Version 10 (modified by cypherpunks, 7 years ago) (diff)

a ' could break it all... rearange menu

# ~/

# Automatically transform a fresh minimal Ubuntu Server 11.10 into a "Tor-Workstation" to be used in TorBOX:

# The script is tested and complete but it assumes things like a working internet connection) and doesn't 
# fail gracefully. Only run on a clean VM. Make a snapshot first so you don't have to reinstall if things break! 
# Username must be "user", hostname "ubuntu"!

# List of modified files (might be outdated, doesn't include files that got installed by the script)
# /etc/localtime
# /etc/fonts/conf.d/10-sub-pixel-rgb.conf
# /etc/init/tty6.conf
# /etc/sudoers
# ./config/*
# .xinitrc
# .profile
# .bashrc
# /etc/resolv.conf
# /etc/network/interfaces

# Check if we are root
  if [ "$(id -u)" != "0" ]; then
     echo "This script must be run as root (sudo)"
     exit 1

# change to home dir so relative paths work correctly
cd /home/user

# update system
apt-get update && apt-get --yes dist-upgrade

# remove problematic software
apt-get --yes remove canonical-census || true
apt-get --yes remove ntpdate

# install base desktop
apt-get --yes install xinit openbox obmenu tint2 libasound2 lxappearance roxterm mingetty lxde-icon-theme unrar thttpd alsa mplayer leafpad
apt-get --yes install --no-install-recommends pcmanfm evince file-roller xchat gpicview gnome-mplayer

# remove unnecessary packages to slim down the system
apt-get --yes remove --purge xserver-xorg-video-all xserver-xorg-video-ati xserver-xorg-video-fbdev xserver-xorg-video-geode xserver-xorg-video-intel xserver-xorg-video-mach64 xserver-xorg-video-mga xserver-xorg-video-neomagic xserver-xorg-video-nouveau xserver-xorg-video-openchrome xserver-xorg-video-qxl xserver-xorg-video-r128  xserver-xorg-video-radeon xserver-xorg-video-s3 xserver-xorg-video-savage xserver-xorg-video-siliconmotion xserver-xorg-video-sis xserver-xorg-video-sisusb xserver-xorg-video-tdfx xserver-xorg-video-trident xserver-xorg-video-vmware
# Not sure about those:
# apt-get --yes remove --purge aptitude command-not-found* mlocate parted rpm ufw geoip-database telnet sound-theme-freedesktop
# apt-get --yes remove --purge fuse manpages man-db bash-completion

# in case we forgot to set the time during installation
cp /usr/share/zoneinfo/UTC /etc/localtime

# enable sub pixel rendering
cp /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d/

# Auto-login on tty6
ed -s /etc/init/tty6.conf <<< $',s/exec \/sbin\/getty -8 38400 tty6/exec \/sbin\/mingetty --autologin user --noclear tty6/g\nw'

# Allow user to reboot and poweroff without having to supply a password.
# Is this OK? Race condition, syntax error detection do not apply here and we set correct permission just to make sure.
echo "user ubuntu=NOPASSWD: /sbin/shutdown -h now,/sbin/reboot,/sbin/poweroff" >> /etc/sudoers
chmod 0440 /etc/sudoers

echo '
alias reboot="sudo reboot"
alias poweroff="sudo poweroff"' | sudo -u user tee -a .bashrc

# Configuring openbox desktop
sudo -u user mkdir -p .config/openbox
sudo -u user mkdir .config/tint2
sudo -u user cp /usr/share/doc/tint2/examples/icon_and_text_1.tint2rc /home/user/.config/tint2/tint2rc
sudo -u user cp /etc/xdg/openbox/rc.xml .config/openbox/

echo " tint2 &
exec openbox-session" | sudo -u user tee ~/.xinitrc

# Fix ugly corners in tint2rc
sudo -u user ed -s .config/tint2/tint2rc <<< $',s/rounded = 7/rounded = 0/g\nw'

echo 'gtk-theme-name="Weightless-industry"
gtk-font-name="Sans 10"
include "/home/user/.gtkrc-2.0.mine"' | sudo -u user tee .gtkrc-2.0

