xubuntu 20.04 - focal
virt-manager
host
<filesystem type="mount" accessmode="mapped" fmode="0660" dmode="0770">
  <source dir="/vms/share"/>
  <target dir="/hostshare"/>
  <address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>
</filesystem>#sudo usermod -G libvirtd -a $USER
sudo usermod -G libvirt-qemu -a $USER
hostpath=/vms/share
sudo chown -R libvirt-qemu:libvirt-qemu $hostpath
sudo setfacl -Rm g:libvirt-qemu:rwx $hostpath
sudo setfacl -d -Rm g:libvirt-qemu:rwx $hostpathguest
sudo sh -c 'echo "9p
9pnet
9pnet_virtio" >> /etc/initramfs-tools/modules'
sudo update-initramfs -u
sudo sh -c 'echo "# qemu share
hostshare                                /share        9p     trans=virtio,version=9p2000.L,rw,umask=002    0 0" >> /etc/fstab'global
install
update
sudo apt remove -y gimp* libreoffice-* thunderbird* transmission-gtk
sudo apt update
sudo apt list --upgradable
sudo apt -y dist-upgrade
sudo apt -y autoremovesystem
sudo apt install -y binutils-common bsdmainutils curl debconf-utils exfat git gnupg2 gparted hfsprogs htop kpartx lnav most net-tools p7zip-full p7zip-rar pv rar sysstat testdisk tmux tree unrar vim xsysinfo # openssh-server
sudo apt install -y dconf-editor firefox-locale-fr galculator gpicview meld plank qt5ct qt5-gtk2-platformtheme thunar-media-tags-plugin tumbler-plugins-extraconf
qt5-ct to fusionglobal
sudo swapoff -av && sudo sh -c 'echo vm.swappiness=10 > /etc/sysctl.d/99-swappiness.conf' # limit swap
sudo rm /etc/localtime && sudo ln -sv /usr/share/zoneinfo/Etc/UTC /etc/localtime
software-properties-gtk # add canonical partners
export QT_QPA_PLATFORMTHEME=gtk2
echo "\n# QT\nexport QT_QPA_PLATFORMTHEME=gtk2" >> ~/.profile
echo -e "\n#JAVA\nexport _JAVA_OPTIONS=\"-Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel \${_JAVA_OPTIONS}\"" >> ~/.profile
menulibre # edit menu
path=~/.config/autostart
[ -d ${path} ] || mkdir ${path}
echo '[Desktop Entry]
Encoding=UTF-8
Version=0.9.4
Type=Application
Name=plank
Comment=plank
Exec=plank
OnlyShowIn=XFCE;
RunHook=0
StartupNotify=false
Terminal=false
Hidden=false' > ${path}/plank.desktop
plank --preferences &trans
# HOST
path=/vms/share/trans; [ -d ${path} ] || mkdir -p ${path}
cp -r ~/dev/ /vms/share/trans/
# GUEST
path=~/.local/share/icons; [ -d ${path} ] || mkdir -p ${path}
path=~/.local/share/applications; [ -d ${path} ] || mkdir -p ${path}
path=/share/trans/dev
path_conf=${path}/install-desktop/conf
cp ${path_conf}/foralyse/.bashrc ~/
cp ${path_conf}/foralyse/.bash_alias ~/
sudo cp ${path_conf}/foralyse/.bashrc /root/
sudo cp ${path_conf}/foralyse/.bash_alias /root/
cp ${path}/install/conf/foralyse/.vimrc ~/
sudo cp ${path}/install/conf/vim/* /usr/share/vim/vim*/colors/
sudo cp ${path_conf}/soft/meld-dark.xml /usr/share/meld/styles/
sudo cp ${path_conf}/wp/* /usr/share/xfce4/backdrops/
sudo cp ${path_conf}/bash-completion/* /usr/share/bash-completion/completions/
sudo cp ${path_conf}/icons/tmux.svg /usr/share/icons/default/
sudo cp ${path_conf}/foralyse/xfce4-terminal-tmux.desktop ~/.local/share/applications/
cp ${path_conf}/foralyse/xfce4-terminal-tmux.desktop ~/.local/share/applications/
cp ${path_conf}/icons/* ~/.local/share/icons
sudo ln -sv /usr/share/bash-completion/completions/tmux.git /usr/share/bash-completion/completions/tmux
sudo chmod +r /usr/share/icons/default/tmux.svg
sudo chmod +r /usr/share/bash-completion/completions/tmux*
sudo chmod +r /usr/share/xfce4/backdrops/*sublime text
file="/etc/hosts"
sudo sh -c "echo '\n# sublime-text hack\n127.0.0.1\tsublimetext.com\n127.0.0.1\twww.sublimetext.com\n127.0.0.1\tlicense.sublimehq.com' >> ${file}"
ips="45.55.255.55"
for ip in ${ips}; do sudo iptables -A OUTPUT -d ${ip} -j DROP; done
path=/etc/iptables
[ -d "${path}" ] || sudo mkdir "${path}"
sudo sh -c 'iptables-save > /etc/iptables/rules.v4'
cat ${S_PATH_INSTALL_CONF}/soft/sublime-text.licenseforensic
global
# network
sudo apt install -y whois
# pwd & evtx & process
sudo apt install -y john libscca-utils pev radare2
# hive
sudo apt install -y libhivex-bin chntpw reglookup
# gui
sudo apt install -y bless geany ghex gpicview gtkhash wxhexeditorconf
bless
cp /usr/share/bless/*.layout ~/.config/bless/layouts/kali
#sudo sh -c "echo '# kali\ndeb http://http.kali.org/kali kali-rolling main non-free contrib' > /etc/apt/sources.list.d/kali.list
#wget -q -O - archive.kali.org/archive-key.asc | sudo apt-key add -
#sudo apt update
#sed -i '/^deb/ s|^|#|' /etc/apt/sources.list.d/kali.list
#sudo apt updatepython
sudo apt-get install -y python3 python3-pip
. ~/.profile
sudo apt-get install -y python2 # python2-dev
cd /tmp && curl -sSL https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
python2 get-pip.pypip2
python2 -m pip install -U balbuzardpip3
python3 -m pip install -U malcarve regrippybinwalk
dependencies
sudo apt install mtd-utils gzip bzip2 tar arj lhasa p7zip p7zip-full cabextract cramfsswap squashfs-tools lzop srecord
python3 -m pip install -U nose coverage pycryptodome pyqtgraph capstone matplotlib
. ~/.profilegithub
# Install sasquatch to extract non-standard SquashFS images
sudo apt install -y zlib1g-dev liblzma-dev liblzo2-dev
cd /tmp && git clone https://github.com/devttys0/sasquatch
