warding 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f3123c9bc47351bb1c1e034f6d17678c9488a43bcd53530f6585780ee11a9fa0
+  data.tar.gz: 20caf1e52981a0f4ef823a9499bfb2f2e0bf275f95428807d885b40824906775
+SHA512:
+  metadata.gz: b4d282ad28fa2f4f4fd9d1d6330eaa6ac8d13dc10d25e6826c8e05f840d6b7b403ebd86dc629741360c301eb3b6dd5ed429c7b1a35658f1d4852428e2d492ad3
+  data.tar.gz: 842edc0b9b428379e9c5ac9fcd4834a88c48bd4a4c7132fbb95b5b7c14103663024af032ac8a934eb46c1398a85eb05c712849a67e0df4eacccfe31a774f262f

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gemspec
+
+gem 'rake', '~> 12.0'
+gem 'tty-prompt'

data/Gemfile.lock

@@ -0,0 +1,33 @@
+PATH
+  remote: .
+  specs:
+    warding (0.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    pastel (0.8.0)
+      tty-color (~> 0.5)
+    rake (12.3.3)
+    tty-color (0.5.1)
+    tty-cursor (0.7.1)
+    tty-prompt (0.22.0)
+      pastel (~> 0.8)
+      tty-reader (~> 0.8)
+    tty-reader (0.8.0)
+      tty-cursor (~> 0.7)
+      tty-screen (~> 0.8)
+      wisper (~> 2.0)
+    tty-screen (0.8.1)
+    wisper (2.0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  rake (~> 12.0)
+  tty-prompt
+  warding!
+
+BUNDLED WITH
+   2.1.4

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Marlos Pomin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,30 @@
+# Warding
+
+> Custom Arch Linux designed for security assessments and pentesting.
+
+## Installation
+
+Install warding by using the `gem install` command.
+
+```bash
+gem install warding
+```
+
+## Usage
+
+WIP.
+
+## Todo
+
+* Code missing features.
+* Add extra checks.
+* Test installation.
+* Add GitHub actions.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/marlospomin/warding.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+task default: :spec

data/bin/console

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'warding'
+require 'irb'
+
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+# frozen_string_literal: true
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install

data/bin/warding

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'warding'
+
+# create a new installer
+warding = Warding::Installer.new
+# print banner
+warding.banner
+# check if everything is alright
+warding.check
+# gather inputs from the user
+user_input = warding.gather
+# install warding
+warding.install(user_input)