# auto-start X, we don't need a display manager
echo '
# if logging into tty6 (which will autologin), run startx
if [ -z "$DISPLAY" ] && [ $(tty) = /dev/tty6 ] ; then
    startx ;
fi' | sudo -u user tee -a .profile

# maximize TorBrowser windows
( echo '/<applications>/a'; echo '<application class="Firefox*" role="browser"> <maximized>yes</maximized> </application>'; echo '.'; echo 'wq') | sudo -u user ed -s .config/openbox/rc.xml 

# Win+Space shows Openbox menu.
( echo '/<keyboard>/a'; echo '<keybind key="W-space"><action name="ShowMenu"><menu>root-menu</menu></action></keybind>'; echo '.'; echo 'wq') | sudo -u user ed -s .config/openbox/rc.xml 

# configure the openbox right click menu
echo '<?xml version="1.0" encoding="utf-8"?>
<openbox_menu xmlns="" xmlns:xsi="" xsi:schemaLocation="                 file:///usr/share/openbox/menu.xsd">
        <menu id="root-menu" label="Openbox 3">
                <item label="Terminal">
                        <action name="Execute">
                <item label="TorBrowser">
                        <action name="Execute">
                <item label="File Manager">
                        <action name="Execute">
                <menu id="root-menu-1" label="Applications">
                        <item label="Archive Manager">
                                <action name="Execute">
                        <item label="IM Client">
                                <action name="Execute">
                        <item label="IRC Client">
                                <action name="Execute">
                        <item label="Media Player">
                                <action name="Execute">
                        <item label="PDF Viewer">
                                <action name="Execute">
                        <item label="Text Editor">
                                <action name="Execute">
                <menu id="client-list-menu"/>
                <item label="obmenu">
                        <action name="Execute">
                <item label="obconf">
                        <action name="Execute">
                <item label="lxappearance">
                        <action name="Execute">
                <item label="Reconfigure">
                        <action name="Reconfigure"/>
                <item label="Restart">
                        <action name="Restart"/>
                <item label="Exit">
                        <action name="Exit"/>
                <item label="Shut down">
                        <action name="Execute">
                                        sudo /sbin/poweroff
</openbox_menu>' | sudo -u user tee .config/openbox/menu.xml

# Set up thttpd for hidden service. This is disabled by default
# remove "<<COMMENT1" and "COMMENT1" if you want to install a hidden service
cp -n /etc/default/thttpd /etc/default/thttpd.backup
cp -n /etc/thttpd/thttpd.conf /etc/thttpd/thttpd.conf.backup

echo "ENABLED=yes" > /etc/default/thttpd

echo " # see /etc/thttpd/thttpd.conf.backup for comments and more options
logfile=/var/log/thttpd.log" > /etc/thttpd/thttpd.conf

/etc/init.d/thttpd restart

# Install TBB and patch it. This does not necessarily install the latest version!
sudo -u user wget
# this doesn't replace gpg verification!
echo "5b657ffa3724658c4225493c868fbe8938eec8f3db3017988857c416d075af10  tor-browser-gnu-linux-i686-2.2.35-7.2-dev-en-US.tar.gz" | sudo -u user tee tor-browser-gnu-linux-i686-2.2.35-7.2-dev-en-US.tar.gz.sha256
sudo -u user sha256sum -c tor-browser-gnu-linux-i686-2.2.35-7.2-dev-en-US.tar.gz.sha256 ||rm tor-browser-gnu-linux-i686-2.2.35-7.2-dev-en-US.tar.gz*