cd sasquatch && ./build.sh
# Install jefferson to extract JFFS2 file systems
python3 -m pip install -U cstruct
cd /tmp && git clone https://github.com/sviehb/jefferson
cd jefferson && sudo python3 setup.py install
# Install ubi_reader to extract UBIFS file systems
sudo apt install -y liblzo2-dev
python3 -m pip install -U python-lzo
cd /tmp && git clone https://github.com/jrspruitt/ubi_reader
cd ubi_reader && sudo python3 setup.py install
# Install yaffshiv to extract YAFFS file systems
cd /tmp && git clone https://github.com/devttys0/yaffshiv
cd yaffshiv && sudo python3 setup.py install
# Install unstuff (closed source) to extract StuffIt archive files
cd /tmp && curl -sS http://downloads.tuxfamily.org/sdtraces/stuffit520.611linux-i386.tar.gz | tar -zxv
sudo cp bin/unstuff /usr/local/bin/pandoc
# sudo apt install pandoc texlive-latex-base texlive-latex-recommended texlive-latex-extra
# pandoc -s -o $fileout $fileinbinwalk
cd /tmp && git clone https://github.com/ReFirmLabs/binwalk
cd binwalk && sudo python3 setup.py installregripper
sudo apt-get install -y libparse-win32registry-perl
path=$(find /usr/share -name Win32Registry)
cd /usr/share && sudo git clone https://github.com/keydet89/RegRipper3.0.git 
sudo mv RegRipper3.0 regripper
for file in WinNT/File.pm WinNT/Key.pm Base.pm; do sudo mv ${path}/${file} ${path}/${file}.$(date +%s); sudo ln -sv /usr/share/regripper/${file##*/} ${path}/${file}; done
cd regripper
sudo cp -a rip.pl rip.pl.$(date +%s)
sudo sed -i '/^my @alerts = ();/a my \$plugindir = "/usr/share/regripper/plugins/";' rip.pl
sudo sed -i "1c #! $(which perl)\nuse lib qw(/usr/lib/perl5/);" rip.pl
sudo chmod +x rip.pl
sudo ln -sv /usr/share/regripper/rip.pl /usr/bin/regripper
sudo ln -sv /usr/share/regripper/rip.pl /usr/bin/ripvolatility
volatility3
python3 -m pip install -U pefile yara-python capstone pycryptodome jsonschema leechcorepyc python-snappy
python3 -m pip install -U volatility3
cd ~/.local/bin && ln -sv vol vol3volatility2
https://github.com/volatilityfoundation/volatility/wiki/Installation
sudo apt -y install pcregrep libpcre++-dev python-dev
python2 -m pip install distorm3 ipython openpyxl pycrypto pytz ujson yara-pythonlibforensic1394
sudo apt install -y cmake
cd /tmp
git clone https://github.com/FreddieWitherden/libforensic1394
cd libforensic1394
mkdir build && cd build
cmake -G"Unix Makefiles" ../
sudo make install
cd ../python
sudo python setup.py install
sudo ln -sv /usr/local/lib/libforensic1394.so.0.3.0 /usr/lib/libforensic1394.so.2
cd
sudo rm -fR /tmp/libforensic1394
sudo apt remove cmake
sudo apt autoremovevolatility
cd /opt
git clone https://github.com/volatilityfoundation/volatility.git
cd volatility
rm -fR .git
sudo python setup.py install
cd /usr/local/bin
sudo ln -sv vol.py vol2
vol2 -hwireshark
sudo add-apt-repository -y ppa:wireshark-dev/stable
sudo apt update
sudo apt install -y tshark wiresharkautopsy
global
path_share=/share
sudo apt-get update
sudo apt install -y afflib-tools testdisk ewf-tools xmount fdupes java-common
sudo apt-get install -y imagemagick libde265-0 libheif1java
java_file=$(ls ${path_share}/jdk-8*linux-x64.tar.gz)
file=/usr/local/bin/oracle-java-installer.sh
sudo curl -sS https://raw.githubusercontent.com/labcif/oracle-java-installer/master/oracle-java-installer.sh -o ${file}
#sudo sed -i s'/update-java-alternatives -a/update-alternatives --auto java/' /usr/local/bin/oracle-java-installer.sh
#sudo sed -i s'/update-java-alternatives -l/update-alternatives --list java/' /usr/local/bin/oracle-java-installer.sh
sudo sed -i 's|tar -xvzf|tar -xzf|' /usr/local/bin/oracle-java-installer.sh
sudo chmod +x ${file}
sudo ${file} --install ${java_file}
. /etc/profile.d/jdk.sh
${file} --status ${java_file}base64sha
file=/usr/local/bin/b64sha
sudo curl -sS https://raw.githubusercontent.com/labcif/Base64SHA/master/b64sha -o ${file}
sudo chmod +x ${file}sleuthkit
sleuthkit_file=$(ls ${path_share}/sleuthkit-java_*_amd64.deb)
read sleuthkit_version_major sleuthkit_version_minor <<<$(echo ${sleuthkit_file}|sed 's|^.*/sleuthkit-java_\([0-9_\.]\+\)-\([0-9]\)_amd64.deb|\1 \2|')
sudo apt install ${sleuthkit_file}autopsy
file=$(ls ${path_share}/autopsy-*.zip)
path=${file%.zip} && path=/opt/${path##*/}
sudo unzip -q -d /opt/ ${file}
sudo chown -R ${USER}:${USER} ${path}
cd /opt && sudo ln -sv ${path##*/} autopsy
cd ${path}
sh unix_setup.sh
ln -sv ${path}/bin/autopsy ~/.local/bin/autopsy
autopsy --nosplashlauncher
echo "[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon=/opt/autopsy/icon.ico
Name=Autopsy
Exec=autopsy" > ~/.local/share/applications/autopsy.desktopaddons
ReportModules / ForensicExpertWitnessReport
https://github.com/chriswipat/forensic_expert_witness_report_module
IngestModules / FileHistory
https://medium.com/@markmckinnon_80619/windows-file-history-plugin-a6208da4efa5
IngestModules / Volatility
https://markmckinnon-80619.medium.com/volatility-autopsy-plugin-module-8beecea6396
system
sudo sh -c "echo 'fs.file-max=3253172' > /etc/sysctl.d/90-cuckoo.conf"
file=/etc/security/limits.conf
sudo cp -a ${file} ${file}.$(date +%s)
sudo sh -c "echo '
# cuckoo
*    soft     nofile         4096
*    hard     nofile         16384' >> ${file}"logout / login
