mirror of
https://github.com/ItsDrike/dotfiles.git
synced 2024-12-26 13:14:35 +00:00
Add security packages/config
This commit is contained in:
parent
83ed02d18a
commit
7544525472
|
@ -6,24 +6,6 @@ alias mdkir='mkdir'
|
||||||
alias soruce='source'
|
alias soruce='source'
|
||||||
alias souce='source'
|
alias souce='source'
|
||||||
|
|
||||||
# Exa aliases (replacement for ls, if you are using ls, comment or change this
|
|
||||||
alias ls='exa'
|
|
||||||
alias l='exa -glah'
|
|
||||||
alias ll='exa -glah --classify -s=size --group-directories-first -r'
|
|
||||||
alias ld='exa -glahD'
|
|
||||||
alias tree='exa -Tlagh'
|
|
||||||
alias dotfiles='exa -hula -d .[a-z]* | grep -v ^d' # Show all dotfiles
|
|
||||||
alias dotdirs='exa -hulaD -d .[a-z]*' # Show all dotdirs
|
|
||||||
alias dotall='exa -hula -d .[a-z]*' # Show both dotdirs and dotfiles
|
|
||||||
|
|
||||||
# Shortcuts
|
|
||||||
alias rr='rm -r'
|
|
||||||
alias sv='systemctl'
|
|
||||||
|
|
||||||
# Aliases for piping directly (f.e.: history G ssh)
|
|
||||||
alias -g G='| grep'
|
|
||||||
alias -g H='| head'
|
|
||||||
|
|
||||||
# Changing directories
|
# Changing directories
|
||||||
alias ..='cd ..'
|
alias ..='cd ..'
|
||||||
alias ...='cd ../../'
|
alias ...='cd ../../'
|
||||||
|
@ -34,6 +16,14 @@ alias .3='cd ../../../'
|
||||||
alias .4='cd ../../../../'
|
alias .4='cd ../../../../'
|
||||||
alias .5='cd ../../../../../'
|
alias .5='cd ../../../../../'
|
||||||
|
|
||||||
|
# Shortcuts
|
||||||
|
alias rr='rm -r'
|
||||||
|
alias sv='systemctl'
|
||||||
|
|
||||||
|
# Aliases for piping directly (f.e.: history G ssh)
|
||||||
|
alias -g G='| grep'
|
||||||
|
alias -g H='| head'
|
||||||
|
|
||||||
# Python
|
# Python
|
||||||
alias py3='python3'
|
alias py3='python3'
|
||||||
alias py2='python2'
|
alias py2='python2'
|
||||||
|
@ -41,6 +31,16 @@ alias py='ipython'
|
||||||
alias ipy='ipython'
|
alias ipy='ipython'
|
||||||
alias bpy='bpython'
|
alias bpy='bpython'
|
||||||
|
|
||||||
|
# Exa aliases (replacement for ls, if you are using ls, comment or change this
|
||||||
|
alias ls='exa'
|
||||||
|
alias l='exa -glah'
|
||||||
|
alias ll='exa -glah --classify -s=size --group-directories-first -r'
|
||||||
|
alias ld='exa -glahD'
|
||||||
|
alias tree='exa -Tlagh'
|
||||||
|
alias dotfiles='exa -hula -d .[a-z]* | grep -v ^d' # Show all dotfiles
|
||||||
|
alias dotdirs='exa -hulaD -d .[a-z]*' # Show all dotdirs
|
||||||
|
alias dotall='exa -hula -d .[a-z]*' # Show both dotdirs and dotfiles
|
||||||
|
|
||||||
# Config access shortcuts
|
# Config access shortcuts
|
||||||
alias cfzshrc='vim ~/.zshrc'
|
alias cfzshrc='vim ~/.zshrc'
|
||||||
alias cfvim='vim ~/.config/vim/vimrc'
|
alias cfvim='vim ~/.config/vim/vimrc'
|
||||||
|
@ -62,8 +62,14 @@ command -v hd > /dev/null || alias hd="hexdump -C" # Cannonical hex dump; some s
|
||||||
command -v md5sum > /dev/null || alias md5sum="md5" # Fallback from `md5sum` to `md5`
|
command -v md5sum > /dev/null || alias md5sum="md5" # Fallback from `md5sum` to `md5`
|
||||||
command -v sha1sum > /dev/null || alias sha1sum="shasum" # Fallback from `sha1sum` to `shasum`
|
command -v sha1sum > /dev/null || alias sha1sum="shasum" # Fallback from `sha1sum` to `shasum`
|
||||||
|
|
||||||
|
# X11 clipboard (either using xclip or xsel, xsel takes precedence if both)
|
||||||
|
