diff --git a/README.md b/README.md
index 55b39ec..9e73203 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,9 @@ For example, an instructor could use SamuraiWTF to easily set up a virtual machi
This project includes and uses the [Samurai Katana][samurai-katana-url] project to manage installation and running of tools and targets in the virtual environment.
+**Reference Implementation**
+Currently the reference implementation for this project is built on top of Ubuntu 20.04 (look in the ubuntu-20 subfolder).
+
**Want to chat with us? Join us in either the OWASP Slack #project-samuraiwtf channel.**
**Want to Contribute? See [here](#Contributors)**
@@ -31,8 +34,8 @@ There are several options available to you. The quickest option is to download a
This option works best if you are not using Windows, or if you are using Windows without Hyper-V running.
[Download SamuraiWTF for VirtualBox
](https://downloads-samuraiwtf-com.s3.us-west-2.amazonaws.com/SamuraiWTF.ova)
-* MD5: `ec082f87d7f4644057c754afe9d39b93`
-* SHA256: `2211213df19ca97b430745a1442c6a488a592068c8fadd55b7c3b68497b44e82`
+* MD5: `edbcb6dd46d31ad2ca7a813520eee7e4`
+* SHA256: `f43d4c59bd49f032b5ae3b70a165398fa8dee68c88336c918c7b25f0ed633044`
For more information on removing or disabling Hyper-V, see [these instructions from Microsoft](https://support.microsoft.com/en-us/help/3204980/virtualization-applications-do-not-work-together-with-hyper-v-device-g).
@@ -40,18 +43,16 @@ For more information on removing or disabling Hyper-V, see [these instructions f
This option works best if you are running Windows 10 or higher and already have Hyper-V installed. If you use the Windows Linux Subsystem (WLS), then you have Hyper-V installed.
[Download SamuraiWTF for Hyper-V
](https://downloads-samuraiwtf-com.s3.us-west-2.amazonaws.com/SamuraiWTF_HyperV.zip)
-* MD5: `6ef78ffcad8b2b88fef9bf500fb19346`
-* SHA256: `1ee0563075770f3a02060f4c0967336c0985e270164525c3cd727dd38e80a848`
+* MD5: `93d262417fc0dd3a16c96b516be60d2e`
+* SHA256: `d4aad0a92f94604e082f02b3247e9a1a1406aaad85f2c1114f2ae253cc5627fe`
-Once it is downloaded, you will want to unzip the file and then
+Once it is downloaded, you will want to unzip the file and then create a new VM in Hyper-V. Attach the .hvdx drive and set the RAM to 4096.
### Option 3: Build an Amazon Workspace
This option works best if you are familiar with Amazon Web Services (AWS) and want your students to remote into the lab environments instead of running them as local virtual machines. This can be a great option when students are running potentially low-powered machines because it even works from a Chromebook. For details, view [/amazon-linux/README.md](https://github.com/SamuraiWTF/samuraiwtf/blob/main/amazon-linux/README.md).
-### Build on VirtualBox with Vagrant
-Currently, the most stable Vagrant build is the one for Amazon Linux. This builds from a Windows environment. Details are in the file [/amazon-linux/README.md](https://github.com/SamuraiWTF/samuraiwtf/blob/main/amazon-linux/README.md).
-
-If you are interested in building alternatives on different Linux distributions, use the Amazon Linux folder as a starting point, since that is the current reference implementation.
+### Build on Hyper-V or VirtualBox with Vagrant
+Currently, the most stable Vagrant build is the one for Ubuntu 20.04. Details are in the file [/amazon-linux/README.md](https://github.com/SamuraiWTF/samuraiwtf/blob/main/ubuntu-20/README.md).
## Default Password
There is a default user and password for the SamuraiWTF environment: `samurai` / `samurai`
diff --git a/ubuntu-20/README.md b/ubuntu-20/README.md
new file mode 100644
index 0000000..66c711d
--- /dev/null
+++ b/ubuntu-20/README.md
@@ -0,0 +1,46 @@
+# Choose a Provider
+We use Vagrant to build this VM, so that is the prerequisite. Hyper-V is the default provider because most people using SamuraiWTF are doing so from a Windows host and Hyper-V tends to go considerably smoother than other vagrant providers on Windows. This version of SamuraiWTF is built on top of the [_bento/ubuntu-20.04_ base box](https://app.vagrantup.com/bento/boxes/ubuntu-20.04) ,which supports additional providers. We have a configuration for virtualbox but if you need a different provider (e.g. vmware_fusion) then it may be possible by adding its configuration to the Vagrant file in this folder.
