Commit e5c5cc18 authored by Clark's avatar Clark
Browse files

Removing stale workstation stuff

parent a9c99108
......@@ -61,104 +61,7 @@ Then flash the ISO to the USB.
sudo dd if=Qubes-R4.0.3-x86_64.iso of=/dev/sda status=progress
* Debian 10 Images
Unfortunately, more often than not, I've found it necessary to use the unofficial version including support for non-free firmware for my machines.
[[][Current and official Debian ISO files]].
[[][Current Debian ISO files including non-free firmware]].
I always roll with the *xfce* images. Install Debian 10 to bare metal using a flashed USB drive. Assuming an attached flash USB drive is identified as =/dev/sda= (verify using =lsblk=), flash the ISO to the USB drive using the following.
#+begin_src sh
# First I format the disk and ensure all bits are zero
sudo dd if=/dev/zero of=/dev/sda status=progress
sudo dd if=~/debian-live-10.2.0-amd64-xfce+nonfree.iso of=/dev/sda status=progress
Insert the USB, then boot from the flashed drive and proceed with installation. My default username is =user=.
* Sudo User Account
Login as =user=. Then get *root*, once and nevermore, using =su -=. Grant sudo rights to =user=, then login again.
usermod -aG sudo user && \
Logout and in to receive sudo privileges on the =user= account.
xfce4-session-logout -l
* TODO Firmware updates
My Lenovo Thinkpad requires some non-free firmware which, unfortunately, I need to enable for full functionality.
** TODO Graphics card
The graphics card is an NVIDIA Quadro M2200, which supports multiple monitors with the proper firmware. Download and install the latest driver (version 440.82 as of June 2020). Use [[][this link]] to search for the latest driver or just install an older version and update it using =apt= (is this true????????).
See here:
** TODO WiFi
See here:
** TODO +?
See here:
* TODO Tor Package Management
For privacy, I use Debian's onion services to download packages from official repositories. First though, this requires installing =tor= and =apt-transport-tor=.
First run =sudo test= to escalate privileges.
#+begin_src sh
sudo apt update && \
sudo apt upgrade -y && \
sudo apt install -y tor apt-transport-tor && \
sudo rm /etc/apt/sources.list && \
sudo bash -c 'cat <<EOT >> /etc/apt/sources.list
# Debian 10, Buster!
# Repos over TOR:
deb tor+http://vwakviie2ienjx6t.onion/debian buster main
deb-src tor+http://vwakviie2ienjx6t.onion/debian buster main
deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security buster/updates main
deb-src tor+http://sgvtcaew4bxjd7ln.onion/debian-security buster/updates main
deb tor+http://vwakviie2ienjx6t.onion/debian buster-updates main
deb-src tor+http://vwakviie2ienjx6t.onion/debian buster-updates main
EOT' && \
sudo apt update
Thereafter, I download a few based utilities over tor and specify a time-zone.
sudo apt install -y net-tools curl vim unzip apt-transport-https software-properties-common autoconf libtool \
lynis flashrom xscreensaver yubikey-manager yubikey-personalization-gui keepassxc nextcloud-desktop xclip \
dnsutils whois apache2-utils && \
sudo timedatectl set-timezone America/Los_Angeles
* Enable Firewalls
* TODO Enable Firewalls
Install and enable firealls.
......@@ -167,7 +70,7 @@ sudo apt install -y ufw && \
sudo ufw --force enable
* Enforce VPN Routing
* TODO Enforce VPN Routing
This requires some kind of VPN access. I'm using a low cost VPN provider, PIA. After signing up, the provide authentication credentials, what I'm using below as =vpn_username= and =vpn_password=.
......@@ -203,7 +106,7 @@ Test the VPN service initializes using =sudo openvpn --config /etc/openvpn/local
Verify the service status using =sudo systemctl status openvpn@local_profile= and checking one's public IP using =wget --secure-protocol=PFS --https-only -qO-
* Setup SSH
* TODO Setup SSH
Create an ssh-key, and update config.
......@@ -215,7 +118,7 @@ LogLevel=VERBOSE
* Wazuh Agent - Endpoint Security
* TODO Wazuh Agent - Endpoint Security
Wazuh is an HIDS system, which is a fork of OSSEC built on the ELK stack. I'll install a Wazuh agent that I use to send data to a Wazuh server deployed elsewhere (e.g., on =
......@@ -229,7 +132,7 @@ sudo WAZUH_MANAGER="" apt install wazuh-agent -y
For addition steps registering agents to the Wazuh manager, see [[][the Wazuh guide]].
* Harden Firefox
* TODO Harden Firefox
Go through all the about:preferences particularly the /search/ and /privacy & security/ settings.
......@@ -241,7 +144,7 @@ Add and enable the following extensions, in the following order:
5) [[][Pay by]]
6) [[][Floccus]]
* Git
* TODO Git
Live and die by Git. I'm using the handle =sentry=.
......@@ -295,19 +198,6 @@ wget
sudo dpkg -i Whalebird-4.1.0-linux-x64.deb
* TODO Virtual Manager
* TODO VMware Workstation Pro
This requires virtualization enabled in the laptop's BIOS settings.
sudo apt install -y gcc build-essential && \
wget --secure-protocol=PFS --https-only -O /tmp/vmware.bin && \
sudo bash /tmp/vmware.bin
After a few minutes to download the files, a GUI will popup to complete the installation.
* Python 3
Install various libraries for Python.
......@@ -349,18 +239,6 @@ sudo apt install radare2 && \
r2pm init && \
r2pm -i rarop
* Bluetooth
I use =blueman=, as specified in the [[][Debian Bluetooth setup guide]].
#+begin_src sh
sudo apt install -y pulseaudio pulseaudio-module-bluetooth pavucontrol bluez-firmware && \
sudo sed -i '/ExecStart=\/usr\/lib\/bluetooth\/bluetoothd/c\ExecStart=\/usr\/lib\/bluetooth\/bluetoothd --noplugin=sap' /etc/systemd/system/ && \
sudo systemctl daemon-reload && \
sudo systemctl restart bluetooth && \
sudo killall pulseaudio && \
sudo apt install -y blueman
* TODO Cell Phone Utilities
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment