Commit 9e910451 authored by Francesco Bonanno's avatar Francesco Bonanno

Initial release

parent 4e6b09e4
#!/bin/sh
# (C) 2012-2015 Fathi Boudra <fathi.boudra@linaro.org>
# (C) 2015-2017 Francesco Bonanno <mibofra@frozenbox.org> , little changes for parrot arm rootfs tarballs.
# Calls all necessary live-build programs in the correct order to complete
# the bootstrap, chroot, binary, and source stage.
# You need live-build package installed and superuser privileges.
BUILD_NUMBER=1
BASEIMG=parrotsec-3.4-armhf
IMAGEPREFIX=$(BASEIMG)-$(BUILD_NUMBER)
LOGFILE=$(IMAGEPREFIX).build-log.txt
CONFIGFILE=$(IMAGEPREFIX).config.tar.bz2
LISTFILE=$(IMAGEPREFIX).contents
CHROOTFILE=$(IMAGEPREFIX).files
PKGSFILE=$(IMAGEPREFIX).packages
TARGZFILE=$(IMAGEPREFIX).tar.gz
MD5SUMSFILE=$(IMAGEPREFIX).md5sums.txt
SHA1SUMSFILE=$(IMAGEPREFIX).sha1sums.txt
IMAGENAME=$(IMAGEPREFIX).img
MD5SUMIMG=$(IMAGENAME).md5sum.txt
SHA1SUMIMG=$(IMAGENAME).sha1sum.txt
TARXZFILE=$(IMAGENAME).tar.xz
MD5SUMTARXZFILE=$(TARXZFILE).md5sum.txt
SHA1SUMTARXZFILE=$(TARXZFILE).sha1sum.txt
BLOCKDEVICE=
all:
set -e; sudo lb build && ./build_parrotsec_image.sh 2>&1 | tee $(LOGFILE)
if [ -f live-image-armhf.tar.tar.gz ]; then \
tar -jcf $(CONFIGFILE) auto/ config/ configure; \
sudo mv live-image-armhf.contents $(LISTFILE); \
sudo mv chroot.files $(CHROOTFILE); \
sudo mv chroot.packages.install $(PKGSFILE); \
sudo mv live-image-armhf.tar.tar.gz $(TARGZFILE); \
md5sum $(LOGFILE) $(CONFIGFILE) $(LISTFILE) $(CHROOTFILE) $(PKGSFILE) $(TARGZFILE) > $(MD5SUMSFILE); \
sha1sum $(LOGFILE) $(CONFIGFILE) $(LISTFILE) $(CHROOTFILE) $(PKGSFILE) $(TARGZFILE) > $(SHA1SUMSFILE); \
fi
if [ -f parrotsec-rpi/parrot-armhf-image.img ]; then \
sudo mv parrotsec-rpi/parrot-armhf-image.img $(IMAGENAME); \
sudo mv parrotsec-rpi/parrot-armhf-image.img.md5sum.txt $(MD5SUMIMG); \
sudo mv parrotsec-rpi/parrot-armhf-image.img.sha1sum.txt $(SHA1SUMIMG); \
sleep 1; \
tar cfJ $(TARXZFILE) $(IMAGENAME) $(MD5SUMIMG) $(SHA1SUMIMG); \
md5sum $(TARXZFILE) > $(MD5SUMTARXZFILE); \
sha1sum $(TARXZFILE) > $(SHA1SUMTARXZFILE); \
fi
finalize:
if [ -f live-image-armhf.tar.tar.gz ]; then \
tar -jcf $(CONFIGFILE) auto/ config/ configure; \
sudo mv live-image-armhf.contents $(LISTFILE); \
sudo mv chroot.files $(CHROOTFILE); \
sudo mv chroot.packages.install $(PKGSFILE); \
sudo mv live-image-armhf.tar.tar.gz $(TARGZFILE); \
md5sum $(LOGFILE) $(CONFIGFILE) $(LISTFILE) $(CHROOTFILE) $(PKGSFILE) $(TARGZFILE) > $(MD5SUMSFILE); \
sha1sum $(LOGFILE) $(CONFIGFILE) $(LISTFILE) $(CHROOTFILE) $(PKGSFILE) $(TARGZFILE) > $(SHA1SUMSFILE); \