+
+## Hyper-V (Default, Windows)
+1. From an Administrator PowerShell window, navigate to this folder and run `vagrant up`
+2. Select the _Default Switch_ when prompted to select which switch to use. If you don't have a _Default Switch_ option then you will need to create or use a switch that will allow the VM to access the Internet.
+3. Wait for the script to complete. This may take a long time (20-30 minutes).
+4. Run `vagrant reload` to restart the VM and ensure all the configuration is in place during boot.
+5. Connect to the VM and login in with user: _samurai_ , password: _samurai_
+
+## VirtualBox
+1. From the command line, navigate to this folder and run `vagrant up --provider=virtualbox`
+2. The VirtualBox provider will automatically open a new window. Ignore that window for now and wait for the script to complete. This may take a long time (20-30 minutes, possibly longer when running alongside Hyper-V).
+3. Run `vagrant reload` to restart the VM and ensure all the configuration is in place during boot.
+4. Connect to the VM and login in with user: _samurai_ , password: _samurai_
+
+# Final Setup
+If you intend to make this VM available to others, for example as a lab environment for a class, there are a few other recommended steps:
+
+- From the command line, run `gnome-tweaks`, navigate to _Extensions_ and enable the _Applications menu_ option. Also enable the _Window list_ option. (_note: if you don't see the Extensions menu option, try closing gnome-tweaks, resizing your window, and opening it again)_.
+- In firefox, visit `about:preferences#privacy` and select appropriate options. Since this is going to be used to practice penetration testing, it may be preferable to disable features that may interfere such as block content and popup windows.
+- On the same page in firefox, scroll down to Certificates, uncheck the _Query OCSP_ option, and click _View Certificates_. Click the import button and navigate to and open `/etc/samurai.d/certs/localRootCA.crt`. Check the box _Trust this CA to identify websites._ and click the _OK_ button.
+- Now on a second tab visit `https://katana.test:8443`. You should see the Katana dashboard. You can set this as the default Homepage in _Settings-->Home_.
+- Although the interface can be used to install applications, the command line provides better feedback and error messages. Use katana to install each of the tools and targets you need. The following example set is a good start for most (note: katana always runs as root):
+```bash
+katana install zap
+katana install wordlists
+katana install sqlmap
+katana install juice-shop
+katana install wayfarer
+katana install samurai-dojo
+katana install musashi
+```
+
+There is also a convenience shell script at `/vagrant/ubuntu-20/install_recommended.sh` that will install all of this plus a few other recommended targets and tools.
+
+- Test that all the targets and tools start as expected before moving on to the final steps.
+- Run `katana lock` to freeze the set of targets and tools displayed in the katana UI. Note that a restart (i.e. `katana stop katana && katana start katana`) is needed to see the changes.
+- Remove the vagrant user with the command `sudo userdel vagrant` and to save some space you can also remove the working vagrant folder with `sudo rm -rf /vagrant`.
+- **Optional**: If you want to minimize the final size of the image, use a tool such as bleachbit (i.e. `sudo apt install bleachbit`, run with sudo).
+
+## Prepare for Distribution
+If you are distributing your image (e.g. for a class), you will want to put it in a suitable format for download / USB storage and importing into Hyper-V. To do this, perform the following steps:
+- Shut down the VM
+- Export the VM from HyperV
+- Find the vhdx file in the Virtual Hard Disks subfolder (it will likely be labeled Ubuntu), rename it if necessary, and zip it up. This is the only file that needs to be distributed for HyperV.
\ No newline at end of file
diff --git a/ubuntu-20/Vagrantfile b/ubuntu-20/Vagrantfile
new file mode 100644
index 0000000..341635f
--- /dev/null
+++ b/ubuntu-20/Vagrantfile
@@ -0,0 +1,144 @@
+$bootstrapscript = <<-SCRIPT
+set -euxvo pipefail
+echo ">>>>>>>>>>>>> Installing prerequisites and Mate UI..."
