Post Installation Script - Arch
THIS SCRIPT IS OUTDATED!
Thanks to @zenobia for helping me with this script.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
#!/bin/bash
# ===================
# Author: @impulsado
# Web: impulsado.org
# Date: 08/07/2022
# ===================
# === FUNCTIONS ===
function startCheck() {
if [[ "$EUID" -ne 0 ]]; then
echo ""
echo "Must be root!"
echo ""
exit 1
fi
ping -c 1 -q google.com >&/dev/null
if [[ $? != 0 ]]; then
echo ""
echo "Must have internet connection!"
echo ""
exit 1
fi
echo ""
echo " Welcome to your new O.S. "
echo ""
echo ""
read -p "Enter your username: " username
read -p "Select the apps you want install: " -e -i "bat zoxide fzf nmap tcpdump" usr_apps
echo ""
read -p "Do you want to start? (Y/n) " -e -i "Y" usr_op
if [[ $usr_op != "Y" ]]; then
echo ""
echo "See you soon!"
echo ""
exit 2
fi
}
function initial() {
pacman -Syu
pacman -Sy $usr_apps
echo "$username ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
rm -d /home/$username/{Documents,Music,Pictures,Public,Templates,Videos}
mkdir /home/$username/Scripts
timedatectl set-timezone Europe/Madrid
clear
}
function sshInstall() {
read -p "Choose the new SSH Port: " usr_port
pacman -Sy openssh
systemctl enable ssh
systemctl stop ssh
cat <<EOF > /etc/ssh/sshd_config
# NEW CONF
Port $usr_port
MaxAuthTries 3
PermitRootLogin no
PermitEmptyPasswords no
EOF
sed -i '/X11Forwarding yes/c\X11Forwarding no'
systemctl start ssh
clear
}
function tmuxInstall() {
pacman -Sy tmux git
git clone https://github.com/tmux-plugins/tpm /home/$username/.tmux/plugins/tpm
touch /home/$username/.tmux.conf
cat <<EOF > /home/$username/.tmux.conf
unbind r
bind r source-file /home/$username/.tmux.conf
unbind C-b
bind C-b select-pane -t :.+
bind h split-window -v
bind v split-window -h
set -g mouse on
EOF
chown $username:$username /home/$username/.tmux.conf
cat <<EOF > /home/$username/README.tmux
1. "tmux new-session"
2. "tmux source .tmux.conf"
3. "prefix + I"
4. "nano .tmux.conf" and append this text.
---
set -g @plugin 'tmux-plugins/tpm'
set -g @plugin 'tmux-plugins/tmux-sensible'
run '/home/$username/.tmux/plugins/tpm/tpm'
---
5. "prefix + r"
6. "nano .tmux.conf" insert this text before "run" command.
---
set -g @plugin 'dracula/tmux'
set -g @dracula-show-left-icon session
set -g @dracula-show-network false
set -g @dracula-show-battery false
set -g @dracula-show-weather false
---
7. "prefix + I"
EOF
tmux source-file /home/$username/.tmux.conf
clear
}
function bashrc() {
cat <<EOF >> /home/$username/.bashrc
# === ALIAS ===
alias ll='ls -la --color=auto'
alias cat='batcat'
alias update='sudo pacman -Syu'
alias poweroff='sudo systemctl poweroff'
alias restart='sudo systemctl restart'
alias pacman='sudo pacman'
# === OTHERS ===
eval "$(zoxide init bash)"
export PATH=$PATH:/home/$username/Scripts
EOF
source /home/$username/.bashrc
}
function secureOS() {
# Enable broadcast echo Protection
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Disable Source Routed Packets
for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 > $i
done
# Enable TCP SYN Cookie Protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# Disable ICMP Redirect Acceptance
for i in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo 0 > $i
done
# Don't send Redirect Messages
for i in /proc/sys/net/ipv4/conf/*/send_redirects; do
echo 0 > $i
done
# Drop Spoofed Packets coming in on an interface, which, if replied to,
# would result in the reply going out a different interface.
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $i
done
}
function printEnd() {
clear
echo ""
echo "=== SSH ==="
echo "Port Changed --> $usr_port"
echo "Installed Succesfully!"
echo ""
echo "=== TMUX ==="
echo "README.tmux"
echo "Installed Succesfully!"
echo ""
echo "=== SECURITY ==="
echo "System secured Succesfully!"
echo ""
echo "=== BASHRC ==="
echo "Updated Succesfully!"
echo ""
}
# === MAIN ===
startCheck
if [[ $usr_op == "Y" ]]; then
initial
sshInstall
tmuxInstall
bashrc
secureOS
sleep 1
printEnd
fi