command -v xclip > /dev/null && alias pbcopy='xclip -selection clipboard'
|
||||||
|
command -v xclip > /dev/null && alias pbpaste='xclip -selection clipboard -o'
|
||||||
|
command -v xsel > /dev/null && alias pbcopy='xsel --clipboard --input'
|
||||||
|
command -v xsel > /dev/null && alias pbpaste='xsel --clipboard --output'
|
||||||
|
|
||||||
# Regular expressions
|
# Regular expressions
|
||||||
alias reg_email='echo "[^[:space:]]+@[^[:space:]]+"'
|
alias reg_email='echo "[a-Z0-9._%-]+@[a-Z0-9.-]+\.[a-Z]{2,10}"'
|
||||||
alias reg_mac='echo "([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}"'
|
alias reg_mac='echo "([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}"'
|
||||||
alias reg_ipv4='echo "([0-9]{1,3}\.){3}[0-9]{1,3}"'
|
alias reg_ipv4='echo "([0-9]{1,3}\.){3}[0-9]{1,3}"'
|
||||||
alias reg_ipv6='echo "\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*"' # Also catches loopbacks (::1), (for valid matching, it needs to be this long...)
|
alias reg_ipv6='echo "\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*"' # Also catches loopbacks (::1), (for valid matching, it needs to be this long...)
|
||||||
|
@ -110,7 +116,7 @@ alias psg='ps aux | grep -v grep | grep -i -e VSZ -e' # Get searchable process w
|
||||||
|
|
||||||
# Time info
|
# Time info
|
||||||
alias now='date +"%T"'
|
alias now='date +"%T"'
|
||||||
alias nowtime=now
|
alias nowtime='now'
|
||||||
alias nowdate='date +"%d-%m-%Y"'
|
alias nowdate='date +"%d-%m-%Y"'
|
||||||
alias week='date +%V'
|
alias week='date +%V'
|
||||||
|
|
||||||
|
@ -134,6 +140,8 @@ alias undopush="git push -f origin HEAD^:master"
|
||||||
|
|
||||||
# Other headless aliases
|
# Other headless aliases
|
||||||
alias reload="exec \$SHELL" # Reload the shell (i.e. invoke as a login shell
|
alias reload="exec \$SHELL" # Reload the shell (i.e. invoke as a login shell
|
||||||
|
alias vuln='arch-audit' # Show vulnerable packages that can be upgraded (Arch Linux)
|
||||||
|
alias update-vuln="pacman -Sy \"\$(arch-audit --upgradable --quiet | awk '{sub(/>=.+/, \"\"); print}' | paste -s -d ' ')\"" # Upgrade all vulnerable packages, with released fixes
|
||||||
alias path='echo -e ${PATH//:/\\n}' # Print each PATH entry on a separate line
|
alias path='echo -e ${PATH//:/\\n}' # Print each PATH entry on a separate line
|
||||||
alias fhere='find . -name' # Find file/dir from currrent dir
|
alias fhere='find . -name' # Find file/dir from currrent dir
|
||||||
alias swapout='sudo swapoff -a; sudo swapon -a' # Reset swap (move everything to RAM)
|
alias swapout='sudo swapoff -a; sudo swapon -a' # Reset swap (move everything to RAM)
|
||||||
|
|
|
@ -1,18 +1,28 @@
|
||||||
pacman:
|
pacman:
|
||||||
# Common
|
# Common
|
||||||
- base-devel
|
- base-devel # Necessary for building AUR and yay install
|
||||||
- git
|
- git
|
||||||
- vim
|
- vim
|
||||||
- sudo
|
- sudo
|
||||||
- networkmanager
|
- networkmanager
|
||||||
|
|
||||||
# CLI
|
# CLI
|
||||||
|
- exa # Modern ls replacement
|
||||||
- cron # Scheduling program
|
- cron # Scheduling program
|
||||||
|
- pkgfile # Pacman metadata explorer
|
||||||
|
- xsel # CLI tool for get/set contents of X11 clipboard (alternatively there's xclip)
|
||||||
|
# ZSH + Plugins
|
||||||
- zsh # shell
|
- zsh # shell
|
||||||
- zsh-syntax-highlighting # colored zsh
|
- zsh-syntax-highlighting # colored zsh