+add-apt-repository ppa:ubuntu-mate-dev/fresh-mate -y
+apt update -y
+apt upgrade -y
+
+apt install mate-desktop-environment -y
+apt install ansible git -y
+
+echo ">>>>>>>>>>>>>>>> Running Playbook"
+pushd /vagrant
+ansible-playbook -K ubuntu-20/local_playbook.yml
+popd
+
+# TODO: This doesn't seem to be doing anything. Prefs may need to be set locally for the samurai user.
+# echo ">>>>>>>>>>>>>>>> Update Firefox Prefs"
+# ff_preferences="/etc/firefox/syspref.js"
+# touch $ff_preferences
+# echo "pref('browser.startup.homepage', 'https://katana.test:8443');" >> $ff_preferences
+
+echo ">>>>>>>>>>>>>>>> Initializing certificates"
+openssl genrsa -out /etc/samurai.d/certs/rootCAKey.pem 2048
+openssl req -x509 -sha256 -new -nodes -key /etc/samurai.d/certs/rootCAKey.pem -days 365 -out /etc/samurai.d/certs/rootCACert.pem -subj "/C=US/ST=Hacking/L=Springfield/O=SamuraiWTF/CN=samuraiwtf"
+openssl req -new -newkey rsa:4096 -nodes -keyout /etc/samurai.d/certs/katana.test.key -out /etc/samurai.d/certs/katana.test.csr -subj "/C=US/ST=Hacking/L=Springfield/O=SamuraiWTF/CN=katana.test"
+openssl x509 -inform pem -outform der -in /etc/samurai.d/certs/rootCACert.pem -out /etc/samurai.d/certs/localRootCA.crt
+cp /etc/samurai.d/certs/localRootCA.crt /usr/local/share/ca-certificates/
+update-ca-certificates
+
+echo ">>>>>>>>>>>>>>>> Installing Katana"
+katana --update
+katana install katana
+systemctl enable samurai-katana
+katana start katana
+
+echo ">>>>>>>>>>>>>>>> Setting default session to graphical.target"
+# systemctl set-default graphical.target
+SCRIPT
+
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+ # The most common configuration options are documented and commented below.
+ # For a complete reference, please see the online documentation at
+ # https://docs.vagrantup.com.
+
+ # Every Vagrant development environment requires a box. You can search for
+ # boxes at https://vagrantcloud.com/search.
+
+ config.vm.box = "bento/ubuntu-20.04"
+
+ config.vm.define "samuraiwtf", primary: true do |samuraiwtf|
+ samuraiwtf.vm.host_name = "SamuraiWTF"
+ samuraiwtf.vm.synced_folder "..", "/vagrant", type: "rsync", rsync_exclude: ".git/"
+
+ samuraiwtf.vm.provider "hyperv" do |hv|
+ hv.vmname = "SamuraiWTF-5.2.1"
+ hv.maxmemory = "4096"
+ hv.vm_integration_services = {
+ guest_service_interface: true
+ }
+ end
+
+ samuraiwtf.vm.provider "virtualbox" do |vb|
+ vb.gui = true
+ vb.name = "SamuraiWTF-5.2.1"
+ vb.memory = "4096"
+ vb.customize ["modifyvm", :id, "--vram", "128"]
+ vb.customize ["modifyvm", :id, "--cpus", "2"]
+ vb.customize ["modifyvm", :id, "--vrde", "off"]
+ vb.customize ["modifyvm", :id, "--graphicscontroller", "vmsvga"]
+ vb.customize ["modifyvm", :id, "--accelerate2dvideo", "on"]
+ end
+
+ end
+
+ # config.vm.provider "virtualbox" do |v|
+ # v.customize ["modifyvm", :id, "--memory", "2048"]
+ # end
+ #
+ # config.vm.provider "vmware_fusion" do |v|
+ # v.vmx["memsize"] = "2048"
+ # end
+
+ # Disable automatic box update checking. If you disable this, then
+ # boxes will only be checked for updates when the user runs
+ # `vagrant box outdated`. This is not recommended.
+ # config.vm.box_check_update = false
+
+ # Create a forwarded port mapping which allows access to a specific port
+ # within the machine from a port on the host machine. In the example below,
+ # accessing "localhost:8080" will access port 80 on the guest machine.