mongodb
service
service=mongodb.service
systemctl is-enabled ${service} || sudo systemctl enable ${service}
systemctl is-active ${service} || sudo systemctl start ${service}
systemctl status ${service}
ss -ltn|grep 27017 users
mongodb.createUser({ user: "admin", pwd: "7Yt_Gi-sYgCsr", roles:[{ role: "userAdminAnyDatabase", db: "admin" }] })
db.getUsers()
use cuckoo
db.createUser({ user: "cuckoo", pwd: "8hm6_FevpUA5od", roles:[{ role: "dbOwner", db: "cuckoo" }] })
db.getUsers()
show dbs
exitconf
file=/etc/mongodb.conf
while read str val; do
sudo sed -i "s|#\?\(${str}\) *=.*$|\1 = ${val}|" ${file}
done <<< "port  27017
journal  true
auth  true
verbose  true"
sudo systemctl restart ${service}postgresql
service=postgresql.service
systemctl is-enabled ${service} || sudo systemctl enable ${service}
systemctl is-active ${service} || sudo systemctl start ${service}
systemctl status ${service}
ss -ltn|grep 5432
sudo -u postgres psqlpsql
\du
CREATE DATABASE cuckoo;
CREATE USER cuckoo WITH ENCRYPTED PASSWORD '8hm6_FevpUA5od';
GRANT ALL PRIVILEGES ON DATABASE cuckoo TO cuckoo;
\du
\qguacd
service=guacd.service
systemctl is-enabled ${service} || sudo systemctl enable ${service}
systemctl is-active ${service} || sudo systemctl start ${service}
systemctl status ${service}
ss -ltn|grep 4822cuckoo
create
[ -d ~/.cuckoo ] || cuckoo -d
cp -a ~/.cuckoo ~/.cuckoo.$(date +%s)cuckoo
file=~/.cuckoo/conf/cuckoo.conf
while read str val; do
sed -i "/${str} =/ s|=.*$|= ${val}|" ${file}
done <<< "machinery  kvm
memory_dump yes
ip  192.168.122.1
connection  postgresql://cuckoo:8hm6_FevpUA5od@localhost:5432/cuckoo
guacd_host localhost
guacd_port 4822"auxiliary
file=~/.cuckoo/conf/auxiliary.conf
while read str val; do
sed -i "/${str} =/ s|=.*$|= ${val}|" ${file}
done <<< "tcpdump  /usr/sbin/tcpdump
mitmdump  /usr/local/bin/mitmdump"kvm
update VMs in ~/.cuckoo/conf/kvm.conf
memory
file=~/.cuckoo/conf/memory.conf
while read str val; do
sed -i "/${str} =/ s|=.*$|= ${val}|" ${file}
done <<< "guest_profile  Win7SP1x64
delete_memdump  no"processing
file=~/.cuckoo/conf/processing.conf
sed -i "/^.memory.$/,/^$/ s|^enabled = .*$|enabled = yes|" ${file}reporting
file=~/.cuckoo/conf/reporting.conf
# singlefile
sed -i "/^.singlefile.$/,/^$/ s|^enabled = .*$|enabled = yes|" ${file}
sed -i "/^.singlefile.$/,/^$/ s|^html = .*$|html = yes|" ${file}
sed -i "/^.singlefile.$/,/^$/ s|^pdf = .*$|pdf = yes|" ${file}
# mongodb
db_name=cuckoo
db_user=cuckoo
db_pwd=8hm6_FevpUA5od
sed -i "/^.mongodb.$/,/^$/ s|^enabled = .*$|enabled = yes|" ${file}
sed -i "/^.mongodb.$/,/^$/ s|^db = .*$|db = ${db_name}|" ${file}
sed -i "/^.mongodb.$/,/^$/ s|^username = .*$|username = ${db_user}|" ${file}
sed -i "/^.mongodb.$/,/^$/ s|^password = .*$|password = ${db_pwd}|" ${file}interface
user=nikita
hostbr=virbr0
vms="win7 "
for vm in win7; do
  sudo tunctl -b -u ${user} -t tap_${vm}
  sudo ip link set tap_${vm} master ${hostbr}
  sudo ip link set dev tap_${vm} up
  sudo ip link set dev ${hostbr} up
donepython
time
disable time settings from internet
set static IP address (disable DHCP)
address 192.168.122.101
gateway 192.168.122.1 / 255.255.255.0
DNS 208.67.222.222, 208.67.222.220windows
add ;c:\python27;c:\python27\script;C:\Program Files (x86)\GnuWin32\bin to PATH
install python-2.7.10.amd64.msi
install wget-1.11.4-1-setup.exe
wget https://bootstrap.pypa.io/pip/2.7/get-pip.py
python.exe get-pip.py
pip install -U setuptoolspillow
pip install --U Pillowagent
get from host: $CWD/agent.py
rename, put in guest: C:\ProgramData\Microsoft\Start Menu\programs\Startup\agent.pyw
https://cuckoo.sh/docs/installation/host/requirements.html
xubuntu 18.04 "bionic"
global
sudo apt update
sudo apt-get install -y git swig libjpeg-dev zlib1g-dev libffi-dev libssl-dev
sudo apt-get install -y  virt-win-reg libhivex-bin # registrypython
Requirement
local vs global
# pip for user installation
pip=pip
# pip for root installation
pip="sudo -H pip"sudo apt install -y python python-pip python-dev
# sudo apt-get install -y python-virtualenv
$pip install -U pip setuptoolsbalbuzard
$pip install -U balbuzardpydeep
# ssdeep
sudo apt install -y ssdeep libfuzzy-dev
sudo ldconfig
# pydeep
$pip install pydeep
# sudo apt install -y git
# cd /tmp && git clone https://github.com/kbandla/pydeep && cd pydeep
# python setup.py build && python setup.py test
# sudo python setup.py installm2crypto
$pip install m2crypto # $pip install m2crypto==0.24.0volatility
https://github.com/volatilityfoundation/volatility/wiki/Installation
libforensic1394.so.2
sudo apt install -y cmake
cd /tmp
git clone https://github.com/FreddieWitherden/libforensic1394
cd libforensic1394
mkdir build && cd build
cmake -G"Unix Makefiles" ../
sudo make install
cd ../python
sudo python setup.py install
cd
sudo rm -fR /tmp/libforensic1394
sudo ln -sv /usr/local/lib/libforensic1394.so.2 /usr/lib/libforensic1394.so.2pip packages
sudo apt -y install pcregrep libpcre++-dev python-dev
$pip install pycrypto distorm3 yara-python ujson openpyxl pytz ipythonvolatility
cd /opt
git clone https://github.com/volatilityfoundation/volatility.git
cd volatility
rm -fR .git
sudo python setup.py install
cd /usr/local/bin
