Linux / Unix
Desktop environnement
https://github.com/Kazhnuz/awesome-gnome
Polybar
#TODEEPEN
Polybar est un utilitaire permettant de faire une barre de status dans le bureau de l'user, fonctionne avec des UNIX-based OS. 11k likes github
X Desktop Environments
You cannot talk about a unified Linux look because there is no such thing.
GNOME
GNOME 3 is an easy and elegant way to use your computer. It is designed to put you in control and bring freedom to everybody. GNOME 3 is developed by the GNOME community, a diverse, international group of contributors that is supported by an independent, non-profit foundation.
KDE
The KDE® Community is an international technology team dedicated to creating a free and user-friendly computing experience, offering an advanced graphical desktop, a wide variety of applications for communication, work, education and entertainment and a platform to easily build new applications upon. We have a strong focus on finding innovative solutions to old and new problems, creating a vibrant atmosphere open for experimentation.
Xfce
Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly.
LXDE
The "Lightweight X11 Desktop Environment" is an extremely fast-performing and energy-saving desktop environment. Maintained by an international community of developers, it comes with a beautiful interface, multi-language support, standard keyboard short cuts and additional features like tabbed file browsing. LXDE uses less CPU and less RAM than other environments. It is especially designed for cloud computers with low hardware specifications, such as netbooks, mobile devices (e.g. MIDs) or older computers. LXDE can be installed on many Linux distributions including Debian, Fedora, OpenSUSE and Ubuntu. It is the standard for Knoppix and lubuntu. LXDE also runs on OpenSolaris and BSD. LXDE provides a fast desktop experience; connecting easily with applications in the cloud. LXDE supports a wealth of programs that can be installed locally with Linux systems. The source code of LXDE is licensed partly under the terms of the GNU General Public License and partly under the LGPL.
Other Desktop Environments
- Cinnamon - Strives to provide a traditional user experience.
- EDE - Small desktop environment built to be responsive, light in resource usage and to have a familiar look and feel.
- LXQt - Qt port and the upcoming version of LXDE, the Lightweight Desktop Environment. It is the product of the merge between the LXDE-Qt and the Razor-qt projects: A lightweight, modular, blazing-fast and user-friendly desktop environment.
- MATE - Provides an intuitive and attractive desktop to Linux users using traditional metaphors. Fork of GNOME 2.
- Pantheon - Pantheon is the default desktop environment originally created for the elementary OS distribution. The desktop has some similarities with GNOME Shell and macOS.
X Windows Managers
- 9wm - Window manager that attempts to emulate the Plan 9 window manager 8-1/2 as far as possible within the constraints imposed by X.
- awesome - Highly configurable window manager for X. Fast and extensible.
- Blackbox - Lightweight window manager for the X window system, without library dependencies. Built using C++.
- bspwm - Tiling window manager that represents windows as the leaves of a full binary tree.
- Compiz - OpenGL compositing window manager. It has a plug-in system to be changed at runtime.
- dwm - Dynamic window manager for X. It manages windows in tiled, monocle and floating layouts. All of the layouts can be applied dynamically, optimising the environment for the application and task performed.
- Enlightenment - Window manager bundled with a whole suite of libraries to help you create beautiful user interfaces.
- Fluxbox - Window manager for X, lightweight and easy to handle but full of features to make an easy and fast desktop experience. Built using C++.
- FVWM - ICCCM-compliant multiple virtual desktop window manager for X. Extremely powerful.
- i3 - Tiling window manager. BSD-licensed. Primarily targeted at advanced users and developers.
- IceWM - Window manager with the goal of being fast, simple, and not getting in the user's way.
- JWM - Lightweight window manager for X11. Good choice for older and/or less powerful systems, though perfectly capable of running on modern systems. Built using C.
- Matchbox - Environment for X running on non-desktop embedded platforms such as handhelds, set-top boxes, kiosks and anything else for which screen space, input mechanisms or system resources are limited.
- Mutter - Window manager for X. Default window manager in GNOME 3.
- Openbox - Highly configurable window manager with extensive standards support.
- ratpoison - A simple window manager with no library dependencies, no graphics, and no decorations. Modeled after GNU Screen.
- Sawfish - Extensible window manager. Its aim is to manage windows in the most flexible and attractive manner possible. Built using Lisp-based scripting language.
- wmii - Small, scriptable window manager, with a 9P filesystem interface and an acme-like layout.
- xmonad - Dynamically tiling X11 window manager. Makes work easier by automating aligning and searching for windows. Built using Haskell.
Package managers
NIX
*Nix is a powerful package manager for Linux and other Unix systems that makes package management reliable and reproducible.*
Packages linux ubuntu et debians usefull
Liste des paquets utiles pour debian et linux
Touchégg
Open source, ajoute l’utilisation des gestures pour la touchbar 3, 4, 5 doigts
https://github.com/JoseExposito/touchegg
Ajouter la reconnaissance d’empreinte digitale
sudo apt intall fprintd
toute l’explication disponible ci-dessous
Drive (google drive)
fonctionne comme un outil de versionning.
https://github.com/odeke-em/drive
flatpak install drive
INTERESTING OS
List d’OS qui me semblent intéressant, pour la cybersec, pour le design, l’accessibilité / / le dev
Burn des OS
permet de burn des os sur SD et USB
balenaEtcher - Flash OS images to SD cards & USB drives
Parrot OS
Parrot OS est un système de plus de 600 outils de cybersec, mais il existe aussi dans différentes versions pour la bureautique, les mini ordinateurs, l’IOT.
Specs
Minimum 1.5 GO de RAM, un stockage à 20 go mini requis.
Kali Linux
Kali est un peu une des bases des OS destinés à la Cybersec.
Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
Specs
Minimum 1.5 GO de RAM, un stockage à 20 go mini requis.
Archlinux
Os kompliké archlinux wiki
Blackarch linux
Black arch est moins connu que les deux précédents et à la particularité de correpondre aux clichés du hacking dans le cinéma. Black arch est basé sur Arch linux.
Alipine linux
Alpine est réputé car ultra léger, donc ultra sécurisé car peu d’outils qui pourraient ajouter des vulnérabilités, très simple d’utilisation no GUI.
Specs
Minimum 1.5 GO de RAM, l’image fait 8 mo et nécessite en moyenne 130 mo de stockage.
Pop!_OS
Os open source, design attrayant.
gentoo linux
Os utilisé pour faire de la sec et de l'embarqué. gentoo wiki
JingOS
OS pour les tablettes.JingOS
Distributions
Distributions are organized into three different categories: for beginners, for intermediate users and for advanced users. In those categories, the distributions are organized in the alphabetical order.
Beginners
elementary OS
elementary OS is an Ubuntu-based desktop distribution. Some of its more interesting features include a custom desktop environment called Pantheon and many custom apps including Photos, Music, Videos, Calendar, Terminal, Files, and more. It also comes with some familiar apps like the Epiphany web browser and a fork of Geary mail.
Latest version: elementary OS Juno (5.0)
Default Desktop Environment: Pantheon
Fedora
Fedora (formerly Fedora Core) is a Linux distribution developed by the community-supported Fedora Project and owned by Red Hat. Fedora contains software distributed under a free and open-source license and aims to be on the leading edge of such technologies. Fedora has a reputation for focusing on innovation, integrating new technologies early on and working closely with upstream Linux communities. The default desktop in Fedora is the GNOME desktop environment and the default interface is the GNOME Shell. Other desktop environments, including KDE, Xfce, LXDE, MATE and Cinnamon, are available. Fedora Project also distributes custom variations of Fedora called Fedora spins. These are built with specific sets of software packages, offering alternative desktop environments or targeting specific interests such as gaming, security, design, scientific computing and robotics.
Latest version: Fedora Twenty Nine (29)
Default Desktop Environment: GNOME
Linux Mint
Linux Mint is an Ubuntu-based distribution whose goal is to provide a more complete out-of-the-box experience by including browser plugins, support for DVD playback, Java and other components. It also adds a custom desktop and menus, several unique configuration tools, and a web-based package installation interface. Linux Mint is compatible with Ubuntu software repositories.
Latest version: Linux Mint Tessa (19.1)
Default Desktop Environment: Cinnamon and MATE
Ubuntu
Ubuntu is a complete desktop Linux operating system, freely available with both community and professional support. The Ubuntu community is built on the ideas enshrined in the Ubuntu Manifesto: that software should be available free of charge, that software tools should be usable by people in their local language and despite any disabilities, and that people should have the freedom to customise and alter their software in whatever way they see fit. "Ubuntu" is an ancient African word, meaning "humanity to others". The Ubuntu distribution brings the spirit of Ubuntu to the software world.
Latest version: Ubuntu 18.10
Default Desktop Environment: GNOME
Intermediate
CentOS
CentOS as a group is a community of open source contributors and users. Typical CentOS users are organisations and individuals that do not need strong commercial support in order to achieve successful operation. CentOS is 100% compatible rebuild of the Red Hat Enterprise Linux, in full compliance with Red Hat's redistribution requirements. CentOS is for people who need an enterprise class operating system stability without the cost of certification and support.