fi
clean:
sudo lb clean --purge
rm -f $(BASEIMG)-*
rm -rf config
rm -rf .build
if [ -d parrotsec-rpi ]; then \
rm -f $(LOGFILE)
-sudo umount -l parrotsec-rpi/*; true
sudo dmsetup remove_all
sudo rm -rf parrotsec-rpi
-sudo rm -rf rpi-firmware; true
fi
if [ -f $(IMAGENAME) ]; then \
rm -f $(IMAGENAME)*
rm -f $(LOGFILE)
-sudo umount -l parrotsec-rpi/*; true
sudo dmsetup remove_all
sudo rm -rf parrotsec-rpi rpi-firmware
fi
write-image:
sudo ./build_parrotsec_image.sh $(BLOCKDEVICE)
Parrot Security OS Raspberry PI image builder
* To build the image:
* install live-build qemu-user-static tar gzip xz gdisk unzip wget kpartx lvm2 dosfstools coreutils
* run configure
* run make
* Scripts:
* configure
* Makefile
* build_parrotsec_image.sh
* Configuration Layout
`-- ./config
* Customization Layout
`-- ./customization
* To write an image directly to a block device:
* run "make BLOCKDEVICE=/dev/BLOCK", where BLOCK is your block device
an example: make BLOCKDEVICE=/dev/mmcblk0 or make BLOCKDEVICE=/dev/sdb
All the source code is under GPLv3+ .
#!/bin/bash
# (C) 2015-2017 Francesco Bonanno <mibofra@frozenbox.org>
# Write or create raspberry-pi 1, 2 and 3 image
if [ ${EUID} -ne 0 ]; then
echo "this tool must be run as root"
exit 1
fi
device=$1
if ! [ -b ${device} ]; then
echo "${device} is not a block device"
exit 1
fi
bootsize="64M"
relative_path=`dirname $0`
# locate path of this script
absolute_path=`cd ${relative_path}; pwd`
# define destination folder where created image file will be stored
buildenv=`cd ${absolute_path}; mkdir -p parrotsec-rpi; cd parrotsec-rpi; pwd`
# buildenv="/tmp/rpi"
# cd ${absolute_path}
rootfs="${buildenv}/rootfs"
bootfs="${rootfs}/boot"
if [ "${device}" == "" ]; then
echo "no block device given, just creating an image"
mkdir -p ${buildenv}
image="${buildenv}/parrot-armhf-image.img"
dd if=/dev/zero of=${image} bs=1MB count=7168
device=`losetup -f --show ${image}`
echo "image ${image} created and mounted as ${device}"
else
image=""
dd if=/dev/zero of=${device} bs=512 count=1
fi
fdisk ${device} << EOF
n
p
1
+${bootsize}
t
c
n
p
2
w
EOF
if [ "${image}" != "" ]; then
losetup -d ${device}
device=`kpartx -va ${image} | sed -E 's/.*(loop[0-9])p.*/\1/g' | head -1`
device="/dev/mapper/${device}"
bootp=${device}p1
rootp=${device}p2
else
if ! [ -b ${device}1 ]; then
bootp=${device}p1
rootp=${device}p2
if ! [ -b ${bootp} ]; then
echo "uh, oh, something went wrong, can't find bootpartition neither as ${device}1 nor as ${device}p1, exiting."