sudo ln -sv vol.py vol2
vol2 -hbash completion
sudo cp -a /home/shared/dev/install-desktop/conf/cuckoo/vol2 /usr/share/bash-completion/completions/
opts=$(vol2 --info|sed -n '/^Plugins/,/^$/ p'|tail -n+3|cut -f1 -d' '|xargs)
sudo sed -i "s|^\( *opts=\).*$|\1'${opts}'|" /usr/share/bash-completion/completions/vol2
exec bash # reload completionsDB
django
sudo apt-get install -y mongodbpostgresql
sudo apt-get install -y postgresql libpq-dev
$pip install psycopg2packages
guacd
sudo apt install -y libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacdtcpdump
sudo apt-get install -y tcpdump
# sudo apt-get install -y tcpdump apparmor-utils
# sudo aa-disable /usr/sbin/tcpdump
sudo groupadd pcap
sudo chgrp pcap /usr/sbin/tcpdump
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
# verification
getcap /usr/sbin/tcpdump # /usr/sbin/tcpdump = cap_net_admin,cap_net_raw+eipmitmproxy
https://mitmproxy.org/downloads/
version=3.0.4
path=/opt/mitmproxy
[ -d ${path} ] || mkdir ${path}
cd ${path}
wget https://snapshots.mitmproxy.org/${version}/mitmproxy-v${version}-linux.tar.gz
wget https://snapshots.mitmproxy.org/${version}/pathod-v${version}-linux.tar.gz
tar xzf mitmproxy-v${version}-linux.tar.gz
tar xzf pathod-v${version}-linux.tar.gz
files="mitmdump mitmproxy mitmweb pathoc pathod"
for file in $files; do sudo ln -sv ${path}/${file} /usr/local/bin/${file}; done
for file in $files; do sudo ls -al /usr/bin/${file}; doneqemu/kvm
sudo apt-get install -y qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils python-libvirt virt-manager libguestfs-tools uml-utilities
sudo adduser ${USER} libvirt-qemu
for path in /vms/data /vms/iso; do sudo [ -d ${path} ] || sudo mkdir ${path}; done
sudo setfacl -R -m u:$USER:rw /vms/data /vms/iso
sudo setfacl -R -m d:$USER:rw /vms/data /vms/isothunar
$HOME/.config/Thunar/uca.xml
<action>
        <icon>edit-copy</icon>
        <name>Duplicate root</name>
        <unique-id>1635257948652123-2</unique-id>
        <command>pkexec cp -a %f %f.copy</command>
        <description>Duplicate root</description>
        <patterns>*</patterns>
        <directories/>
        <audio-files/>
        <image-files/>
        <other-files/>
        <text-files/>
        <video-files/>
</action>
<action>
        <icon>media-import-audio-cd</icon>
        <name>iso</name>
        <unique-id>1653055089123473-10</unique-id>
        <command>mkisofs -Jro /vms/iso/tmp.iso %F</command>
        <description>make iso in vms/iso/tmp.iso</description>
        <patterns>*</patterns>
        <startup-notify/>
        <directories/>
        <audio-files/>
        <image-files/>
        <other-files/>
        <text-files/>
        <video-files/>
</action>
<action>
        <icon>go-bottom</icon>
        <name>mount data</name>
        <unique-id>1653055065395840-9</unique-id>
        <command>guestmount --add %f --mount /dev/sda1 /vms/data</command>
        <description>guest mount in /vms/data</description>
        <patterns>*.qcow2;*.img;*.raw</patterns>
        <other-files/>
</action>
<action>
        <icon>go-top</icon>
        <name>unmount data</name>
        <unique-id>1653055105839871-11</unique-id>
        <command>guestunmount /vms/data</command>
        <description>guest unmount /vms/data</description>
        <patterns>*</patterns>
        <startup-notify/>
        <directories/>
        <audio-files/>
        <image-files/>
        <other-files/>
        <text-files/>
        <video-files/>
</action>cuckoo
direct
$pip install -U cuckoovirtualenv
cd /opt
virtualenv venv
. venv/bin/activate
$pip install -U cuckooxubuntu 18.04 bionic
update
sudo apt update
sudo apt list --upgradable
sudo apt dist-upgrade
sudo apt autoremove
sudo apt autoclean
sudo apt cleansystem
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/rtl_nic/
cd /tmp
wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/rtl_nic/rtl8168fp-3.fw
wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/rtl_nic/rtl8125a-3.fw
sudo cp rtl81* /lib/firmware/rtl_nic/
sudo update-initramfs -uprepare
. /server/server.conf
. /server/install.conf
sudo mount /btrfs/sys
sdate=$(date +%s)
btrfs_sys=focal
btrfs_user=user-focalgrub
# update /etc/grub/40_custom
sudo sed -i '/^GRUB_TIMEOUT=/ s|=.*|=2|' /etc/default/grub
sudo update-grubinit
path_install_conf=${S_PATH_INSTALL_CONF/install-desktop/install}
path_install_bash_completion=${S_PATH_INSTALL_CONF}/bash-completion
file_env=${S_PATH_SCRIPT_CONF}/env
file_bash_aliases=${S_PATH_SCRIPT_CONF}/.bash_aliases
file_bash_functions=${S_PATH_SCRIPT_CONF}/.bash_functions
file_vimrc="${S_PATH_SCRIPT_CONF}/.vimrc"
sudo software-properties-gtk
sudo adduser ${USER} users; sudo adduser ${USER} www-data
sudo adduser ${USER} audio; sudo adduser ${USER} video
file=~/.bash_aliases
[ -e ${file} ] && _eval rm ${file}
ln -s ${file_bash_aliases} ${file}
file=~/.bash_functions
[ -e ${file} ] && _eval rm ${file}
ln -s ${file_bash_functions} ${file}
sudo cp -a ${S_PATH_INSTALL_CONF}/bash-completion/* /usr/share/bash-completion/completions/
file=~/.bashrc
cp -a ${file} ${file}.${sdate}
sed -i 's|^\(HISTSIZE\)=.*$|\1=10000|' ${file}
sed -i 's|^\(HISTFILESIZE\)=.*$|\1=20000|' ${file}
sed -i '/^#force_color_prompt/ s|^#||' ${file}
