Remove duplicates.
This commit is contained in:
parent
a469c7b298
commit
53425ec39c
@ -1,9 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
/bin/bash /usr/local/sbin/verify-boot;
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Bad" > /opt/boot-verify-state;
|
|
||||||
/bin/bash /usr/local/sbin/sign-boot;
|
|
||||||
echo "Good" > /opt/boot-verify-state;
|
|
||||||
else
|
|
||||||
echo "Good" > /opt/boot-verify-state;
|
|
||||||
fi;
|
|
@ -1,6 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
echo "[+] Updating Grub...";
|
|
||||||
/usr/sbin/update-grub;
|
|
||||||
/usr/share/ubuntu-system-adjustments/systemd/start;
|
|
||||||
/usr/local/sbin/sign-boot;
|
|
||||||
echo "[*] Grub Update Complete!";
|
|
12
install-grub
12
install-grub
@ -1,12 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
echo "[+] Installing Grub...";
|
|
||||||
grub-install -v --target=x86_64-efi /dev/sda --efi-directory=/boot/efi --boot-directory=/boot --uefi-secure-boot --pubkey=/root/pubkey --sbat=/root/sbat --disable-shim-lock --modules="acpi afsplitter all_video bitmap bitmap_scale boot btrfs bufio cat chain configfile cpuid crypto cryptodisk datetime disk diskfilter echo efi_gop efinet efi_uga ext2 extcmd fat font fshelp gcry_arcfour gcry_blowfish gcry_camellia gcry_cast5 gcry_crc gcry_des gcry_dsa gcry_idea gcry_md4 gcry_md5 gcry_rfc2268 gcry_rijndael gcry_rmd160 gcry_rsa gcry_seed gcry_serpent gcry_sha1 gcry_sha256 gcry_sha512 gcry_tiger gcry_twofish gcry_whirlpool gettext gfxmenu gfxterm gfxterm_background gzio halt help hfsplus iso9660 jpeg keystatus linux linuxefi loadenv loopback ls luks lvm lzopio mdraid09 mdraid1x mmap mpi net normal ntfs password_pbkdf2 pbkdf2 pgp png probe procfs raid5rec raid6rec regexp relocator search search_fs_file search_fs_uuid search_label sleep smbios squash4 terminal trig video video_bochs video_cirrus video_colors xfs xzio zfs zfscrypt zfsinfo zstd part_gpt tpm";
|
|
||||||
#echo "[+] Patching load.cfg";
|
|
||||||
#echo >> /boot/grub/x86_64-efi/load.cfg;
|
|
||||||
#echo 'trust --skip-sig (hd0,gpt6)/pubkey' >> /boot/grub/x86_64-efi/load.cfg;
|
|
||||||
#echo 'set check_signatures=enforce' >> /boot/grub/x86_64-efi/load.cfg;
|
|
||||||
#echo 'set superusers="root"' >> /boot/grub/x86_64-efi/load.cfg;
|
|
||||||
#echo 'password_pbkdf2 root grub.pbkdf2.sha512.10000.87A1064D2A4493C4235F8BB04C02309873D6ECC872696400690D4C6194A9EE8A0BE005590ACAE2E3C1F416A8E9DBB665EC1F6AE35B4274CE3CD8F4694D17D0DA.18DDB69D7AB16CDC661D9F8D47CFA37A9C6A9FF8E2851C56E0E131A99BC713C348C152D338171809BE7AE2CBDA7DACE06AAD83F6B7ED118430F0C3DD9935B5AF' >> /boot/grub/x86_64-efi/load.cfg;
|
|
||||||
#sudo cp /boot/grub/x86_64-efi/load.cfg /boot/efi/EFI/ubuntu/grub.cfg;
|
|
||||||
grub-update;
|
|
||||||
echo "[*] Grub Install Complete!";
|
|
121
linux-version
121
linux-version
@ -1,121 +0,0 @@
|
|||||||
#!/usr/bin/perl
|
|
||||||
|
|
||||||
# Copyright 2011 Ben Hutchings
|
|
||||||
#
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 2 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program; if not, write to the Free Software
|
|
||||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
||||||
|
|
||||||
use strict;
|
|
||||||
use warnings;
|
|
||||||
|
|
||||||
use DebianLinux qw(version_cmp image_list);
|
|
||||||
|
|
||||||
sub usage {
|
|
||||||
my $fh = shift;
|
|
||||||
print $fh (<< "EOT");
|
|
||||||
Usage: $0 compare VERSION1 OP VERSION2
|
|
||||||
$0 sort [--reverse] [VERSION1 VERSION2 ...]