+ # NOTE: This will enable public access to the opened port
+ # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+ # Create a forwarded port mapping which allows access to a specific port
+ # within the machine from a port on the host machine and only allow access
+ # via 127.0.0.1 to disable public access
+ # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+ # Create a private network, which allows host-only access to the machine
+ # using a specific IP.
+ # config.vm.network "private_network", ip: "192.168.33.10"
+
+ # Create a public network, which generally matched to bridged network.
+ # Bridged networks make the machine appear as another physical device on
+ # your network.
+ # config.vm.network "public_network"
+
+ # Share an additional folder to the guest VM. The first argument is
+ # the path on the host to the actual folder. The second argument is
+ # the path on the guest to mount the folder. And the optional third
+ # argument is a set of non-required options.
+ # config.vm.synced_folder "../data", "/vagrant_data"
+
+ # Provider-specific configuration so you can fine-tune various
+ # backing providers for Vagrant. These expose provider-specific options.
+ # Example for VirtualBox:
+ #
+ # config.vm.provider "virtualbox" do |vb|
+ # # Display the VirtualBox GUI when booting the machine
+ # vb.gui = true
+ #
+ # # Customize the amount of memory on the VM:
+ # vb.memory = "1024"
+ # end
+ #
+ # View the documentation for the provider you are using for more
+ # information on available options.
+
+ # Enable provisioning with a shell script. Additional provisioners such as
+ # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+ # documentation for more information about their specific syntax and use.
+ # config.vm.provision "shell", inline: <<-SHELL
+ # apt-get update
+ # apt-get install -y apache2
+ # SHELL
+ config.vm.provision "shell", inline: $bootstrapscript
+end
\ No newline at end of file
diff --git a/ubuntu-20/install_recommended.sh b/ubuntu-20/install_recommended.sh
new file mode 100644
index 0000000..604424d
--- /dev/null
+++ b/ubuntu-20/install_recommended.sh
@@ -0,0 +1,11 @@
+katana install zap
+katana install burpsuite
+katana install wordlists
+katana install sqlmap
+katana install nikto
+katana install juice-shop
+katana install wayfarer
+katana install mutillidae
+katana install dvwa
+katana install samurai-dojo
+katana install musashi
\ No newline at end of file
diff --git a/ubuntu-20/local_playbook.yml b/ubuntu-20/local_playbook.yml
new file mode 100644
index 0000000..d3d9ddf
--- /dev/null
+++ b/ubuntu-20/local_playbook.yml
@@ -0,0 +1,350 @@
+---
+
+- name: run the playbook tasks on the localhost from the ~/samuraiwtf folder
+ hosts: 127.0.0.1
+ connection: local
+ vars:
+ groupname: samurai
+ username: samurai
+ tasks:
+### Prerequisites
+ - name: Create group
+ group:
+ name: "{{ groupname }}"
+ state: present
+
+ - name: Ensure samurai user is present
+ ansible.builtin.user:
+ name: "{{ username }}"
+ groups: "{{ groupname }},sudo"
+ password: $1$XF.06J/n$A1G6zX5AF33pQQOTcH0Ix.
