLY" == "y" ] && apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts && java -version        else
                echo "no Ubuntu release value match this script."
        fi
        read -p "Install Sys basic Tools ? (y/N)"
        [ "$REPLY" == "y" ] && apt-get install htop rcconf logrotate ssh putty iotop
        read -p "Install System remote and mappings connections ? (y/N)"
        [ "$REPLY" == "y" ] && apt-get install system-config-samba open-iscsi nfs-common
        read -p "Install Network and Security Tools ? (y/N)"
        [ "$REPLY" == "y" ] && apt-get install nethogs ufw gufw etherape kismet ettercap-gtk wireshark netwox zenmap wapiti nikto iptraf nbtscan dsniff tcpreplay john ngrep hping3 netcat tcpdump seahorse pwgen tiger denyhosts rkhunter chkrootkit clamtk python-scapy autopsy ophcrack pasco vinetto w3af sqlmap scalpel honeyd mtr tcptrace aide arpwatch arpalert arp-scan sipcrack pdfcrack aircrack-ng galleta ndisc6
#hydra
        read -p "Install Dev and Headers Tools ? (y/N)"
        [ "$REPLY" == "y" ] && apt-get install build-essential linux-headers-$(uname -r) subversion patch
        read -p "Codecs ? (y/N)"
        [ "$REPLY" == "y" ] && apt-get install vlc mplayer ubuntu-restricted-extras gstreamer0.10-plugins-bad gstreamer0.10-plugins-bad-multiverse audacity
        read -p "Laptop or Netbook ? (y/N)"
        [ "$REPLY" == "y" ] && apt-get install laptop-mode-tools laptop-detect wpasupplicant
        read -p "Install Ubuntu Tweak (Requires Gui)? (y/N)"
        [ "$REPLY" == "y" ] && echo deb http://ppa.launchpad.net/tualatrix/ubuntu $REPO main >> /etc/apt/sources.list && apt-key adv --recv-keys --keyserver keyserver.ubuntu.com FE85409EEAB40ECCB65740816AF0E1940624A220 && apt-get update && apt-get -y install ubuntu-tweak
;;
Services)
        echo -e $YELLOW"Manage Services"$ENDCOLOR
        apt-get install -y rcconf
        rcconf
;;

Sysctl)
        echo -e $YELLOW"Alter Sysctl file"$ENDCOLOR
        cat >> /etc/sysctl.conf <<ENDOFFILE
# For Swapp
vm.swappiness=10

# For TCP-IP
net.core.rmem_default = 524288
net.core.rmem_max = 524288
net.core.wmem_default = 524288
net.core.wmem_max = 524288
net.ipv4.tcp_wmem = 4096 87380 524288
net.ipv4.tcp_rmem = 4096 87380 524288
net.ipv4.tcp_mem = 524288 524288 524288
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_ecn = 0
net.ipv4.route.flush = 1

# Already Changed
ENDOFFILE
        sysctl -p
        vi /etc/sysctl.conf
;;
Firewall)
        echo -e $YELLOW"Activate Ubuntu Firewall (permit only DNS, Web and outgoing SSH)"$ENDCOLOR
        apt-get install -y ufw
        ufw status
        ufw allow out domain/udp
        ufw allow out http/tcp
        ufw allow out https/tcp
        ufw allow out ssh/tcp
        ufw logging on
        ufw enable
        ufw status
        echo -e $YELLOW"To disable your firewall - ufw disable"$ENDCOLOR

# UFW  - Firewall
# http://manpages.ubuntu.com/manpages/karmic/en/man8/ufw.8.html

;;
Go)
        $0 Update
        $0 Clean
;;
Update)
        echo -e $YELLOW"Update, Upgrade and Check ..."$ENDCOLOR
        apt-get update
        apt-get -y upgrade
        apt-get -y dist-upgrade
        apt-get -y check
;;
DistUpgrade)
        echo -e $YELLOW"Takes time, and can alter your current config"$ENDCOLOR
        read -p "Update to last stable distro ? (y/N)"
        [ "$REPLY" == "y" ] && do-release-upgrade -p
        echo -e $YELLOW"Long process, and can hurt your softwares"$ENDCOLOR
        read -p "Update to last devel distro ? (y/N)"
        [ "$REPLY" == "y" ] && do-release-upgrade -d
;;
Clean)
        echo -e $YELLOW"Cleaning apt cache..."$ENDCOLOR
        apt-get clean
        apt-get -y autoclean
        apt-get -y autoremove
        echo -e $YELLOW"Removing old config files..."$ENDCOLOR
        apt-get -y --purge autoremove
        apt-get purge $OLDCONF
        echo -e $YELLOW"Removing old kernels..."$ENDCOLOR
        apt-get purge $OLDKERNEL
        echo -e $YELLOW"Emptying every trashes..."$ENDCOLOR
        rm -rf /home/*/.local/share/Trash/*/** &> /dev/null
        rm -rf /root/.local/share/Trash/*/** &> /dev/null
;;
*)
  $0 --help
  exit 1
esac
exit 0

# To test or suggested :
# hydra eclipse aptoncd usb-creator tripwire clamav usb-imagewriter unetbootin iozone3 fwbuilder wine kernel-package snort ntop
# sfdumper.sh netdude galetta fragroute mysql apache2 phpMyAdmin nemesis-menu ncrack

Be the first to comment

Leave a Reply

Your email address will not be published.


*


*