Sunday, 6 August 2017

Respinning security distros and upgrading packages

A while back I dropped Debian and Debian based ISO support from my 'isorespin.sh' script as the release of Debian 9 Stretch uses a v4.9 kernel rather than a v3.16 kernel meaning that the kernel cannot be upgraded with Canonical's HDMI and RTL8723BS DKMS support. I also dropped their support because I do not agree with using a kernel compiled for one distro's userland with a different distro's userland as for example in using an Ubuntu kernel to boot a Fedora ISO.

This meant no more respinning Kali ISOs but since I'm again receiving requests for its support it got me thinking about what Ubuntu-based security distros existed. So following some research I've added support for BackBox Linux a 'penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit'.


Respinning is simple using my latest version of 'isorespin.sh':

Script '/usr/local/bin/isorespin.sh' called with '-i backbox-5-amd64.iso --atom --update' ...
Work directory 'isorespin' used ...
ISO '/home/linuxium/backbox-5-amd64.iso' respun ...
Bootloader 'GRUB' added ...
Kernel updated with mainline kernel version '4.13.0-041300rc3-generic' ...
Local package '/home/linuxium/isorespin/rtl8723bs_4.12.0_amd64.deb' added ...
File '/home/linuxium/isorespin/linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/linuxium-install-broadcom-drivers.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-broadcom-drivers.sh' added ...
Command run ...
# wrapper-linuxium-install-UCM-files.sh
./linuxium-install-UCM-files.sh: Extracting UCM files ...
./linuxium-install-UCM-files.sh: Installing UCM files ...
./linuxium-install-UCM-files.sh: Reloading UCM driver ...
./linuxium-install-UCM-files.sh: Installation of UCM finished 
# wrapper-linuxium-install-broadcom-drivers.sh
./linuxium-install-broadcom-drivers.sh: Extracting Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Reloading Broadcom driver ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom bluetooth service ...
Created symlink /etc/systemd/system/multi-user.target.wants/brcmbt.service, pointing to /lib/systemd/system/brcmbt.service.
./linuxium-install-broadcom-drivers.sh: Starting Broadcom bluetooth service ...
Running in chroot, ignoring request.
./linuxium-install-broadcom-drivers.sh: Installation of Broadcom finished 
Respun ISO created as 'linuxium-v4.13-rc3-backbox-5-amd64.iso'.

I've also had another look at Kali as whilst their official ISOs use a Debian kernel they also offer Kali Metapackages which 'give you the flexibility to install specific subsets of tools based on your particular needs'. Following the documented instructions I looked at how I could update my script to allow the addition of these metapackages when respinning. As a result I've added a new option '--key' to add GPG keys to the APT keyring allowing packages to be downloaded from signed repositories. It is now possible to respin an Ubuntu ISO adding the packages:


There are some restrictions/limitations. Unity isn't supported and I've found adding a GPG key to a 17.04 or 17.10 release fails. Additionally adding the 'kali-linux-full' package results in dependency issues. However it is possible to respin the recently released Ubuntu GNOME 16.04.3 and add 'kali-linux' and 'kali-linux-top10':

Script '/usr/local/bin/isorespin.sh' called with '-i ubuntu-gnome-16.04.3-desktop-amd64.iso --atom -u --key adv --keyserver keyserver.ubuntu.com --recv-keys ED444FF07D8D0BF6 --repository deb http://http.kali.org/kali kali-rolling main contrib non-free -p kali-linux -p kali-linux-top10' ...
Work directory 'isorespin' used ...
ISO '/home/linuxium/ubuntu-gnome-16.04.3-desktop-amd64.iso' respun ...
Bootloader 'GRUB' added ...
Kernel updated with mainline kernel version '4.13.0-041300rc3-generic' ...
Key 'adv --keyserver keyserver.ubuntu.com --recv-keys ED444FF07D8D0BF6' added ...
Repository 'deb http://http.kali.org/kali kali-rolling main contrib non-free' added ...
Package 'kali-linux' added ...
Package 'kali-linux-top10' added ...
Local package '/home/linuxium/isorespin/rtl8723bs_4.12.0_amd64.deb' added ...
File '/home/linuxium/isorespin/linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/linuxium-install-broadcom-drivers.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-broadcom-drivers.sh' added ...
Command run ...
# wrapper-linuxium-install-UCM-files.sh
./linuxium-install-UCM-files.sh: Extracting UCM files ...
./linuxium-install-UCM-files.sh: Installing UCM files ...
./linuxium-install-UCM-files.sh: Reloading UCM driver ...
./linuxium-install-UCM-files.sh: Installation of UCM finished 
# wrapper-linuxium-install-broadcom-drivers.sh
./linuxium-install-broadcom-drivers.sh: Extracting Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Reloading Broadcom driver ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom bluetooth service ...
Created symlink /etc/systemd/system/multi-user.target.wants/brcmbt.service, pointing to /lib/systemd/system/brcmbt.service.
./linuxium-install-broadcom-drivers.sh: Starting Broadcom bluetooth service ...
Running in chroot, ignoring request.
./linuxium-install-broadcom-drivers.sh: Installation of Broadcom finished 
Respun ISO created as 'linuxium-v4.13-rc3-ubuntu-gnome-16.04.3-desktop-amd64.iso'.