|
|
||||||
$0 list [--paths]
|
|
||||||
|
|
||||||
The version arguments should be kernel version strings as shown by
|
|
||||||
'uname -r' and used in filenames.
|
|
||||||
|
|
||||||
The valid comparison operators are: lt le eq ge gt
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub usage_error {
|
|
||||||
usage(*STDERR{IO});
|
|
||||||
exit 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub compare_versions {
|
|
||||||
my %op_map = qw(lt < le <= eq == ge >= gt >);
|
|
||||||
|
|
||||||
# Check arguments
|
|
||||||
if (@_ != 3) {
|
|
||||||
usage_error();
|
|
||||||
}
|
|
||||||
my ($left, $op, $right) = @_;
|
|
||||||
if (!exists($op_map{$op})) {
|
|
||||||
usage_error();
|
|
||||||
}
|
|
||||||
|
|
||||||
my $sign = version_cmp($left, $right);
|
|
||||||
exit !eval("$sign ${op_map{$op}} 0");
|
|
||||||
}
|
|
||||||
|
|
||||||
sub sort_versions {
|
|
||||||
# Check for --reverse option
|
|
||||||
my $sign = 1;
|
|
||||||
if (@_ >= 1 and $_[0] eq '--reverse') {
|
|
||||||
$sign = -1;
|
|
||||||
shift;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Collect versions from argv or stdin (with optional suffix after a space)
|
|
||||||
my @versions;
|
|
||||||
if (@_) {
|
|
||||||
@versions = map({[$_, "\n"]} @_);
|
|
||||||
} else {
|
|
||||||
while (<STDIN>) {
|
|
||||||
/^([^ \n]*)(.*\n?)$/ or die;
|
|
||||||
push @versions, [$1, $2];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
for (sort({version_cmp($a->[0], $b->[0]) * $sign} @versions)) {
|
|
||||||
print @$_;
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub list_versions {
|
|
||||||
my $show_paths;
|
|
||||||
|
|
||||||
if (@_ == 1 and $_[0] eq '--paths') {
|
|
||||||
$show_paths = 1;
|
|
||||||
} elsif (@_ != 0) {
|
|
||||||
usage_error();
|
|
||||||
}
|
|
||||||
my $sig = '.sig';
|
|
||||||
for (image_list()) {
|
|
||||||
my ($version, $path) = @$_;
|
|
||||||
unless ($path =~ /\Q$sig\E$/) {
|
|
||||||
if ($show_paths) {
|
|
||||||
print "$version $path\n";
|
|
||||||
} else {
|
|
||||||
print "$version\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (@ARGV == 0) {
|
|
||||||
usage_error();
|
|
||||||
}
|
|
||||||
|
|
||||||
my $command = shift;
|
|
||||||
if ($command eq 'help' or grep({$_ eq '--help'} $command, @ARGV)) {
|
|
||||||
usage(*STDOUT{IO});
|
|
||||||
exit 0;
|
|
||||||
} elsif ($command eq 'compare') {
|
|
||||||
compare_versions(@ARGV);
|
|
||||||
} elsif ($command eq 'sort') {
|
|
||||||
sort_versions(@ARGV);
|
|
||||||
} elsif ($command eq 'list') {
|
|
||||||
list_versions(@ARGV);
|
|
||||||
}
|
|
||||||
usage_error();
|
|
41
sign-boot
41
sign-boot
@ -1,41 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
echo "[*] Preparing to sign!";
|
|
||||||
#touch /dev/shm/sb-passpwd.txt;
|
|
||||||
#chown root:root /dev/shm/sb-passpwd.txt;
|
|
||||||
#chmod u=rw,g=,o= /dev/shm/sb-passpwd.txt;
|
|
||||||
#echo -n "Password: ";
|
|
||||||
#read -s pwd;
|
|
||||||
#echo -n "$pwd" > /dev/shm/sb-passpwd.txt;
|
|
||||||
echo "[-] BMOK Un-Signing...";
|
|
||||||
for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)
|
|
||||||
do
|
|
||||||
echo $i;
|
|
||||||