Latest version: CentOS 7.1810
Default Desktop Environment: GNOME
Debian GNU/Linux
The Debian Project is an association of individuals who have made common cause to create a free operating system. This operating system is called Debian. Debian systems currently use the Linux kernel. Linux is a completely free piece of software started by Linus Torvalds and supported by thousands of programmers worldwide. Of course, the thing that people want is application software: programs to help them get what they want to do done, from editing documents to running a business to playing games to writing more software. Debian comes with over 50,000 packages (precompiled software that is bundled up in a nice format for easy installation on your machine) - all of it free. It's a bit like a tower. At the base is the kernel. On top of that are all the basic tools. Next is all the software that you run on the computer. At the top of the tower is Debian -- carefully organizing and fitting everything so it all works together.
Latest version: Debian Stretch (9.6)
Default Desktop Environment: GNOME
Mageia
Mageia is a fork of Mandriva Linux formed in September 2010 by former employees and contributors to the popular French Linux distribution. Unlike Mandriva, which is a commercial entity, the Mageia project is a community project and a non-profit organisation whose goal is to develop a free Linux-based operating system.
Latest version: Mageia 6.1
Default Desktop Environment: KDE
Manjaro
Manjaro Linux is a fast, user-friendly, desktop-oriented operating system based on Arch Linux. Key features include intuitive installation process, automatic hardware detection, stable rolling-release model, ability to install multiple kernels, special Bash scripts for managing graphics drivers and extensive desktop configurability. Manjaro Linux offers Xfce as the core desktop options, as well as a minimalist Net edition for more advanced users. Community-supported GNOME 3/Cinnamon and KDE flavours are available. Users also benefit from the supportive and vibrant Manjaro community forum.
Latest version: Manjaro 18.0.2
Default Desktop Environment: XFCE, KDE
openSUSE
The openSUSE project is a community program sponsored by SUSE Linux and other companies. Promoting the use of Linux everywhere, this program provides free, easy access to openSUSE, a complete Linux distribution. The openSUSE project has three main goals: make openSUSE the easiest Linux for anyone to obtain and the most widely used Linux distribution; leverage open source collaboration to make openSUSE the world's most usable Linux distribution and desktop environment for new and experienced Linux users; dramatically simplify and open the development and packaging processes to make openSUSE the platform of choice for Linux developers and software vendors.
Latest version: openSUSE Leap 15.0 and openSUSE Tumbleweed (Rolling Release system)
Default Desktop Environment: KDE, GNOME, XFCE, LXDE (Choose on installation)
Advanced
Arch Linux
Arch Linux is an independently developed, x86_64-optimised Linux distribution targeted at competent Linux users. It uses 'pacman', its home-grown package manager, to provide updates to the latest software applications with full dependency tracking. Operating on a rolling release system, Arch can be installed from a CD image or via an FTP server. The default install provides a solid base that enables users to create a custom installation. In addition, the Arch Build System (ABS) provides a way to easily build new packages, modify the configuration of stock packages, and share these packages with other users via the Arch Linux user repository.
Latest version: Not applicable (Rolling Release system)
Default Desktop Environment: Not applicable (there's no default Desktop environment)
Special Purpose
CoreOS
Specialty: Clusters
CoreOS is a Linux-based operating system for servers. Built from the ground up and designed primarily for the modern data centre, CoreOS provides specialist tools for making the system secure, reliable and up-to-date. Some of the more interesting features of the distribution include reliable updates and patches via FastPatch, a dashboard for managing rolling updates via CoreUpdate, a docker for packaging applications, as well as support for bare metal and many cloud providers.
Kali Linux
Specialty: Penetration testing
Kali Linux (formerly known as BackTrack) is a Debian-based distribution with a collection of security and forensics tools. It features timely security updates, support for the ARM architecture, a choice of four popular desktop environments, and seamless upgrades to newer versions.
Puppy Linux
Specialty: Low system requirements
Puppy Linux is yet another Linux distribution. What's different here is that Puppy is extraordinarily small, yet quite full-featured. Puppy boots into a ramdisk and, unlike live CD distributions that have to keep pulling stuff off the CD, it loads into RAM. This means that all applications start in the blink of an eye and respond to user input instantly. Puppy Linux has the ability to boot off a flash card or any USB memory device, CDROM, Zip disk or LS/120/240 Superdisk, floppy disks, internal hard drive. It can even use a multisession formatted CD-RW/DVD-RW to save everything back to the CD/DVD with no hard drive required at all.
Ubuntu Studio
Specialty: Multimedia creation
Ubuntu Studio is a variant of Ubuntu aimed at the GNU/Linux audio, video and graphic enthusiast as well as professional. The distribution provides a collection of open-source applications available for multimedia creation.