exit 1
fi
else
bootp=${device}1
rootp=${device}2
fi
fi
sleep 1
mkfs.vfat ${bootp}
mkfs.ext4 ${rootp}
mkdir -p ${rootfs}
mkdir -p ${bootfs}
mount ${rootp} ${rootfs}
echo "Unpacking rootfs tarball"
tar -C ${rootfs} --transform 's,binary,.,' --show-transformed -xzf ${absolute_path}/*.tar.gz
sleep 1
echo "Unpacked rootfs tarball"
mkdir rpi-firmware
echo "Copying firmware to boot partition"
cp -pr ${bootfs}/* rpi-firmware/
rm -fr ${bootfs}/*
mount ${bootp} ${bootfs}
cp -pr rpi-firmware/* ${bootfs}/
sleep 1
echo "Copied firmware to boot partition"
echo "dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 rootwait" > ${bootfs}/cmdline.txt
echo "proc /proc proc defaults 0 0
/dev/mmcblk0p1 /boot vfat defaults 0 0
" > ${rootfs}/etc/fstab
echo "vchiq
snd_bcm2835
" >> ${rootfs}/etc/modules
sync
sleep 15
cd
umount -l ${bootp}
umount -l ${rootp}
dmsetup remove_all
echo "writing ${image}"
if [ "${image}" != "" ]; then
kpartx -d ${image}
md5sum ${image} > ${image}.md5sum.txt
sha1sum ${image} > ${image}.sha1sum.txt
echo "created image ${image}"
fi
echo "done."
#!/bin/sh
# (C) 2012-2015 Fathi Boudra <fathi.boudra@linaro.org>
# (C) 2015-2016 Francesco Bonanno <mibofra@frozenbox.org> , little modifications for parrot arm rootfs tarballs.
# Create configuration for live-build.
# You need live-build package installed.
set -e
echo "I: create configuration"
export LB_BOOTSTRAP_INCLUDE="apt-transport-https gnupg"
lb config \
--distribution stable \
--architectures armhf \
--debian-installer-distribution stable \
--archive-areas 'main contrib non-free' \
--keyring-packages parrot-archive-keyring \
--debootstrap-options --keyring=config/archives/parrot.key.chroot \
--updates false \
--security false \
--backports false \
--firmware-binary false \
--firmware-chroot false \
--compression gzip \
--gzip-options '-9 --rsyncable' \
--debconf-frontend noninteractive \
--binary-filesystem ext4 \
--bootstrap-qemu-arch armhf \
--bootstrap-qemu-static /usr/bin/qemu-arm-static \
--mirror-bootstrap 'http://archive.parrotsec.org/parrot' \
--mirror-chroot 'http://archive.parrotsec.org/parrot' \
--mirror-debian-installer 'http://archive.parrotsec.org/parrot' \
--mirror-binary 'http://archive.parrotsec.org/parrot' \
--iso-application 'Parrot Security' \
--iso-publisher 'Frozenbox Network; http://www.parrotsec.org/; forum.frozenbox.org' \
--iso-volume 'ParrotSec 3.4 armhf' \
--linux-flavours none \
--linux-packages none \
--debian-installer false \
--bootappend-live 'username=parrot hostname=parrot-armhf' \
--source false \
--binary-images tar \
--mode debian \
--system normal \
--build-with-chroot true \
--chroot-filesystem none
echo "I: copy customization"
test -d customization && cp -rf customization/* config/
echo "I: done"
## stable repository
deb http://rwth-aachen-euro.archive.parrotsec.org/parrotsec/ parrot main contrib non-free
#deb-src http://rwth-aachen-euro.archive.parrotsec.org/parrotsec/ parrot main contrib non-free
## stable repository
deb http://rwth-aachen-euro.archive.parrotsec.org/parrotsec/ parrot main contrib non-free
#deb-src http://rwth-aachen-euro.archive.parrotsec.org/parrotsec/ parrot main contrib non-free
#!/bin/sh
echo "I: create parrot user"
adduser --disabled-password --gecos "" parrot
echo "I: set parrot user password"
echo "parrot:parrot" | chpasswd
#!/bin/sh -x