color='\\[\\033[01;34m\\]'
sed -i 's|^\( *\)\(PS1.*033.*32m.*\)$|\1PS1="\${debian_chroot:+(\$debian_chroot)}\\['${color}'\\]\\u\\[\\e[1;37m\\]@\\['${color}'\\]\\h\\[\\e[1;37m\\]:\\W\\['${color}'\\]\$\\[\\e[0;0m\\]\"|' ${file}
sed -i 's|^#\?\(force_color_prompt\).*$|\1=yes|' ${file}
grep -q "${file_env}" ${file} || echo "
# source global variables
[ -f ${file_env} ] && . ${file_env}
[ -f ~/.bash_functions ] && . ~/.bash_functions
" >> ${file}
grep -q '. ~/.bash_aliases' ${file} || echo "[ -f ~/.bash_aliases ] && . ~/.bash_aliases
"  >> ${file}
. ${file}
sudo cp -a /btrfs/sys/${btrfs_sys}/etc/hosts /etc/hosts
/home/shared/dev/keep/share-link nikitaroot
file="/root/.bashrc"
sudo cp -a /root/.bashrc /root/.bashrc$(date +%s)
color_root="\033[01;31m"
case "$S_SERVER_TYPE" in    home)   color='\\[\\033[01;34m\\]' ;;   ovh)    color='\\[\\033[01;32m\\]' ;;   vz)     color='\\[\\033[01;33m\\]' ;;   lxd)    color='\\[\\033[01;33m\\]' ;;   kvm)    color='"\\[\\033[01;38;5;172m\\]' ;;    *)      color='\\[\\033[01;34m\\]'; color_root=$color ;; esac
# force color
sudo sed -i '/^#force_color_prompt=/ s|#||' ${file}
# PS1
ps1='${debian_chroot:+($debian_chroot)}'${color}'\\h\\[\\033[00m\\]\\w\\[\\033[01;31m\\]\\$\\[\\033[00m\\]'
# no root
#ps1='${debian_chroot:+($debian_chroot)}\\[\\033[01;31m\\]\\u\\[\\033[00m\\]@\\[\\033[01;32m\\]\\h\\[\\033[00m\\]:\\w\\[\\033[01;31m\\]\\$\\[\\033[00m\\]'
sudo sed -i "\|if \[ \"\$color_prompt\" = yes \]|{n;s|=.*|='$ps1'|}" ${file}
! sudo grep -q "${S_PATH_SCRIPT_CONF}/env" ${file} && sudo sh -c "echo '
# source global variables
[ -f ${S_PATH_SCRIPT_CONF}/env ] && . ${S_PATH_SCRIPT_CONF}/env
# aliases
[ -f ~/.bash_aliases ] && . ~/.bash_aliases
# functions
[ -f ~/.bash_functions ] && . ~/.bash_functions
' >> ${file}"
file=/root/.bash_aliases
sudo [ -f ${file} ] && sudo rm ${file}
sudo ln -s "$file_bash_aliases" ${file}
file=/root/.bash_functions
sudo [ -f ${file} ] && sudo rm ${file}
sudo ln -s "$file_bash_functions" ${file}
file=/root/.vimrc
sudo [ -f ${file} ] && sudo rm ${file}
sudo ln -sv "${file_vimrc}" ${file}snap
snap list --all
# sudo snap remove --revision ${rev} ${pck}install
sudo apt install -y curl debconf-utils gnupg2 htop net-tools p7zip-full p7zip-rar pv rar testdisk tree unrar xsysinfo
sudo apt install -y meld most lnav dconf-editor galculator
sudo apt install -y binutils-common bsdmainutils pev wxhexeditor # binwalk
sudo apt install -y gpicview thunar-media-tags-plugin tumbler-plugins-extraforensic
sudo apt install -y binutils-common bsdmainutils pev radare2 bless wxhexeditor # binwalkvim
sudo apt install -y vim
cd
ln -sv "${file_vimrc}" .vimrc
sudo cp /home/shared/dev/install/conf/vim/* /usr/share/vim/vim*/colors/tmux
sudo apt install -y tmux
ln -vs /usr/local/bs/conf/.tmux.conf .tmux.conf
ln -sv /home/shared/.tmux.tmux
cd /usr/share/bash-completion/completions/
sudo rm tmux
sudo ln -sv tmux.git tmux
tmux athunar
sudo cp -a /btrfs/sys/user-pahvo/.config/Thunar/uca.xml ~/.config/Thunar/qt5
sudo apt install -y qt5ct qt5-gtk-platformtheme qt5-style-plugins
sudo sh -e 'echo "QT_QPA_PLATFORMTHEME=qt5ct" >> /etc/environment'
export QT_QPA_PLATFORMTHEME=qt5ctplank
sudo apt install -y plank
path=~/.config/autostart
[ -d ${path} ] || mkdir ${path}
echo '[Desktop Entry]
Encoding=UTF-8
Version=0.9.4
Type=Application
Name=plank
Comment=plank
Exec=plank
OnlyShowIn=XFCE;
RunHook=0
StartupNotify=false
Terminal=false
Hidden=false' > ${path}/plank.desktop
plank --preferences &sublimetext
file="/etc/hosts"
sudo sh -c "echo '\n# sublime-text hack\n127.0.0.1\tsublimetext.com\n127.0.0.1\twww.sublimetext.com\n127.0.0.1\tlicense.sublimehq.com' >> ${file}"
ips="45.55.255.55"
for ip in ${ips}; do sudo iptables -A OUTPUT -d ${ip} -j DROP; done
path=/etc/iptables
[ -d "${path}" ] || sudo mkdir "${path}"
sudo sh -c 'iptables-save > /etc/iptables/rules.v4'
cat ${S_PATH_INSTALL_CONF}/soft/sublime-text.license
path=~/.local/share/applications
[ -d "${path}" ] || sudo mkdir "${path}"
tar xzf /ext/shared/Soft/linux/backup/sublime_text_20220516-1652694297.tar.gz -C /tmp/
cd /tmp/
mv opt/sublime_text/ /opt/
mv home/nikita/.config/sublime-text-3/ ~/.config/
mv home/nikita/.sublime-project/ ~/
mv home/nikita/.local/share/applications/sublime-text.desktop ~/.local/share/applications/
[ -e ~/.local/share/applications ] || mkdir ~/.local/share/applications
mv home/nikita/.local/share/applications/sublime-text.desktop ~/.local/share/applications/
mozilla
sudo add-apt-repository -y ppa:ppa-mozillateam
sudo apt remove --purge firefox
sudo snap remove --purge firefox
sudo sh -c "echo 'Package: *
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001' > /etc/apt/preferences.d/mozilla-firefox"
apt policy firefox
sudo apt install -y firefox
cd
cp -a /home/shared/.mozilla.ubu /home/shared/.mozilla.ubu.${sdate}
ln -sv /home/shared/.mozilla.ubu .mozilla
cp -a /home/shared/.thunderbird.ubu /home/shared/.thunderbird.ubu.${sdate}
ln -sv /home/shared/.thunderbird.ubu .thunderbirdmudita24
sudo apt install -y mudita24
echo "[Desktop Entry]
Encoding=UTF-8
Version=0.9.4
Type=Application
Name=mudita24
Comment=mudita24
Exec=mudita24
OnlyShowIn=XFCE;
StartupNotify=false
Terminal=false