Tails
Specialty: Incognito live system
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete operating system designed to be used from a USB stick or a DVD independently of the computer's original operating system. It is Free Software and based on Debian GNU/Linux. Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc.
a checker
#TODO
https://github.com/Awesome-HarmonyOS/HarmonyOS
LINUX BASICS
https://github.com/Forty-Bot/linux-checklist
Notes
If a command errors or fails, try it again with sudo (or sudo !! to save typing)
Google anything and everything. If you don't know or understand something, google it
When you see the syntax $word, do not type it verbatim, but instead substitute the appropriate word (usually referenced in a previous command).
When the order of steps does not matter, bullet points have been used instead of ordinals.
To edit files, run gedit, a graphical editor akin to notepad; nano, a simple command-line editor; or vim, a powerful but less intuitive command-line editor. Note that vim may need to be installed with apt-get install vim.
Checklist
-
Read the readme
Note down which ports/users are allowed.
-
Do Forensics Questions
You may destroy the requisite information if you work on the checklist!
-
Secure root
set
PermitRootLogin noin/etc/ssh/sshd_config -
Secure Users
-
Disable the guest user.
Go to
/etc/lightdm/lightdm.confand add the lineallow-guest=falseThen restart your session with
sudo restart lightdm. This will log you out, so make sure you are not executing anything important. -
Open up
/etc/passwdand check which users- Are uid 0
- Can login
- Are allowed in the readme
-
Delete unauthorized users:
sudo userdel -r $usersudo groupdel $user -
Check
/etc/sudoers.dand make sure only members of group sudo can sudo. -
Check
/etc/groupand remove non-admins from sudo and admin groups. -
Check user directories.
- cd
/home sudo ls -Ra *- Look in any directories which show up for media files/tools and/or "hacking tools."
- cd
-
Enforce Password Requirements.
-
Add or change password expiration requirements to
/etc/login.defs.PASS_MIN_DAYS 7
PASS_MAX_DAYS 90
PASS_WARN_AGE 14 -
Add a minimum password length, password history, and add complexity requirements.
- Open
/etc/pam.d/common-passwordwith sudo. - Add
minlen=8to the end of the line that haspam_unix.soin it. - Add
remember=5to the end of the line that haspam_unix.soin it. - Locate the line that has pam.cracklib.so in it. If you cannot find that line, install cracklib with
sudo apt-get install libpam-cracklib. - Add
ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-to the end of that line.
- Open
-
Implement an account lockout policy.
- Open
/etc/pam.d/common-auth. - Add
deny=5 unlock_time=1800to the end of the line withpam_tally2.soin it.
- Open
-
Change all passwords to satisfy these requirements.
chpasswdis very useful for this purpose.
-
-
-
Enable automatic updates
In the GUI set Update Manager->Settings->Updates->Check for updates:->Daily.
-
Secure ports
sudo ss -ln- If a port has
127.0.0.1:$portin its line, that means it's connected to loopback and isn't exposed. Otherwise, there should only be ports which are specified in the readme open (but there probably will be tons more). - For each open port which should be closed:
sudo lsof -i :$port- Copy the program which is listening on the port.
whereis $program - Copy where the program is (if there is more than one location, just copy the first one).
dpkg -S $location - This shows which package provides the file (If there is no package, that means you can probably delete it with
rm $location; killall -9 $program).sudo apt-get purge $package - Check to make sure you aren't accidentally removing critical packages before hitting "y".
sudo ss -lto make sure the port actually closed.
-
Secure network
-
Enable the firewall
sudo ufw enable -
Enable syn cookie protection
sysctl -n net.ipv4.tcp_syncookies -
Disable IPv6 (Potentially harmful)
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf -
Disable IP Forwarding
echo 0 | sudo tee /proc/sys/net/ipv4/ip_forward -
Prevent IP Spoofing
echo "nospoof on" | sudo tee -a /etc/host.conf
-
-
Install Updates
Start this before half-way.
- Do general updates.
sudo apt-get update.sudo apt-get upgrade.
- Update services specified in readme.
- Google to find what the latest stable version is.
- Google "ubuntu install service version".
- Follow the instructions.
- Ensure that you have points for upgrading the kernel, each service specified in the readme, and bash if it is vulnerable to shellshock.
- Do general updates.
-
Configure services
-
Check service configuration files for required services. Usually a wrong setting in a config file for sql, apache, etc. will be a point.
-
Ensure all services are legitimate.
service --status-all
-
-
Check the installed packages for "hacking tools," such as password crackers.
-
Run other (more comprehensive) checklists. This is checklist designed to get most of the common points, but it may not catch everything.
Tips
- Netcat is installed by default in ubuntu. You will most likely not get points for removing this version.
- Some services (such as
ssh) may be required even if they are not mentioned in the readme. Others may be points even if they are explicitly mentioned in the readme
nslookup command because it’s another command line tool that is usually available. This tool looks up IP addresses assigned to website domain names.
tracert tool, which sends packets to each router along the path between your computer and the destination you want your traffic to reach.
AppArmor
AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited.
AppArmor security policies completely define what system resources individual applications can access, and with what privileges. Several default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.
Check if AppArmor is installed
AppArmor and it's profiles should already be enabled and running on Parrot OS. To check if AppArmor is active do:
sudo aa-status --enabled; echo $?
The output should return 0. Alternatively run the following command to see the loaded AppArmor profiles:
sudo aa-status
If for any reason AppArmor is not pre-installed, continue reading below.
Install AppArmor
sudo apt install apparmor apparmor-utils auditd
apparmor = main package apparmor-utils = utilities for controlling apparmor profiles auditd = automatic profile generation tools
To enable AppArmor run the followng commands:
sudo mkdir -p /etc/default/grub.d
echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor"' | sudo tee /etc/default/grub.d/apparmor.cfg
sudo update-grub
sudo reboot
Then run the following command to inspect the current state:
sudo aa-status
This will list all loaded AppArmor profiles for applications, processes and detail their status (enforced, complain, unconfined).
For example, to check what is enforce mode, run the following command:
ps auxZ | grep -v '^unconfined'
To install profile, run the following command:
sudo apt install apparmor-profiles apparmor-profiles-extra
AppArmor profiles live in /etc/apparmor.d/.
You can use apparmor_parser(8) to insert them into the kernel. This is
done automatically when installing packages that drop policy in /etc/apparmor.d/.
For example, to set all "extra" profiles (provided in the apparmor-profiles package) to complain mode (except deny rules that are silently enforced, security policy is not enforced and access violations are logged), do the following:
cd /usr/share/doc/apparmor-profiles/extras
cp -i *.* /etc/apparmor.d/
for f in *.*;
do aa-complain /etc/apparmor.d/$f;
done
To set these profiles to enforce mode, use aa-enforce instead of aa-complain.
Beware though: many of these profiles are not up-to-date and will break
functionality in enforce mode (and possibly even in complain mode);
enforce them only if you're ready to improve them upstream.
Disable AppArmor
First, you can disable individual profiles with aa-disable.
But if you want to entirely disable AppArmor on your system, run:
sudo mkdir -p /etc/default/grub.d
echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' | sudo tee /etc/default/grub.d/apparmor.cfg
sudo update-grub
sudo reboot
Debug AppArmor
The aa-notify command, from the apparmor-notify package, is able to provide a desktop notification whenever a program causes a DENIED message in /var/log/kern.log. Grant yourself read permissions for /var/log/kern.log by joining the adm group:
sudo adduser "$USER" adm
Then aa-notify should automatically start the next time you login (using /etc/xdg/autostart/apparmor-notify.desktop). If it doesn't, start it manually:
aa-notify -p
If you use auditd, you should start aa-notify in this way:
sudo aa-notify -p -f /var/log/audit/audit.log
Diagnose if a bug might have been caused by AppArmor
The apparmor-utils package provides many useful commands to debug AppArmor. Find out if AppArmor is enabled through cat command:
cat /sys/module/apparmor/parameters/enabled
This will return Y if true.
Find out which profiles are enabled
sudo aa-status
The command above will list all loaded AppArmor profiles for applications and processes and detail their status (enforced, complain, unconfined). And,
ps auxZ | grep -v '^unconfined'
will list running executables which are currently confined by an AppArmor profile. Sometimes, it's useful to disable a profile and to test again if the bug persists:
sudo aa-disable /etc/apparmor.d/$profile
e.g. sudo aa-disable /etc/apparmor.d/usr.bin.pidgin.
You can re-enable the profile in this way:
sudo aa-enforce /etc/apparmor.d/$profile
Verify the logs
sudo tail -f /var/log/syslog | grep 'DENIED'
or (if auditd is installed):
sudo tail -f /var/log/auditd/auditd.log | grep 'DENIED'
The "DENIED" lines should provide more information on what concrete process or access to the file system has been denied. Output a list of processes with tcp or udp ports that do not have AppArmor profiles loaded:
sudo aa-unconfined
also possible with the --paranoid parameter.
Profiles in complain mode will send ALLOWED lines in the logs for entries that would normally be DENIED in enforce mode. You can use this to tweak configurations before turning them on in enforce mode.