+ shell: /usr/bin/bash
+ state: present
+
+ - name: Install prerequisite packages
+ apt:
+ name:
+ - nginx
+ - vim
+ - curl
+ - docker
+ - docker-compose
+ - unzip
+ - php-fpm
+ - nano
+ - python3
+ - python3-pip
+ - firefox
+ - gnome-shell-extensions
+ - mate-tweak
+ - python-is-python3
+ - default-jre
+ state: present
+ become: true
+
+# - name: Install Java corretto from remote repo
+# yum:
+# name: https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm
+# state: present
+
+ - name: python prerequisite modules
+ pip:
+ name: "{{ modules }}"
+ executable: /usr/bin/pip3
+ become: yes
+ vars:
+ modules:
+ - docker
+
+ - name: Create cli-plugins folder for docker-compose
+ file:
+ path: /usr/local/lib/docker/cli-plugins
+ state: directory
+ become: yes
+
+ - name: Download and install docker-compose
+ ansible.builtin.uri:
+ url: https://github.com/docker/compose/releases/download/v2.9.0/docker-compose-linux-x86_64
+ dest: /usr/local/lib/docker/cli-plugins/docker-compose
+ mode: "+x"
+ become: yes
+
+ - name: install compose-switch switch to support docker 1.x
+ ansible.builtin.uri:
+ url: https://github.com/docker/compose-switch/releases/download/v1.0.5/docker-compose-linux-amd64
+ dest: /usr/local/bin/compose-switch
+ mode: "+x"
+ become: yes
+
+# - name: install docker-compose
+# shell: 'curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose'
+# become: yes
+# when: stat_docker_compose.stat.exists == False
+#
+# - name: set permissions for docker-compose
+# file:
+# path: /usr/local/lib/docker/cli-plugins/docker-compose
+# mode: "+x"
+# become: yes
+#
+# - name: install compose-switch switch to support docker 1.x
+# shell: 'curl -fL https://github.com/docker/compose-switch/releases/download/v1.0.4/docker-compose-linux-amd64 -o /usr/local/bin/compose-switch'
+# become: yes
+# when: stat_docker_compose.stat.exists == False
+#
+# - name: set permissions for compose-switch
+# file:
+# path: /usr/local/bin/compose-switch
+# mode: "+x"
+# become: yes
+
+ - name: create the main Samurai program folder
+ file:
+ path: /opt/samurai
+ state: directory
+ owner: "{{ username }}"
+ group: "{{ groupname }}"
+ become: yes
+
+ - name: Copy Samurai icon
+ copy:
+ src: ../common/samurai-icon.png
+ dest: /opt/samurai/
+ become: yes
+
+
+### Menus
+
+ - name: Setup menu /etc/samurai.d/desktop-directories
+ file:
+ path: /etc/samurai.d/desktop-directories/
+ state: directory
+ become: yes
+
+ - name: Setup menu /etc/samurai.d/applications
+ file:
+ path: /etc/samurai.d/applications/
+ state: directory
+ become: yes
+
+ - name: Setup menu /etc/samurai.d/desktop-directories
+ file:
+ path: /etc/samurai.d/desktop-directories/
+ state: directory
+ become: yes
+
+ - name: Create main samurai-wtf menu
+ copy:
+ dest: /etc/samurai.d/desktop-directories/samuraiwtf.directory
+ content: |
+ [Desktop Entry]
+ Type=Directory
+ Name=Samurai WTF
+ Icon=/opt/samurai/samurai-icon.png
+ mode: 0744
+ become: yes
+
+ - name: Create applications-merged folder
+ file:
+ path: /etc/xdg/menus/applications-merged
+ state: directory
+ become: yes
+
+ - name: Create main samurai-wtf menu
+ copy:
+ dest: /etc/xdg/menus/applications-merged/samuraiwtf.menu
+ content: |
+
+
+ mode: 0744
+ become: yes
+
+### Setup first-time login customizations
+ - name: Copy desktop file somewhere we can use it
+ copy:
+ src: ../common/samurai-wide-faded.jpg
+ dest: /opt/samurai/samurai-wide-faded.jpg
+ owner: "{{ username }}"
+ group: "{{ groupname }}"
+ become: yes
+
+ - name: Create first-time login setup script.
+ copy:
+ dest: /etc/profile.d/first_login.sh
+ content: |
+ #!/bin/bash
+
+ if [ -e $HOME/.samurai ]
+ then
+ echo "already run first time scripts."