Hidden=true" >  ~/.config/autostart/mudita24.desktopgmusicbrowser
sudo add-apt-repository ppa:tomtomtom/gmusicbrowser
sudo apt update
sudo apt install -y gmusicbrowser
sudo cp -a /btrfs/sys/user-pahvo/.config/gmusicbrowser ~/.config/
gmusicbrowser &background
# background desktop
sudo cp /home/shared/dev/install-desktop/conf/wp/xubuntu-development-dark.jpg /usr/share/xfce4/backdrops/
# shortcut keyboard
# xfce4-terminal / shift+ctrl+alt-t
# xfce4-terminal -e "tmux a" / ctrl+alt-t
# xfce4-popup-whiskermenu / Super Lmeld
sudo cp /home/shared/dev/install-desktop/conf/soft/meld-dark.xml /usr/share/meld/styles/end
sudo apt update
sudo apt autoremove
sudo apt autoclean
sudo apt cleanUSB
RTL8821CU
https://github.com/brektrou/rtl8821CU
RTL88x2BU / RTL8822BU
manjaro
https://github.com/cilynx/rtl88x2BU_WiFi_linux_v5.3.1_27678.20180430_COEX20180427-5959
ubuntu
PACKAGE
package states
not-installed # The package is not installed on your system
config-files # Only the configuration files of the package exist on the system
half-installed # The installation of the package has been started, but not completed for some reason
unpacked # The package is unpacked, but not configured
half-configured # The package is unpacked and configuration has been started, but not yet completed for some reason
triggers-awaited # The package awaits trigger processing by another package
triggers-pending # The package has been triggered
installed # The package is correctly unpacked and configuredpackage selection states
install # The package is selected for installation
hold # A package marked to be on hold is not handled by dpkg, unless forced to do that with option --force-hold
deinstall # The package is selected for deinstallation (i.e. we want to remove all files, except configuration files)
purge # The package is selected to be purged (i.e. we want to remove everything from system directories, even configuration files)package flags
ok # A package marked ok is in a known state, but might need further processing
reinstreq # A package marked reinstreq is broken and requires reinstallation. These packages cannot be removed, unless forced with option --force-remove-reinstreqACTIONS
-i, --install package-file... # Install the package. If --recursive or -R option is specified, package-file must refer to a directory instead
--unpack package-file... # Unpack the package, but don't configure it. If --recursive or -R option is specified, package-file must refer to a directory instead
--configure package...|-a|--pending # Configure a package which has been unpacked but not yet configured.  If -a or --pending is given instead of package, all unpacked but unconfigured packages are configured
--triggers-only package...|-a|--pending # Processes only triggers
-r, --remove package...|-a|--pending # Remove  an  installed  package
-V, --verify [package-name...] # Verifies the integrity of package-name or all packages if omitted, by comparing information from the files installed by a package with the files metadata information stored in the dpkg database
-C, --audit [package-name...] # Performs  database  sanity  and consistency checks for package-name or all packages if omitted (per package checks
--update-avail [Packages-file] # Update dpkg's & old  information  is  replaced  with  the information  in  the  Packages-file
--merge-avail [Packages-file] # Update dpkg's & old information is combined with information from Packages-file
-A, --record-avail package-file... # Update dpkg and dselect's idea of which packages are available with information from the package package-file
--clear-avail # Erase the existing information about what packages are available
--get-selections [package-name-pattern...] # Get list of package selections, and write it to stdout
--set-selections # Set package selections using file read from stdin
--clear-selections # Set the requested state of every non-essential package to deinstall
--yet-to-unpack # Searches for packages selected for installation, but which for some reason still haven't been installed
--predep-package # Print a single package which is the target of one or more relevant pre-dependencies and has itself no unsatisfied pre-dependencies
--add-architecture architecture # Add  architecture  to  the  list of architectures for which packages can be installed without using --force-architecture
--remove-architecture architecture # Remove architecture from the list of architectures for which packages can be installed without using --force-architecture
--print-architecture # Print architecture of packages dpkg installs
--print-foreign-architectures # Print a newline-separated list of the extra architectures dpkg is configured to allow packages to be installed for
--assert-feature # Asserts  that  dpkg  supports  the  requested  feature.     assertable features is:
    support-predepends # Supports the Pre-Depends field
    working-epoch # Supports epochs in version strings
    long-filenames # Supports long filenames in deb(5) archives
    multi-conrep # Supports multiple Conflicts and Replaces
    multi-arch # Supports multi-arch fields and semantics
    versioned-provides # Supports versioned Provides