data/lib/warding.rb

@@ -0,0 +1,221 @@
+# frozen_string_literal: true
+
+require 'warding/version'
+require 'tty-prompt'
+
+module Warding
+  class Error < StandardError; end
+
+  class Installer
+    @@prompt = TTY::Prompt.new
+
+    def banner
+      puts <<~'EOF'
+
+         (  (                    (
+         )\))(   '    )   (      )\ )   (            (  (
+        ((_)()\ )  ( /(   )(    (()/(   )\    (      )\))(
+        _(())\_)() )(_)) (()\    ((_)) ((_)   )\ )  ((_))\
+        \ \((_)/ /((_)_   ((_)   _| |   (_)  _(_/(   (()(_)
+         \ \/\/ / / _` | | '_| / _` |   | | | ' \)) / _` |
+          \_/\_/  \__,_| |_|   \__,_|   |_| |_||_|  \__, |
+                                                    |___/
+
+      EOF
+    end
+
+    def check
+      unless `uname -a`.include?('Arch')
+        @@prompt.error('Exiting, this is not an Arch Linux distribution!')
+        exit!
+      end
+      unless `[ -d /sys/firmware/efi ] && echo true`.include?('true')
+        @@prompt.error('UEFI/EFI must be enabled to install warding')
+        exit!
+      end
+    end
+
+    def gather
+      locales_list = %w[en-US es-ES pt-BR ru-RU fr-FR it-IT de-DE ja-JP ko-KR zh-CN]
+      keymaps_list = %w[us uk br en fr de zh ru it es]
+
+      parsed_input = @@prompt.collect do
+        key(:update_mirrors).yes?('Update mirrorlist?')
+        key(:system_language).select('Pick the desired system language:', locales_list)
+        key(:keyboard_keymap).select('Pick your keyboard layout:', keymaps_list)
+
+        unless @@prompt.yes?('Set timezone automatically?', default: true)
+          key(:update_timezone).ask('Enter timezone:', required: true)
+        end
+
+        key(:root_password).mask('Insert new root password:', required: true)
+
+        key(:system_settings) do
+          bootloader = key(:bootloader).select('Which bootloader to use?', %w[systemd-boot grub])
+          partitions = key(:partitions).select(
+            'Select partition scheme to use:', ['/boot and /root', '/boot, /root and /home']
+          )
+
+          key(:boot_size).slider('Boot drive partition size (MiB):', min: 512, max: 4096, default: 1024, step: 128)
+
+          if partitions == '/boot, /root and /home'
+            key(:home_size).slider('Home partition size (MiB):', min: 2048, max: 8192, default: 4096, step: 256)
+          end
+
+          key(:swap_size).slider('Swap partition size (MiB):', min: 1024, max: 8192, default: 2048, step: 256)
+
+          if @@prompt.yes?('Enable encryption?', default: false)
+            key(:encryption_settings) do
+              key(:encryption_mode).expand('Which cryptic setup to use?') do |q|
+                if partitions == '/boot, /root and /home'
+                  q.choice key: 'm', name: 'minimal (/home only)' do :minimal end
+                  q.choice key: 's', name: 'safe (/home, /var, /tmp and swap)', value: :safe
+                end
+                q.choice key: 'p', name: 'paranoid (full disk encryption, except /boot)', value: :paranoid
+                q.choice key: 'i', name: 'insane (full disk encryption)', value: :insane if bootloader == 'grub'
+              end
+              key(:encryption_key).mask('Insert the encryption key:', required: true)
+            end
+          end
+        end
+
+        key(:extra_settings).multi_select('Select extra options:', %w[tools themes cron])
+      end
+
+      parsed_input
+    end
+
+    def install(data)
+      if @@prompt.yes?('Confirm settings and continue?')
+        # setup mirrorlist
+
+        if data[:update_mirrors]
+          `pacman -Sy reflector --noconfirm`
+          `reflector --latest 25 --sort rate --save /etc/pacman.d/mirrorlist`
+        end
+
+        # setup timezone
+
+        `timedatectl set-ntp true`
+
+        if data[:update_timezone]
+          `timedatectl set-timezone #{data[:update_timezone]}`
+        else
+          `timedatectl set-timezone "$(curl --fail https://ipapi.co/timezone)"`
+        end
+
+        # setup paritions
+
+        `parted -s -a optimal /dev/sda \
+          mklabel gpt \
+          mkpart primary fat32 0% #{data[:system_settings][:boot_size]}Mib \
+          set 1 esp on \
+          mkpart primary ext4 #{data[:system_settings][:boot_size]}Mib 100% \
+          set 2 lvm on
+        `
+
+        `pvcreate /dev/sda2`
+        `vgcreate vg0 /dev/sda2`
+        `lvcreate -L #{data[:system_settings][:swap_size]}Mib vg0 -n swap`
+        `lvcreate -L #{data[:system_settings[:home_size]]}Mib vg0 -n home` if data[:system_settings][:partition] == '/boot, /root and /home'
+        `lvcreate -l 100%FREE vg0 -n root`
+
+        `mkfs.ext4 /dev/vg0/root`
+        `mount /dev/vg0/root /mnt`
+
+        if data[:system_settings][:partition] == '/boot, /root and /home'
+          `mkfs.ext4 /dev/vg0/home`
+          `mount /dev/vg0/home /mnt/home`
+        end
+
+        `mkfs.fat -F32 /dev/sda1`
+        `mkdir /mnt/boot`
+
+        `mkswap /dev/vg0/swap`
+        `swapon /dev/vg0/swap`
+
+        # setup encryption
+
+        # TODO: everything
+
+        # setup base packages
+
+        `pacman -S archlinux-keyring --noconfirm`
+        `pacstrap /mnt base base-devel`
+        `genfstab -U /mnt >> /mnt/etc/fstab`
+
+        # setup chroot
+
+        `arch-chroot /mnt ln -sf /usr/share/zoneinfo/"$(curl --fail https://ipapi.co/timezone)" /etc/localtime`
+        `arch-chroot /mnt hwclock --systohc`
+
+        `echo "#{data[:system_language]}.UTF-8" > /mnt/etc/locale.gen`
+        `arch-chroot /mnt locale-gen`
+        `echo "LANG=#{data[:system_language]}.UTF-8" > /mnt/etc/locale.conf`
+
+        `echo KEYMAP=#{data[:keyboard_keymap]} > /mnt/etc/vconsole.conf`
+
+        `echo "warding" > /mnt/etc/hostname`
+
+        `echo "127.0.0.1 localhost
+        ::1 localhost
+        127.0.1.1 warding.localdomain warding" > /mnt/etc/hosts`
+
+        `arch-chroot /mnt echo -e "#{data[:root_password]}\n#{data[root_password]}" | passwd`
+
+        `arch-chroot /mnt pacman -Sy archlinux-keyring linux lvm2 mkinitcpio --noconfirm`
+
+        `sed -i "/^HOOK/s/filesystems/lvm2 filesystems/" /mnt/etc/mkinitcpio.conf`
+
+        `arch-chroot /mnt mkinitcpio -p linux`
+
+        `arch-chroot /mnt pacman -S intel-ucode --noconfirm`
+
+        # bootloader
+
+        if data[:system_settings][:bootloader] == 'systemd-boot'
+          `arch-chroot /mnt bootctl install`
+          `echo "title Warding Linux
+          linux /vmlinuz-linux
+          initrd /intel-ucode.img
+          initrd /initramfs-linux.img
+          options root=/dev/vg0/root rw" > /mnt/boot/loader/entries/warding.conf`
+        else
+          # TODO: grub
+        end
+
+        # setup default packages
+
+        # TODO: include gnome desktop
+        `arch-chroot /mnt pacman -S make nano fuse wget automake cmake gcc autoconf openbsd-netcat dhcpcd samba openssh openvpn unzip vim xorg-server xf86-video-intel plasma konsole dolphin kmix sddm wget git kvantum-qt5 zsh --noconfirm`
+
+        `arch-chroot /mnt systemctl enable dhcpcd`
+        `arch-chroot /mnt systemctl enable sddm`
+
+        `arch-chroot /mnt wget -qO- https://blackarch.org/strap.sh | sh`
+
+        `arch-chroot /mnt wget -qO- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh | sh`
+
+        # setup themes
+
+        if data[:extra_settings].include?('themes')
+          `arch-chroot /mnt wget -qO- https://raw.githubusercontent.com/PapirusDevelopmentTeam/arc-kde/master/install.sh | sh`
+          `arch-chroot /mnt wget -qO- https://git.io/papirus-icon-theme-install | sh`
+        end
+
+        # setup extra tools
+
+        if data[:extra_settings].include?('tools')
+          `arch-chroot /mnt pacman -S nmap impacket go ruby php firefox atom hashcat john jre-openjdk proxychains-ng exploitdb httpie metasploit bind-tools radare2 sqlmap wpscan xclip --noconfirm`
+          `arch-chroot /mnt mkdir -p /usr/share/wordlists`
+          `arch-chroot /mnt wget -q https://github.com/danielmiessler/SecLists/raw/master/Passwords/Leaked-Databases/rockyou.txt.tar.gz -O /usr/share/wordlists/rockyou.txt.tar.gz`
+          `arch-chroot /mnt wget -q https://github.com/danielmiessler/SecLists/raw/master/Discovery/Web-Content/common.txt -O /usr/share/wordlists/common.txt`
+        end
+
+        # setup crons
+
+        # TODO: include crons
+      end
+    end
+  end
+end