+ else
+ gsettings set org.gnome.desktop.background picture-uri file:///opt/samurai/samurai-wide-faded.jpg
+
+ if [ ! -L ~/samurai ]; then
+ ln -s /opt/samurai ~/samurai
+ fi
+ touch $HOME/.samurai
+ fi
+ cd $HOME
+ mode: 0755
+ become: yes
+
+### Update PHP Config
+# - name: Update PHP listener
+# replace:
+# path: /etc/php-fpm.d/www.conf
+# regexp: '^listen = 127.0.0.1.*'
+# replace: 'listen = /var/run/php-fpm/php-fpm.sock'
+# become: yes
+
+# - name: Update PHP User
+# replace:
+# path: /etc/php-fpm.d/www.conf
+# regexp: '^user = apache'
+# replace: 'user = nginx'
+# become: yes
+#
+# - name: Update PHP Group
+# replace:
+# path: /etc/php-fpm.d/www.conf
+# regexp: '^group = apache'
+# replace: 'group = nginx'
+# become: yes
+
+ - name: Add info.php test file
+ copy:
+ dest: /var/www/html/info.php
+ content: |
+
+ mode: 0644
+ force: no
+ become: yes
+
+ - name: Install nginx configuration
+ copy:
+ src: ./nginx/
+ dest: /etc/nginx/conf.d/
+ force: yes
+ become: yes
+
+ - name: Start PHP Processor
+ service:
+ name: php7.4-fpm
+ state: started
+ enabled: yes
+ become: yes
+
+ - name: Start nginx
+ service:
+ name: nginx
+ state: started
+ enabled: yes
+ become: yes
+
+ - name: Check if npm installer already downloaded
+ stat:
+ path: /tmp/npm_setup.sh
+ register: stat_npm_setup
+
+ - name: Download npm installer
+ get_url:
+ url: https://deb.nodesource.com/setup_16.x
+ dest: /tmp/npm_setup.sh
+ mode: 0744
+# when: stat_npm_setup.stat.exists == False
+
+ - name: Install npm repo
+ shell: '/tmp/npm_setup.sh'
+ become: yes
+# when: stat_npm_setup.stat.exists == False
+
+ - name: Add nodejs repo
+ apt:
+ name: nodejs
+ state: present
+ become: yes
+
+ - name: Install npm repo
+ shell: 'npm install -g yarn'
+ become: yes
+
+ - name: Setup katana launcher
+ copy:
+ dest: /usr/bin/katana
+ content: |
+ #!/bin/bash
+ if [[ "$1" = "--update" ]]; then
+ echo "Updating Katana..."
+ BRANCH="main"
+ if [[ -n "$2" ]] ; then
+ BRANCH="$2"
+ fi
+ sudo rm -rf /tmp/katana
+ pushd /tmp
+ sudo rm -rf /tmp/katana
+ echo "Cloning repository branch '$BRANCH'"
+ sudo git clone --depth=1 --single-branch --branch $BRANCH https://github.com/SamuraiWTF/katana.git || exit
+ sudo mkdir -p /opt/katana
+ sudo cp -R /tmp/katana/* /opt/katana/
+ cd /opt/katana
+ sudo pip3 install -r /opt/katana/requirements.txt
+ popd
+ echo "Update is complete."
+ else
+ cd /opt/katana
+ sudo python3 ./katanacli.py "$@"
+ fi
+ mode: 0777
+ become: yes
+
+ - name: Create add-ons folder
+ file:
+ path: /opt/samurai/add-ons/firefox
+ state: directory
+ owner: "{{ username }}"
+ group: "{{ groupname }}"
+ become: yes
+
+ - name: Download Foxy Proxy add-on for Firefox
+ get_url:
+ url: https://addons.mozilla.org/firefox/downloads/file/3476518/
+ dest: /opt/samurai/add-ons/firefox/
+
+ - name: Recursively update the main Samurai program folder
+ file:
+ path: /opt/samurai
+ state: directory
+ owner: "{{ username }}"
+ group: "{{ groupname }}"
+ recurse: yes
+ mode: 'g+r'
+ become: yes
+
+ - name: Create cert folder
+ file:
+ path: /etc/samurai.d/certs
+ state: directory
+ become: yes
+
+ - name: Add application menu
+ shell: 'gnome-extensions enable app-menu@gnome-shell-extensions.gcampax.github.com'
+ become: yes
+ become_user: samurai
+
+# - name: Ensure SELinux is set to disabled mode
+# ansible.builtin.lineinfile:
+# path: /etc/selinux/config
+# regexp: '^SELINUX='
+# line: SELINUX=disabled
\ No newline at end of file
diff --git a/ubuntu-20/nginx/default.conf b/ubuntu-20/nginx/default.conf
new file mode 100644
index 0000000..7e2c0c9
--- /dev/null
+++ b/ubuntu-20/nginx/default.conf
@@ -0,0 +1,25 @@
+server {
+ listen 80;
+ server_name localhost;
+
+ # note that these lines are originally from the "location /" block
+ root /var/www/html;
+ index index.php index.html index.htm;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ error_page 404 /404.html;
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /var/www/html;
+ }
+
+ location ~* \.php$ {
+ try_files $uri =404;
+ fastcgi_pass unix:/var/run/php/php-7.4fpm.sock;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ include fastcgi_params;
+ }
+}