Lubuntu is also supported:


and by adding 'kali-desktop-lxde' additional LXDE packages are included (note 'Other'):


Script '/usr/local/bin/isorespin.sh' called with '-i lubuntu-16.04.3-desktop-amd64.iso --atom -u --key adv --keyserver keyserver.ubuntu.com --recv-keys ED444FF07D8D0BF6 --repository deb http://http.kali.org/kali kali-rolling main contrib non-free -p kali-linux -p kali-desktop-lxde -p kali-linux-top10' ...
Work directory 'isorespin' used ...
ISO '/home/linuxium/lubuntu-16.04.3-desktop-amd64.iso' respun ...
Bootloader 'GRUB' added ...
Kernel updated with mainline kernel version '4.13.0-041300rc3-generic' ...
Key 'adv --keyserver keyserver.ubuntu.com --recv-keys ED444FF07D8D0BF6' added ...
Repository 'deb http://http.kali.org/kali kali-rolling main contrib non-free' added ...
Package 'kali-linux' added ...
Package 'kali-desktop-lxde' added ...
Package 'kali-linux-top10' added ...
Local package '/home/linuxium/isorespin/rtl8723bs_4.12.0_amd64.deb' added ...
File '/home/linuxium/isorespin/linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/linuxium-install-broadcom-drivers.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-broadcom-drivers.sh' added ...
Command run ...
# wrapper-linuxium-install-UCM-files.sh
./linuxium-install-UCM-files.sh: Extracting UCM files ...
./linuxium-install-UCM-files.sh: Installing UCM files ...
./linuxium-install-UCM-files.sh: Reloading UCM driver ...
./linuxium-install-UCM-files.sh: Installation of UCM finished 
# wrapper-linuxium-install-broadcom-drivers.sh
./linuxium-install-broadcom-drivers.sh: Extracting Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Reloading Broadcom driver ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom bluetooth service ...
Created symlink /etc/systemd/system/multi-user.target.wants/brcmbt.service, pointing to /lib/systemd/system/brcmbt.service.
./linuxium-install-broadcom-drivers.sh: Starting Broadcom bluetooth service ...
Running in chroot, ignoring request.
./linuxium-install-broadcom-drivers.sh: Installation of Broadcom finished 
Respun ISO created as 'linuxium-v4.13-rc3-lubuntu-16.04.3-desktop-amd64.iso'.

Finally I've added another option '--upgrade' which simply performs an 'apt-get upgrade' on the ISO's packages. So for example having downloaded an Artful daily ISO, I can respin it with the latest packages:


Script '/usr/local/bin/isorespin.sh' called with '-i 030817-artful-desktop-amd64.iso --upgrade --rolling-unstable --atom -s 200MB' ...
Work directory 'isorespin' used ...
ISO '/home/linuxium/030817-artful-desktop-amd64.iso' respun ...
Kernel boot parameters 'persistent' added ...
Bootmanager 'rEFInd' added ...
Distro upgraded ...
Package 'linux-headers-4.12.0-9 linux-headers-4.12.0-9-generic linux-image-4.12.0-9-generic linux-image-extra-4.12.0-9-generic' added ...
Local package '/home/linuxium/isorespin/rtl8723bt_4.12.0_amd64.deb' added ...
File '/home/linuxium/isorespin/linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/linuxium-install-broadcom-drivers.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-broadcom-drivers.sh' added ...
Command run ...
# wrapper-linuxium-install-UCM-files.sh
./linuxium-install-UCM-files.sh: Extracting UCM files ...
./linuxium-install-UCM-files.sh: Installing UCM files ...
./linuxium-install-UCM-files.sh: Reloading UCM driver ...
./linuxium-install-UCM-files.sh: Installation of UCM finished 
# wrapper-linuxium-install-broadcom-drivers.sh
./linuxium-install-broadcom-drivers.sh: Extracting Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Reloading Broadcom driver ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom bluetooth service ...
Created symlink /etc/systemd/system/multi-user.target.wants/brcmbt.service -> /lib/systemd/system/brcmbt.service.
./linuxium-install-broadcom-drivers.sh: Starting Broadcom bluetooth service ...
Running in chroot, ignoring request.
./linuxium-install-broadcom-drivers.sh: Installation of Broadcom finished 
Persistence partition of '200MB' added ...
Respun ISO created as 'linuxium-persistence-030817-artful-desktop-amd64.iso'.

The new flags are only available from a CLI invocation:


and the upgraded script can be downloaded from 'isorespin.sh'.

Please donate if you find the script useful using the following link http://goo.gl/nXWSGf.