|
||||||
- zsh-autosuggestions # Suggestions from previous commands
|
- zsh-autosuggestions # Suggestions from previous commands
|
||||||
- exa # Modern ls replacement
|
# Security
|
||||||
- pkgfile # Pacman metadata explorer
|
- macchanger # Tool for changing MAC address
|
||||||
|
- dnsutils # Tools for managing DNS
|
||||||
|
- arch-audit # Similar to pkg-audit (AUR), based on Arch CVE Monitoring Team data
|
||||||
|
- apparmor # Mandantoy Access Control using Linux Security Module
|
||||||
|
- lynis # Security and System auditing tool
|
||||||
|
- firejail # Sandboxing isolation tool
|
||||||
|
- clamav # Anti-virus toolkit
|
||||||
|
|
||||||
# GUI
|
# GUI
|
||||||
- gedit # Graphical text editor
|
- gedit # Graphical text editor
|
||||||
|
@ -36,13 +46,20 @@ pacman:
|
||||||
|
|
||||||
|
|
||||||
git:
|
git:
|
||||||
- https://aur.archlinux.org/yay-git.git
|
- https://aur.archlinux.org/yay-git.git # Yay tool, for AUR installation
|
||||||
|
|
||||||
aur:
|
aur:
|
||||||
- autojump # Faster way to navigate in CLI
|
# CLI
|
||||||
|
# ZSH Extensions
|
||||||
|
- autojump # Faster way to navigate in CLI (j command)
|
||||||
|
# Security
|
||||||
|
- ngrok # Forward your localhost without ip recovery
|
||||||
|
- pkg-audit # AUdit installed packages against known vulnerabilities, not necessary with arch-audit, but it does provide more detailed info
|
||||||
|
- opensnitch # onitor all network traffic (Installation can be quite slow ~15min)
|
||||||
|
|
||||||
|
# GUI
|
||||||
- spotify # Online music player
|
- spotify # Online music player
|
||||||
- timeshift # Backup utility
|
- timeshift # Backup utility
|
||||||
- onlyoffice-bin # Full office suite (MS Office alternative)
|
- onlyoffice-bin # Full office suite (MS Office alternative)
|
||||||
- ngrok # Forward your localhost
|
|
||||||
- visual-studio-code-bin # Official vVsual Studio Code text editor for programmers
|
- visual-studio-code-bin # Official vVsual Studio Code text editor for programmers
|
||||||
- exodus # Software cryptocurrency wallet
|
- exodus # Software cryptocurrency wallet
|
||||||
|
|
9
root/etc/NetworkManager/conf.d/wifi_rand_mac.conf
Normal file
9
root/etc/NetworkManager/conf.d/wifi_rand_mac.conf
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
[device-mac-randomization]
|
||||||
|
# "yes" is already the default for scanning
|
||||||
|
wifi.scan-rand-mac-address=yes
|
||||||
|
|
||||||
|
[connection-mac-randomization]
|
||||||
|
# Randomize MAC for every ethernet connection
|
||||||
|
ethernet.cloned-mac-address=random
|
||||||
|
# Generate a random MAC for each WiFi and associate the two permanently.
|
||||||
|
wifi.cloned-mac-address=stable
|
11
root/etc/resolv.conf
Normal file
11
root/etc/resolv.conf
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# DNS configuration, NetworkManager tends to override this
|
||||||
|
# but setting immutable flag to this file fixes that.
|
||||||
|
# This can be done by running chattr +i /etc/resolv.conf
|
||||||
|
|
||||||
|
# You should add this manually, with the immutable flag,
|
||||||
|
# Using it from the script will let NetworkManager override
|
||||||
|
# these back to the local DNS resolv, rendering this irrelevant
|
||||||
|
nameserver 1.1.1.1
|
||||||
|
nameserver 1.0.0.1
|
||||||
|
nameserver 192.168.0.1
|
||||||
|
|
Loading…
Reference in a new issue