/usr/bin/sbattach --remove $i;
|
|
||||||
done;
|
|
||||||
echo "[+] BMOK Signing...";
|
|
||||||
for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)
|
|
||||||
do
|
|
||||||
echo $i;
|
|
||||||
/usr/bin/sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i;
|
|
||||||
done;
|
|
||||||
echo "[-] Un-Signing...";
|
|
||||||
#-iname "efi" -prune -o
|
|
||||||
for i in $(/usr/bin/find /boot -iname "*.sig" -type f -print)
|
|
||||||
do
|
|
||||||
rm "$i";
|
|
||||||
done;
|
|
||||||
echo "[+] Signing...";
|
|
||||||
for i in $(/usr/bin/find /boot -iname "efi" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
|
|
||||||
do
|
|
||||||
echo $i;
|
|
||||||
/usr/bin/gpg --batch --detach-sign $i;
|
|
||||||
#gpg -v --batch --detach-sign --passphrase-fd 0 $i < \
|
|
||||||
# /dev/shm/sb-passpwd.txt;
|
|
||||||
done;
|
|
||||||
for i in $(/usr/bin/find /boot/efi -iname "*.cfg" -type f -o -iname "*.efi" -type f -print)
|
|
||||||
do
|
|
||||||
echo $i;
|
|
||||||
/usr/bin/gpg --batch --detach-sign $i;
|
|
||||||
done;
|
|
||||||
#shred /dev/shm/sb-passpwd.txt;
|
|
||||||
echo "[*] Signing Complete!";
|
|
@ -1,3 +0,0 @@
|
|||||||
#! /bin/bash
|
|
||||||
cd /usr/local/mydebs
|
|
||||||
dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
|
|
54
verify-boot
54
verify-boot
@ -1,54 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
echo "[*] Preparing to verify!";
|
|
||||||
echo "[-] Missing Signatures:";
|
|
||||||
ec=0;
|
|
||||||
for i in $(find /boot -iname "efi" -prune -o -iname "*.sig" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
|
|
||||||
do
|
|
||||||
if [ ! -f "$i.sig" ]; then
|
|
||||||
echo "Missing: $i";
|
|
||||||
ec=1;
|
|
||||||
fi
|
|
||||||
done;
|
|
||||||
for i in $(find /boot/efi -iname "*.cfg" -type f -o -iname "*.efi" -type f -print)
|
|
||||||
do
|
|
||||||
if [ ! -f "$i.sig" ]; then
|
|
||||||
echo "Missing: $i";
|
|
||||||
ec=1;
|
|
||||||
fi
|
|
||||||
done;
|
|
||||||
bad='Good';
|
|
||||||
echo "[*] Signed:";
|
|
||||||
for i in $(find /boot -iname "efi" -prune -o -iname "*.sig" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
|
|
||||||
do
|
|
||||||
if [ -f "$i.sig" ]; then
|
|
||||||
if gpg --verify-files "$i.sig" > /dev/null 2>&1
|
|
||||||
then
|
|
||||||
echo "Good: $i";
|
|
||||||
else
|
|
||||||
echo "Bad: $i";
|
|
||||||
bad='Bad';
|
|
||||||
ec=2;
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done;
|
|
||||||
for i in $(find /boot/efi -iname "*.cfg" -type f -o -iname "*.efi" -type f -print)
|
|
||||||
do
|
|
||||||
if [ -f "$i.sig" ]; then
|
|
||||||
if gpg --verify-files "$i.sig" > /dev/null 2>&1
|
|
||||||
then
|
|
||||||
echo "Good: $i";
|
|
||||||
else
|
|
||||||
echo "Bad: $i";
|
|
||||||
bad='Bad';
|
|
||||||
ec=2;
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done;
|
|
||||||
echo "[-] Signature State: $bad";
|
|
||||||
if [ $ec -ne 0 ]; then
|
|
||||||
touch /boot/boot-tainted;
|
|
||||||
elif [ -f /boot/boot-tainted ]; then
|
|
||||||
rm -f /boot/boot-tainted;
|
|
||||||
fi
|
|
||||||
echo "[*] Finished Verification!";
|
|
||||||
exit $ec;
|
|
Loading…
Reference in New Issue
Block a user