--validate-thing string # Validate that the thing string has a correct syntax. validatable things is:
    pkgname # Validates the given package name
    trigname # Validates the given trigger name
    archname # Validates the given architecture name
    version # Validates the given version
--compare-versions ver1 op ver2 # Compare  version  numbers,  where op is a binary operator. dpkg returns true (0) if the specified condition is satisfied, and false (1) otherwise
-?, --help # Display a brief help message
--force-help # Give help about the --force-thing options
-Dh, --debug=help # Give help about debugging options
--version # Display dpkg version information
dpkg-deb actions # See dpkg-deb(1) for more information about the following actions
    -b, --build directory [archive|directory] # Build a deb package
    -c, --contents archive # List contents of a deb package
    -e, --control archive [directory] # Extract control-information from a package
    -x, --extract archive directory # Extract the files contained by package
    -X, --vextract archive directory # Extract and display the filenames contained by a
      package
    -f, --field  archive [control-field...]Display control field(s) of a package
    --ctrl-tarfile archiveOutput the control tar-file contained in a Debian package
    --fsys-tarfile archiveOutput the filesystem tar-file contained by a Debian package
    -I, --info archive [control-file...]Show information about a package
dpkg-query actions # See dpkg-query(1) for more information about the following actions
    -l, --list package-name-pattern... # List packages matching given pattern
    -s, --status package-name... # Report status of specified package
    -L, --listfiles package-name... # List files installed to your system from package-name
    -S, --search filename-search-pattern... # Search for a filename from installed packages
    -p, --print-avail package-name... # Display details about package-name, as found in /var/lib/dpkg/available. Users of APT-based frontends should use apt-cache show package-name insteadOPTIONS
--abort-after=number # Change after how many errors dpkg will abort. The default is 50
-B, --auto-deconfigure # When a package is removed, there is a possibility that another installed package depended on the removed package
-Doctal, --debug=octal # Switch debugging on
--force-things
--no-force-things, --refuse-things # Force or refuse (no-force and refuse mean the same thing) to do some things
--ignore-depends=package,... # Ignore dependency-checking for specified packages
--no-act, --dry-run, --simulate # Do everything which is supposed to be done, but don't write any changes
-R, --recursive # Recursively handle all regular files matching pattern *.deb found at specified directories and all of its subdirectories
-G # Don't install a package if a newer version of the same package is already installed. This is an alias of --refuse-downgrade
--admindir=dir # Change default administrative directory, which contains many files that give information about status of installed or uninstalled packages, etc
--instdir=dir # Change default installation directory which refers to the directory where packages are to be installed
--root=dir # Changing root changes instdir to «dir» and admindir to «dir/var/lib/dpkg»
-O, --selected-only # Only process the packages that are selected for installation
-E, --skip-same-version # Don't install the package if the same version of the package is already installed
--pre-invoke=command
--post-invoke=command # Set an invoke hook command to be run via “sh -c” before or after the dpkg run for the unpack, configure,  install,  triggers-only,  remove,  purge,  add-architecture  and  remove-architecture  dpkg  actions
--path-exclude=glob-pattern
--path-include=glob-pattern # Set glob-pattern as a path filter, either by excluding or re-including previously excluded paths matching the specified patterns during install
--verify-format format-name # Sets the output format for the --verify command
--status-fd n # Send machine-readable package status and progress information to file descriptor n
--status-logger=command # Send machine-readable package status and progress information to the shell command s standard input, to be run via “sh -c”
--log=filename #  # Log status change updates and actions to filename, instead of the default /var/log/dpkg.log
--no-debsig # Do not try to verify package signatures
--no-triggers # Do  not  run  any  triggers  in  this run
--triggers # Cancels a previous --no-triggersGRUB COMMAND
press 'c' while launching to interrupt grub launching and entre in grub command
CHANGE GRUB DISPLAY RESOLUTION
vbeinfo # list available resolutionsmodify in /etc/default/grub (ex: 800x600)
GRUB_GFXMODE=$resolutionCLEAR SECTOR 32
dd if=/dev/zero of=/dev/sda bs=512 count=1 seek=32
grub-install $deviceUSB3 MSI GAMING
add in /etc/default/grub
GRUB_CMDLINE_LINUX="iommu=soft"LXD
/etc/default/grub
GRUB_CMDLINE_LINUX="... systemd.unified_cgroup_hierarchy=0GRUB_TIMEOUT
Modify set timeout for choosed value in /boot/grub/grub.cfg
if [ "$recordfail_broken" = 1 ]; then
    cat << EOF
    if [ \$grub_platform = efi ]; then
