Automate package installation and configuration of a fresh Ubuntu system
Ubuntu Bootstrap is a series of bash scripts that help automate the setup of an environment of Python development, malware analysis, and general security & privacy tools.
Execution can be done fully automatically by running the command
bash <(curl -L https://raw.github.com/deadbits/ubuntu-bootstrap/master/install.sh)
which will clone the repo and perform the full installation process, or manually by cloning the Github repo. The latter allows you to review and edit the package installation and setup files to suite your specific needs while still keeping the overall bootstrapping process in place.
The bootstrap.sh script executes multiple bash scripts that are specific to their purpose. If you don't want to run a specific script, simply comment out the line source core/$scriptname.sh inside of boostrap.sh. The sections below go into general detail about what each script installs- a complete overview is available on Github.
Standard Packages & Libraries
This will first run apt-get update and then install basic system packages such as vim, wget, make, coreutils, gdb, zsh, git, as well as several commonly needed library development packages like libxml2, libffi, libtool, libmagic, etc.
The next phase of installations is commonly used and lightweight databases, specifically MongoDB, SQLite3 and Postgresql.
Here we install some all around handy tools and security packages such as upx, unrar, jq, dnsutils, tcpdump, httpie, Tor, logcheck, secure-delete, dnscrypt-proxy, tmux, byobu and a few more.
When first running this script, the user is asked if they want to create a new set of SSH and PGP keys. If so, this is performed and the package rng-tools is installed and executed to quickly create entropy for the PGP key generation.
VIM for Python
VIM can make a powerful Python IDE when the proper setup is used, as has been mentioned on numerous websites and blogs. Here we just start with the basics of what makes a great VIM IDE by installing a pre-built vimrc file to $HOME/.vimrc with commands specific to aid Python development, along with a handful of color schemes copied to $HOME/.vim/colors. If you love VIM as much as we do, we strongly suggest you take a peak at the posts linked above for some ideas on how to expand your environment with plugins and more.
After the initial setup above, oh-my-zsh will be installed and a pre-built .zshrc file copied to the users home directory. The zshrc file contains several useful aliases and functions such as: getting the current Bitcoin price, geolocation of IP addresses, to monitoring active TCP connections, securely deleting files, using wget via Tor, serving a directory as a webserver, and more.
This script is very straight forward and simply prompts the user to enter their Github.com email address and username, then sets these options using git config --global and generates a new SSH key using the Github email address as the key name. Upload that key to your Github account and you're off to the races!
Python & Libraries
Python 2.7 will be installed along with setup-tools, pip, virtualenv, and multiple Python libraries for data processing, networking, database interaction, web development, and machine learning. Some library examples installed include scikit-learn, numpy, pandas, bottle and Flask, gevent, paramiko, scapy, ansible, boto, jsonschema, elasticsearch, pymongo, redis, and six, among several more.
The amazing interpreter Bpython is also installed, which provides syntax highlighting, auto-completion and auto-indentation, Python 3 support, and great features like saving your code to a file, sending it to a specified Pastebin site, or "rewinding" your code.
Upon execution, users will be asked if they wish to install Nginx and/or Apache. This provides a quick way to get the latest version of your chosen webserver installed and running, though please take note that you are expected to edit the configuration files and any firewall rules manually- this simply performs the package installation. Also, if Apache is installed the apache2-utils, ssl-cert, and libapache2-mod-wsgi packages will be installed along with it.
Both applications can be safely installed alongside each other with Ubuntu Bootstrap as custom configuration files are supplied that will run Apache on port 8888 and Nginx on port 80. After installation it is expected the user edits the webservers config files as needed.
A series of tools for the collection and analysis of malware will be installed into the directory /opt/malware/apps/ and a malware sample storage directory at /opt/malware/samples, along with some Python libraries useful for analysis tasks, and a customized GDB init file for debugging purposes. If you manually commented out the Python script, the malware.sh file will still install Python as it's required for the tools in this stage.
Analysis Tools & Python Libraries
The installed tools include Combine for sample collection, Viper for storage and analysis, Yara for signature generation, ssdeep and hashdeep for computing and comparing files, the python-hachoir libraries, pyelftools, pydeep, and finally oletools, pefile, and pev for Windows document and executable exploration.