Jyothi Cameron

Current B.S. Cybersecurity Major

Automated driver installation (v2.0)

12-30-2021

My theory from the previous post put into action. The system didn't like simply echoing into the file, but the tee command worked just fine! What's better is this program does away with the verbose file paths that were in the previous "first script". This project was very illuminating. From a cybersecurity standpoint, I was able to create software that could inject a payload into the system files and set it to automatically execute without any user interaction apart from the prompt to switch to superuser. This could be bypassed by editing the "/etc/sudoers" file, but personally I know the security consequences of that are dire. That said, If I were the one trying to compromise a system I suppose it might be in my best interest as it would allow me the unhindered ability to execute any command.


#!/bin/bash

echo "*******************MOVING SETUP FILE*******************"
#file to inject
fileContents="#!/bin/bash

echo '*******************INSTALLING GIT*******************'
sudo apt-get install git 

echo '*******************INSTALLING DKMS*******************'
sudo apt-get install dkms

echo '*******************CLONING REALTEK DRIVER*******************'
cd ~/Documents
git clone https://github.com/aircrack-ng/rtl8812au
cd rtl8812au/

echo '*******************DRIVER INSTALL*******************'
make
sudo make install

echo '*******************DIAGNOSTIC*******************'
lsusb
iwconfig"

#create the file and inject it into the appropriate location
echo "$fileContents" | sudo tee custom-drivers.sh >/dev/null
sudo mv custom-drivers.sh /usr/local/bin/custom-drivers.sh

#set permissions
sudo chmod 755 /usr/local/bin/custom-drivers.sh

#confirm
#ls -l /usr/local/bin | grep 'custom-drivers'
#cat /usr/local/bin/custom-drivers.sh

echo "*******************SETTING CRONTAB*******************"
(crontab -l 2>/dev/null; echo -e "@reboot /usr/local/bin/custom-drivers.sh") | sudo crontab -u kali -
crontab -l | grep 'custom-drivers.sh'

echo "*******************APT UPDATE*******************"
sudo apt update 

echo "*******************UPDATING KALI*******************"
sudo apt upgrade -y
sudo apt dist-upgrde -y
sudo reboot now

Automating Driver Installation/Update

12-27-2021

I recently got an ALFA 5GHz WiFi dongle with an RTL8812AU/21AU chipset. The base drivers are currently unsupported in Linux, so I had to download them manually from aircrack-ng hosted github pages here and here. At time of writing, either suffice but both require the installation of DKMS. I thought it best to use this opportunity to try and automate this process, so I developed two scripts to do so.

The first is below. It copies the second script into /usr/local/bin and sets the appropriate permissions so it can be run from command line. This is a pivotal step. The scipt then confirms that the second script was successfully copied. Afterwards, a cron job is created to automatically run the second script on reboot, because the remainder of this first script updates both the Advanced Package Tool and the OS (assuming Kali Linux). To cement these updates, a reboot is necessary.


#!/bin/bash

echo "*******************MOVING SETUP FILE*******************"
#you can rename "secondscript.sh" to anything yuou like, just be consistent.

sudo cp /path/to/secondscript.sh /usr/local/bin/secondscript.sh
sudo chmod 755 /usr/local/bin/secondscript.sh

ls -l /usr/local/bin | grep 'secondscript.sh'

echo "*******************SETTING CRONTAB*******************"
#below, "kali" is the user. you can change the user to whomever, or set as root.

(crontab -l 2>/dev/null; echo -e "@reboot /usr/local/bin/secondscript.sh") | sudo crontab -u kali -
crontab -l | grep 'secondscript.sh'

echo "*******************APT UPDATE*******************"
sudo apt update 

echo "*******************UPDATING KALI*******************"
sudo apt upgrade -y
sudo apt dist-upgrde -y
sudo reboot now

Next is the second script. Assuming the first was successful in copying it to /usr/local/bin before setting the cron job and updating, This script will run automatically to download and install git and DKMS, clone the driver repository into ~/Documents, and install the updated driver software before outputting the contents of the USB port connections and iwconfig to confirm the system can now recognize the adapter. At this point additional commands can be used to remove the cron job; or it can be kept to ensure the driver always stays updated on every reboot.

In that same vein, the script can be appended to include many more program or driver updates as needed which I think can be very useful in the long run, especially if one is moving to a "fresh" system and needs to update a host of custom drivers and software but can't remember the intricacies. In fact, I believe I could embed this second script as an echo " " >> /usr/local/bin/secondfile.sh statement within the first script, which will create and modify the second script and still set up the cron job successfully while consolidating the entire tool into one file. 


#!/bin/bash

echo "*******************INSTALLING GIT*******************"
sudo apt-get install git 

echo "*******************INSTALLING DKMS*******************"
sudo apt-get install dkms

echo "*******************CLONING REALTEK DRIVER*******************"
cd ~/Documents
git clone https://github.com/aircrack-ng/rtl8812au		#you can use either repository linked above

echo "*******************DRIVER INSTALL*******************"
cd rtl8812au/
make
sudo make install

echo "*******************DIAGNOSTIC*******************"
lsusb
iwconfig

Backing up a file system

6-xx-2021

This helps to back up relevant files. alter the /dir*/ entries to your liking.