        set timeout=${GRUB_RECORDFAIL_TIMEOUT:-30}
        if [ x\$feature_timeout_style = xy ] ; then
            set timeout_style=menu
        fi
    fi
    EOF
fiMANJARO
OS real name for btrfs
file="/etc/grub.d/30_os-prober"
file_keep="$file.keep$(date +%s)"
if ! grep -q 'LONGNAME="${LONGNAME} ${BTRFSsubvol/#subvol=/}"' "$file"; then
    sudo cp -a "$file" "$file.keep$(date +%s)" && sudo chmod -x "$file_keep"
    sudo sed -i "/LONGNAME=\"\${LABEL}\"/ a\  else\n    LONGNAME=\"\${LONGNAME} \${BTRFSsubvol/#subvol=/}\"" "$file"
    sudo update-grub
fiUBUNTU 18.04
Remove error in startup log : systemd-backlight@backlight:acpi_video0.service, add in /etc/default/grub
acpi_osi='!Windows 2012' 
acpi_backlight=vendor in GRUB_CMDLINE_LINUX_DEFAULT  in /etc/default/grubBOOT ENTRY
https://linux.die.net/man/8/efibootmgr
efibootmgr
efibootmgr # list all boot entries
-v # list all boot entries with details
-B -b XXXX # delete boot entry number XXXXexample for 970g
efibootmgr -c -g -d /dev/sda1 -p 1 -w -L 'Manjaro' -l '\EFI\Manjaro\grubx64.efi'
efibootmgr -c -g -d /dev/sda1 -p 1 -w -L 'ubuntu' -l '\EFI\ubuntu\shimx64.efi'
efibootmgr -c -g -d /dev/sda1 -p 1 -w -L 'Windows Boot Manager' -l '\EFI\Microsoft/Boot\bootmgfw.efi'
>>
Timeout: 1 seconds
BootOrder: 0000,0001,0002
Boot0000* Manjaro HD(1,GPT,8e91a305-046d-4e90-8548-efca286325a7,0x800,0x32000)/File(\EFI\Manjaro\grubx64.efi)
Boot0001* ubuntu  HD(1,GPT,8e91a305-046d-4e90-8548-efca286325a7,0x800,0x32000)/File(\EFI\ubuntu\shimx64.efi)
Boot0002* Windows Boot Manager  HD(1,GPT,8e91a305-046d-4e90-8548-efca286325a7,0x800,0x32000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)256colors for nested tmux
20.04
export TERM=xterm-256colorturn off/disable bluetooth device startup
18.04
grep -n DEVICES_TO_DISABLE_ON_STARTUP /etc/default/tlpauto login
sudo sh -c "echo '
# autologin
[Seat:*]
autologin-session=xubuntu
autologin-user=${USER}
autologin-user-timeout=0' >> /etc/lightdm/lightdm.conflets you install, configure, refresh and remove snaps. Snaps are packages that work across many different Linux distributions, enabling secure delivery and operation of the latest apps and utilities
list
list installed package with last revision
snap list
  -all # list installed package with all resionsinfo
shows detailed information about snaps
snap info <snap>
  --color=[auto|never|always] # Use a little bit of color to highlight some things. (default: auto)
  --unicode=[auto|never|always] # Use a little bit of Unicode to improve legibility. (default: auto)
  --abs-time # Display absolute times (in RFC 3339 format). Otherwise, display relative times up to 60 days, then YYYY-MM-DD
  --verbose # Include more details on the snap (expanded notes, base, etc.)find
find package with his name
snap find <snap>remove
remove package with all revisions
sudo snap remove <snap>
 --revision $REV # remove package with for only a revisionpurge disabled
snap list --all | grep disabled$ | awk '{ print $1" "$3 }' | xargs -l bash -c 'sudo snap remove $0 --revision $1'GENERAL
user
modify user
mv /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.keep # xubuntu autologin
# reboot / alt+f1 -> root
old=virt
new=foralyse
usermod -l $new $old -d /home/$new -m
#usermod -d /home/$new -m $new
#mv /home/$old /home/$new
groupmod -n $new $old
sed -i "/^$new/ s|$old|$new|" /etc/passwd
sed -i "/^$old/ s|$old|$new|" /etc/subuid
sed -i "/^$old/ s|$old|$new|" /etc/subgid
sed -i "s|/$old/|/$new/|" /home/$new/.config/gtk*/bookmarks
mv /etc/lightdm/lightdm.conf.keep /etc/lightdm/lightdm.conf # xubuntu autologin
sed -i "s|$old|$new|" /etc/lightdm/lightdm.conf # xubuntu autologin
grep $old /etc -r
rebootcolor
echo $LS_COLORS # ls colors
~/.dir_colors # file define ls colorsgnome-terminal
Gnome-terminal: unbind F1 & F10, edit preferences
- prefertences tab : unselect F10
- shorcut tab : in last unselect F1
Launch fews tabs with command
gnome-terminal --tab --tab -e 'ssh-connect ns398616' --tab -e 'ssh-connect ns398616'autostart
~/.config/autostart # home path
/etc/xdg/autostart # system path
sudo sed -i 's|^\(X-GNOME-Autostart-enabled=\).*$|\1false|' $path.desktop # desactivate system autostartUPDATE-ALTERNATIVES
update-alternatives creates, removes, maintains and displays information about the symbolic links comprising the Debian alternatives system
update-alternatives [<option> ...] <command>
 --get-selections # get all configuration
 --display $NAME # display information about $NAME group
 --install $LINK $NAME $PATH $PRIORITY  # add an altyernative for a group
 --config $NAME # define the alternative for a group by chosing defined alternatives
 --set $NAME $PATH # set alternative $NAME for a group $PATHexample for sublime:
update-alternatives --get-selections
update-alternatives --display gnome-text-editor
sudo update-alternatives --install /usr/bin/gnome-text-editor gnome-text-editor /usr/bin/sublime-text 100
update-alternatives --display gnome-text-editor
sudo update-alternatives --config gnome-text-editorMIME type
https://help.ubuntu.com/community/AddingMimeTypes
player
aplay / arecord
sound player & recorder for alsa soundcard driver
paplay
play sound from pulseaudio-utils