data/lib/warding/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Warding
+  VERSION = '0.1.0'
+end

data/warding.gemspec

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require_relative 'lib/warding/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'warding'
+  spec.version       = Warding::VERSION
+  spec.authors       = ['Marlos Pomin']
+  spec.email         = ['marlospomin@gmail.com']
+
+  spec.summary       = 'Warding Linux installer.'
+  spec.description   = 'Custom Arch Linux designed for security assessments and pentesting.'
+  spec.homepage      = 'https://github.com/marlospomin/warding'
+  spec.license       = 'MIT'
+
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+
+  spec.metadata['homepage_uri']    = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/marlospomin/warding'
+  spec.metadata['changelog_uri']   = 'https://github.com/marlospomin/warding/releases'
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+
+  spec.executables   = ['warding']
+  spec.require_paths = ['lib']
+end

metadata

@@ -0,0 +1,59 @@
+--- !ruby/object:Gem::Specification
+name: warding
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Marlos Pomin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-08-14 00:00:00.000000000 Z
+dependencies: []
+description: Custom Arch Linux designed for security assessments and pentesting.
+email:
+- marlospomin@gmail.com
+executables:
+- warding
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- bin/warding
+- lib/warding.rb
+- lib/warding/version.rb
+- warding.gemspec
+homepage: https://github.com/marlospomin/warding
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/marlospomin/warding
+  source_code_uri: https://github.com/marlospomin/warding
+  changelog_uri: https://github.com/marlospomin/warding/releases
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Warding Linux installer.
+test_files: []