if [ -f tor-browser-gnu-linux-i686-2.2.35-7.2-dev-en-US.tar.gz ];
sudo -u user tar -xzvf tor-browser-gnu-linux-i686-2.2.35-7.2-dev-en-US.tar.gz
sudo -u user ed -s tor-browser_en-US/start-tor-browser <<< $',s/.\/App\/vidalia --datadir Data\/Vidalia\//.\/App\/Firefox\/firefox --profile Data\/profile/g\nw'
sudo -u user rm ./tor-browser_en-US/App/{tor,vidalia}
sudo -u user rm -r ./tor-browser_en-US/Data/{Tor,Vidalia}
sudo -u user rm -r ./tor-browser_en-US/Docs/{Tor,Vidalia,Qt,README-TorBrowserBundle}
sudo -u user rm -r ./tor-browser_en-US/Lib/*
echo 'user_pref("browser.startup.homepage", "file:///home/user/README.html");
user_pref("extensions.torbutton.settings_method", "custom");
user_pref("extensions.torbutton.custom.socks_host", "");
user_pref("extensions.torbutton.socks_host", "");
user_pref("network.proxy.socks", "");' | sudo -u user tee ./tor-browser_en-US/Data/profile/user.js
rm tor-browser-gnu-linux-i686-2.2.35-7.2-dev-en-US.tar.gz*
touch TB_download_failed-checksum_mismatch

#Drop README.html
echo '<h1>Welcome to TorBOX-WorkstationVM 0.1</h1>
Development Preview. Do not rely on it for strong anonymity.</b>
TorBOX Homepage:</br> 
<h4>1) If you want to change the keyboard layout from the default "us":</h4>
Open a Terminal and run</br>
<font color="00FF00">KEYMAP=us && setxkbmap $KEYMAP && echo "setxkbmap $KEYMAP &" > ~/.config/openbox/autostart</font></br>
Replace "us" with your country code.
<h4>2) Change the default password!</h4>
The current password is "changeme"</br>
To change it open a Terminal and run <font color="00FF00">passwd</font>.
<h4>3) Verify you are connected to Tor:</h4></br>
Note that this site may falsely claim that updates are available. This is because torcheck was written for TBB and does not support the transparent proxy mode.
<h2>Warnings and notes</h2>
<LI>To prevent against time zone leaks, the clock was set to UTC.
<LI>Keep TB updated, verify the download with gpg! Regularly check for news!
<LI>Use offline updates if you want to install large packages such as libreoffice.
<LI>Do not use torrents.
<LI>0.1 - 2010-02-29</br>Initial Release' > ./README.html

echo "setting up network, if you use ssh, the session will disconnect"
echo "nameserver" > /etc/resolv.conf
echo '# for more information, see interfaces(5)
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
# increment last octet on additional workstations
       gateway' > /etc/network/interfaces

/etc/init.d/networking restart

# Cleanup
apt-get --yes remove --purge openssh-server
apt-get --yes autoremove --purge
apt-get --yes clean 
rm -r /var/log/auth.log 
rm -r /tmp/*

# which are safe?
# rm -r /var/log/*
# rm -r /usr/src/*
# rm -r /var/cache/apt/*
# rm -r /usr/share/doc/*
# rm /usr/share/icons/nuoveXT2/icon-theme.cache
# cd /usr/share/locale &&  ls | grep -v en | xargs rm -r && cd /home/user
# rm -r /usr/share/doc/* #(are we even allowed to do that, see licenses?)

# Since VBox export works below the FS level it will keep deleted files (and the ova will stay large). 
# Fill remaining free space with zeros. This also ensure that possible leaks we deleted before are really deleted.
dd if=/dev/zero of=./zerofile
rm zerofile
rm .bash_history

# create directory for torbox documentations, files such as this script.
mkdir /usr/share/doc/torbox

echo '

Script completed, this indicates neither success nor failure.
E.g.: Check that TBB downloaded successfully ("ls ~" will tell you)

A few final manual steps need to be done:

Manually move the script to /usr/share/doc/torbox,
Clear .bash_history
Do not forget to set the password to changeme.
Finally: Power down, change VBox Adapter 1 to Internal Network, Name:"torbox"
Test the ova before release!'