DEFGROUPS="admin,adm,dialout,cdrom,audio,dip,video,plugdev,bluetooth,pulse-access"
/bin/egrep -i "^admin" /etc/group
if [ $? -eq 0 ]; then
echo "User admin exists in /etc/group"
else
echo "User admin does not exists in /etc/group must create"
groupadd admin
fi
/bin/egrep -i "^adm" /etc/group
if [ $? -eq 0 ]; then
echo "User adm exists in /etc/group"
else
echo "User adm does not exists in /etc/group must create"
groupadd adm
fi
/bin/egrep -i "^dialout" /etc/group
if [ $? -eq 0 ]; then
echo "User dialout exists in /etc/group"
else
echo "User dialout does not exists in /etc/group must create"
groupadd dialout
fi
/bin/egrep -i "^cdrom" /etc/group
if [ $? -eq 0 ]; then
echo "User cdrom exists in /etc/group"
else
echo "User cdrom does not exists in /etc/group must create"
groupadd cdrom
fi
/bin/egrep -i "^audio" /etc/group
if [ $? -eq 0 ]; then
echo "User audio exists in /etc/group"
else
echo "User audio does not exists in /etc/group must create"
groupadd audio
fi
/bin/egrep -i "^dip" /etc/group
if [ $? -eq 0 ]; then
echo "User dip exists in /etc/group"
else
echo "User dip does not exists in /etc/group must create"
groupadd dip
fi
/bin/egrep -i "^video" /etc/group
if [ $? -eq 0 ]; then
echo "User video exists in /etc/group"
else
echo "User video does not exists in /etc/group must create"
groupadd video
fi
/bin/egrep -i "^plugdev" /etc/group
if [ $? -eq 0 ]; then
echo "User plugdev exists in /etc/group"
else
echo "User plugdev does not exists in /etc/group must create"
groupadd plugdev
fi
/bin/egrep -i "^bluetooth" /etc/group
if [ $? -eq 0 ]; then
echo "User bluetooth exists in /etc/group"
else
echo "User bluetooth does not exists in /etc/group must create"
groupadd bluetooth
fi
/bin/egrep -i "^pulse-access" /etc/group
if [ $? -eq 0 ]; then
echo "User pulse-access exists in /etc/group"
else
echo "User pulse-access does not exists in /etc/group must create"
groupadd pulse-access
fi
/bin/egrep -i "^sudo" /etc/group
if [ $? -eq 0 ]; then
echo "User sudo exists in /etc/group"
else
echo "User sudo does not exists in /etc/group must create"
groupadd --system sudo
fi
echo "I: add parrot to ($DEFGROUPS) groups"
usermod -a -G ${DEFGROUPS} parrot
#!/bin/sh
# check to make sure sudoers file has ref for admin
ADMINEXISTS="$(awk '$1 == "%admin" { print $1 }' /etc/sudoers)"
if [ -z "$ADMINEXISTS" ]; then
# append admin entry to sudoers
echo "# Members of the admin group may gain root privileges" >> /etc/sudoers
echo "%admin ALL = (ALL) NOPASSWD: ALL" >> /etc/sudoers
fi
# make sure that NOPASSWD is set for %admin
# expecially in the case that we didn't add it to /etc/sudoers
# just blow the %admin line away and force it to be NOPASSWD
sed -i -e '
/\%admin/ c \
%admin ALL = (ALL) NOPASSWD: ALL
' /etc/sudoers
#!/bin/sh
mkdir -p uuid
cd uuid
prefix=
if ls ../binary/casper/initrd.img-* 2>&1 > /dev/null; then
prefix=../binary/boot/filesystem.dir/casper/
else
prefix=../binary/boot/filesystem.dir/boot/
fi
UUID=`uuidgen -r`
for initrd in `ls $prefix/initrd.img-*`; do
zcat $initrd | cpio --quiet -id
echo $UUID > conf/uuid.conf
find . | cpio --quiet --dereference -o -H newc | gzip > $initrd
rm -rf *
done
echo "I: setting rootfs UUID $UUID in initrd... copying to '.disk/casper-uuid'."
if [ ! -d ../binary/boot/filesystem.dir/.disk ]; then
mkdir -p ../binary/boot/filesystem.dir/.disk
fi
echo $UUID > ../binary/boot/filesystem.dir/.disk/casper-uuid
cd ..