#! /bin/bash

Date=$(date +%b%d)
Date2=$(date +%b-%d-%H-%M-%S)
YEDATE=$(date +%Y)
DIR="backups"
DIR2="Snapshots"
Path="$DIR/$YEDATE"
snapshot_location="/$DIR/$DIR2"

#switch to superuser
(( EUID != 0 )) && exec sudo -- "$0" "$@"
#we want to store "backup" in "/" directory
cd /

if [ ! -d $DIR ] #if "/backup doesnt exist
then
	echo Creating Directory "$DIR"
	mkdir -p $DIR/{$DIR2,$YEDATE}	#create parent "backup" with children "Snapshots" and "Year"

	if [ $Path ]; then
		echo "/$DIR" directory created+. Backing up.
		tar --warning='no-file-ignored' -czpvf $Path/Backup-$Date.tar.gz -V "Backup of system on $Date."\
			-g $snapshot_location/backup$Date.snap /dir1/ /dir2/ /dir3/ /dir4/
		if [ "$Path/Backup-$Date.*" ]; then
			echo "backup successful. (exit1)"
			ls -lR $DIR
		else echo "backup failed. (exit1)"
		fi
	fi
else
	echo $DIR exists. Backing up.
	if [ ! $Path ]; then 		#if no bakup directory for that year...
		mkdir -p $Path		#make it
	fi


	if [ ! "$Path/Backup-$Date.*" ]; then	#if no original backup for today...
		#create one
		tar --warning='no-file-ignored' -czpvf $Path/Backup-$Date.tar.gz -V "Backup of system on $Date."\
			-g $snapshot_location/backup$Date.snap /dir1/ /dir2/ /dir3/ /dir4/
		
	else #create incremental	
		tar --warning='no-file-ignored' -czpvf $Path/Backup-$Date2.tar.gz -V "Backup of system on $Date."\
			-g $snapshot_location/backup$Date.snap /dir1/ /dir2/ /dir3/ /dir4/
	fi

	if [ ! "$Path/Backup-$Date.*" ] || [ ! "$Path/Backup-$Date2.*" ];then
		echo "backup failed. (exit2)"
	else echo "backup successful. (exit2)"
	ls -lR $DIR
	fi
fi

NFS Setup

6-xx-2021

Filesystems are essential for connectivity. Here there are two sets of code: The first is for setting up the sever.


#! /bin/bash

#manually sets /etc/exports file

(( EUID != 0 )) && exec sudo -- "$0" "$@"

rcnfsserver start

echo client ip: 
read cip
echo export domain path: 
read edp

# -p flag will prompt
read -p "rw? " rwinput
	case $rwinput in
		[Yy]*) rwinput="rw";;
       		[Nn]*) rwinput="ro";;
		*) rwinput="ro";;			#echo "Please answer yes or no.";;
	esac

read -p "root squash?" rsinput
	case $rsinput in
		[Yy]*) rsinput="root_squash";;
       		[Nn]*) rsinput="no_root_squash";;
		*) rsinput="root_squash";;		#echo "Please answer yes or no.";;
	esac

read -p "sync? " syinput
	case $syinput in
		[Yy]*) syinput="sync";;
       		[Nn]*) syinput="async";;
		*) syinput="async";;		#echo "Please answer yes or no.";;
	esac

read -p "subtree check? " stcinput
	case $stcinput in
		[Yy]*) stcinput="subtree_check";;
       		[Nn]*) stcinput="no_subtree_check";;
		*) stcinput="no_subtree_check";;		#echo "Please answer yes or no.";;
	esac

#tee automatically overwrites, -a will append, and >/dev/null will negate an output to terminal
#this will append to exports file. does not scan file for "updating". this functionality to be added later.

echo "$edp	$cip($rwinput,$rsinput,$syinput,$stcinput)" | sudo tee -a /etc/exports >/dev/null


#open port 2049 for nfs
#preferably check to see if firewalld is installed. If not, install it.
zypper install firewalld

#enable firewalld automatic starting with server
systemctl enable firewalld

#start firewalld
systemctl start firewalld

#open nfs port 2049, and reload to start it immediately
echo adding nfs to firewall
firewall-cmd --permanent --zone=public --add-service=nfs
echo adding rpc-bind to firewall
firewall-cmd --permanent --zone=public --add-service=rpc-bind
firewall-cmd --reload

#stop firewall
#systemctl stop firewalld

#restart nfs
rcnfsserver restart

This is the second script, for setting up the client.


#! /bin/bash

(( EUID != 0 )) && exec sudo -- "$0" "$@"

#start client service
rcnfs start

read -p "host ip: " hipinput
read -p "host name: " hninput
read -p "import directory: " dirinput

read -p "mount to /mnt?(y/n): " moinput
	case $moinput in
		[Yy]*) moinput="/mnt";;
		[Nn]*) read -p "mount directory: " moinput;;
		*) moinput="/mnt"
	esac

#appends to /etc/hosts
echo "$hipinput	$hninput" | sudo tee -a /etc/hosts >/dev/null

#appends to /etc/fstab
echo "$hninput:$dirinput	$moinput	nfs	defaults	0  0" | sudo tee -a /etc/fstab >/dev/null

#make sure firewall is present
zypper install firewalld

#enable firewalld automatic starting
systemctl enable firewalld

#start firewalld
systemctl start firewalld

#open ports, and reload to start it immediately
echo adding nfs to firewall
firewall-cmd --permanent --zone=public --add-service=nfs
echo adding rpc-bind to firewall
firewall-cmd --permanent --zone=public --add-service=rpc-bind
echo adding mountd to firewall
firewall-cmd --permanent --zone=public --add-service=mountd
firewall-cmd --reload

#stop firewalld
#systemctl stop firewalld

#start rcrpcbind
rcrpcbind start

#restart rcnfs
rcnfs restart

#mount
mount $hninput:$dirinput $moinput