-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathbootstrap_cleanup.sh
149 lines (114 loc) · 4.24 KB
/
bootstrap_cleanup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#!/bin/bash
#### Prevent apt-get from asking us questions while isntalling software
export DEBIAN_FRONTEND=noninteractive
#### The Debian AMI uses the Syslinux bootloader but Kali uses Grub2 so let's use Grub2
# update the grub device.map, necessary for AWS Debian for now...
grub-mkdevicemap
# set the debconf selections
debconf-set-selections <<< 'grub-installer grub-installer/only_debian boolean true'
debconf-set-selections <<< 'grub-installer grub-installer/with_other_os boolean true'
debconf-set-selections <<< 'grub-pc grub-pc/install_devices multiselect /dev/sda1'
# /dev/xvda, for AWS
# /dev/sda, for Virtualbox
# fix for when grub updates
unset UCF_FORCE_CONFFOLD
export UCF_FORCE_CONFFNEW=YES
ucf --purge /boot/grub/menu.lst
# Install grub2
apt-get -y --force-yes install grub2
# set the debconf selections
debconf-set-selections <<< 'unattended-upgrades unattended-upgrades/enable_auto_updates boolean true'
debconf-set-selections <<< 'unattended-upgrades/origins_pattern: "origin=Debian,codename=${distro_codename},label=Debian-Security";'
# delete the current unattended-upgrades file
rm -f /etc/apt/apt.conf.d/50unattended-upgrades
rm -f /etc/apt/apt.conf.d/20auto-upgrades
#### Update to the newest version of Kali
apt-get update
apt-get -y --force-yes upgrade
# apt-get -o Dpkg::Options::="--force-confnew" --force-yes -fuy dist-upgrade
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade
#### Clean up after apt-get
apt-get -y autoremove --purge
apt-get -y clean
# @see https://raw.githubusercontent.com/averagesecurityguy/packer-debian2kali-ec2/master/scripts/cleanup.sh
# Remove SSH key pairs according to AWS requirements for shared AMIs:
# @see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/building-shared-amis.html
# shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
# shred -u /home/admin/.ssh/*
# shred -u /home/vagrant/.ssh/*
# Wipe our logs
echo "INFO: Cleaning log files and history..."
echo > /var/log/auth.log
echo > /var/log/cloud-init.log
echo > /var/log/daemon.log
echo > /var/log/debug
echo > /var/log/dmesg
rm -rf /var/log/dmesg.*
echo > /var/log/dpkg.log
echo > /var/log/kern.log
echo > /var/log/lastlog
echo > /var/log/messages
echo > /var/log/pm-powersave.log
echo > /var/log/syslog
echo > /var/log/user.log
echo > /var/log/wtmp
echo > /var/log/Xorg.0.log
echo > /var/log/apt/history.log
# echo > /var/log/ConsoleKit/history
# echo > /var/log/gdm3/:0-greeter.log
# echo > /var/log/gdm3/:0.log
# echo > /var/log/gdm3/:0-slave.log
# Clear our Bash history
history -c
history -w
# Disable services auto-starting, for better security
# @see http://manpages.ubuntu.com/manpages/hardy/man8/update-rc.d.8.html
# update-rc.d <service> defaults, to re-enable
echo "INFO: Disabling service auto-start..."
# save the output of service status
services_status=$(service --status-all 2>&1);
if grep -q " \[ + \] smbd" <<< "$services_status"; then
echo "INFO: Disabling Samba / smbd"
service smbd stop
update-rc.d -f smbd remove
fi
if grep -q " \[ + \] samba" <<< "$services_status"; then
echo "INFO: Disabling Samba"
service samba stop
update-rc.d -f samba remove
fi
if grep -q " \[ + \] samba-ad-dc" <<< "$services_status"; then
echo "INFO: Disabling Samba / AD-DC"
service samba-ad-dc stop
update-rc.d -f samba-ad-dc remove
fi
if grep -q " \[ + \] nmbd" <<< "$services_status"; then
echo "INFO: Disabling NetBIOS"
service nmbd stop
update-rc.d -f nmbd remove
fi
if grep -q " \[ + \] apache2" <<< "$services_status"; then
echo "INFO: Disabling Apache"
service apache2 stop
update-rc.d -f apache2 remove
fi
if grep -q " \[ + \] mysql" <<< "$services_status"; then
echo "INFO: Disabling MySQL"
service mysql stop
update-rc.d -f mysql remove
fi
if grep -q " \[ + \] postgresql" <<< "$services_status"; then
echo "INFO: Disabling Postgres"
service postgresql stop
update-rc.d -f postgresql remove
fi
if grep -q " \[ + \] dradis" <<< "$services_status"; then
echo "INFO: Disabling Dradis"
service dradis stop
update-rc.d -f dradis remove
fi
if grep -q " \[ + \] beef-xss" <<< "$services_status"; then
echo "INFO: Disabling Beef-XSS"
service beef-xss stop
update-rc.d -f beef-xss remove
fi