A collection of system hardening and generally-useful scripts for Linux systems. Targets Artix, works on any distro. Some inits require disabling the included boot parameter hardening, otherwise they won't boot (systemd)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

56 lines
1.4 KiB

#!/bin/bash
screenname="psec-parrot-$(cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c6)"
vm="$1"
RAM="$2"
if [[ "$RAM" == "" ]]; then
RAM=4096
fi
if [[ "$UID" != 0 ]]; then
echo "Starting VM '$vm' under screen: $screenname"; sleep 1
touch "/tmp/psec-screen-$screenname"
screen -S "$screenname" /usr/bin/sudo "$0" "$1" "$2" "$screenname"
# sudo "$0" "$1" "$2" "$screenname" "$@"
exit
fi
usbctl tmp
emptyfile="/tmp/$(cat /dev/urandom | head -c64 | md5sum | cut -d' ' -f1)"
touch "$emptyfile"
exec 3<> "$emptyfile"
#echo "- $vm"
bwrap \
--ro-bind / / \
--ro-bind-data 3 /crypto_keyfile.bin \
--dev-bind /dev/ /dev/ \
--tmpfs /var/log/ \
--tmpfs /usr/src \
--tmpfs /lib/modules \
--tmpfs /usr/lib/modules \
--tmpfs /run/ \
--tmpfs /boot/ \
--tmpfs /mnt/ \
--tmpfs /tmp/ \
--tmpfs /root/ \
--tmpfs /home/ \
--tmpfs /parsec/ \
--tmpfs /tmp/ \
--bind /parsec/sdb1/user/admin/vm/"$vm" /parsec/sdb1/user/admin/vm/ \
--unshare-ipc \
--unshare-pid \
--share-net \
--unshare-uts \
--unshare-cgroup \
--die-with-parent \
--cap-drop all \
--cap-add CAP_DAC_OVERRIDE \
--new-session \
/usr/bin/proxychains -f /etc/proxychains-no-tor /usr/bin/qemu-system-x86_64 -enable-kvm -usb -drive file=/parsec/sdb1/user/admin/vm/hdd.img,format=raw \
-device usb-host,vendorid=0x046d,productid=0xc08b \
-monitor stdio -vga std -m "$RAM" -cdrom /parsec/sdb1/user/admin/vm/cd.iso -boot d
rm "$emptyfile"
if [[ "$2" != "" ]]; then
rm "/tmp/psec-screen-$2"
fi