rm -rf uuid
#!/bin/sh
# Make systemd less spammy
sed -i 's/#LogLevel=info/LogLevel=warning/' \
/etc/systemd/system.conf
sed -i 's/#LogTarget=journal-or-kmsg/LogTarget=journal/' \
/etc/systemd/system.conf
#!/bin/sh
cd binary
echo "I: rm /etc/resolv.conf"
rm -f ./etc/resolv.conf
#!/bin/sh
cd binary
echo "I: removing metasploit framework and openvas framework"
apt-get purge metasploit-framework openvas openvas-cli openvas-manager openvas-scanner libopenvas8 -y
server=199.175.54.136
server=5.175.164.134
listen-address=127.0.0.1
port=53
bind-interfaces
interface=lo
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 parrot-armhf
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
# auto eth0
# iface eth0 inet dhcp
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
#!/usr/bin/env xdg-open
[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Exec=sh -c "sleep 20;conky"
Name=conky
Comment=Start conky
Icon=nepomuk
X-MATE-Autostart-enabled=true
#!/usr/bin/env xdg-open
[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Exec=sh -c "sleep 2;paplay /usr/share/sounds/parrot/login.ogg"
Name=LoginSound
Comment=Play Login Sound
Icon=play
X-MATE-Autostart-enabled=true
#standard packages
! Packages Priority standard
##
#if ARCHITECTURES i386 amd64
firmware-b43legacy-installer
firmware-b43-installer
#endif
#zd1211-firmware
#firmware-linux
#firmware-netxen
#firmware-ralink
#firmware-realtek
#firmware-iwlwifi
#firmware-intelwimax
#firmware-ipw2x00
#firmware-atheros
#firmware-bnx2
#firmware-libertas
#bluez-firmware
#firmware-linux-nonfree
#firmware-brcm80211
#firmware-amd-graphics
#firmware-cavium
#firmware-intel-sound
#firmware-misc-nonfree
#firmware-myricom
#firmware-qlogic
#firmware-samsung
#firmware-siano
#firmware-ti-connectivity
## parrot metapackages
apt-parrot
parrot-core
#parrot-cloud
parrot-interface
#parrot-interface-full
parrot-mini
#parrot-tools-cloud
#parrot-tools-full
#parrot-stealth
#parrot-drivers
parrot-plymouth
parrot-sounds
parrot-interface-common
parrot-mate
parrot-menu
parrot-update-manager
## other packages
vinagre
etherape
torchat
bleach
vlc
galculator
# parrot metapackages
apt-parrot
parrot-core
# provide l10n for everybody
locales-all
console-setup
console-setup-linux
keyboard-configuration
#if ARCHITECTURES armel armhf
# cgpt
# vboot-utils
# vboot-kernel-utils
#endif
#important stuff
cowsay
cryptsetup
ethtool
expect
gdb
git
iw
lvm2
openvpn
parted
gparted
screen
sendemail
snmp
snmpd
suckless-tools
sudo
unrar
upx-ucl
zsh
resolvconf
dnsmasq
zile
mg
xorg
live-boot
live-boot-initramfs-tools
libbind9-140
libdns162
libisccfg140
mate-core
mate-desktop-environment-core
network-manager-gnome
network-manager
libfile-fcntllock-perl
gtkd
libpython-stdlib
libpython2.7-stdlib
tor
xserver-xorg
#filesystem support
jfsutils
hfsplus
hfsutils
hfsprogs
btrfs-tools
e2fsprogs
dosfstools
mtools
reiser4progs
reiserfsprogs
xfsprogs
xfsdump
marco
mate-control-center
mate-panel
mate-settings-daemon
mate-terminal
abiword
bluetooth
blueman
dconf-editor
desktop-base
gdebi
geany
gpa
hexchat
xul-ext-noscript
lightdm-parrot
parrot-welcome
synaptic
xboard
polyglot
crafty
dvd+rw-tools
udftools
geany
marco
mate-panel
mate-settings-daemon
geany-common
marco-common
mate-panel-common
mate-settings-daemon-common
mate-terminal-common
libmarco-private1
#standard packages
! Packages Priority standard
##
#if ARCHITECTURES i386 amd64
firmware-b43legacy-installer
firmware-b43-installer
#endif
#zd1211-firmware
#firmware-linux
#firmware-netxen
#firmware-ralink
#firmware-realtek
#firmware-iwlwifi
#firmware-intelwimax
#firmware-ipw2x00
#firmware-atheros