This is a write down for the archcore infosec iso

goals:

  • setup archiso as archcore
  • all what is need for a good infosec distro

package installation

## install archiso
> pacman -S archiso

prepare configuration

## edit /etc/fstab to enlarge tempfs for 8G
tmpfs   /tmp         tmpfs   rw,nodev,nosuid,size=8G          0  0

## clone releng profile
> cp -r /usr/share/archiso/configs/releng/ archlive

## change directory
> cd archlive

enable services

## create multi-user-target
> mkdir -p archlive/airootfs/etc/systemd/system/multi-user.target.wants

## link the wanted services
# > ssh
> ln -s /usr/lib/systemd/system/sshd.service \
		archlive/airootfs/etc/systemd/system/multi-user.target.wants/
# > haveged
> ln -s /usr/lib/systemd/system/haveged.service \
		archlive/airootfs/etc/systemd/system/multi-user.target.wants/

enable multilib

## edit archlive/pacman.conf
[multilib]
Include = /etc/pacman.d/mirrorlist

[customrepo]
SigLevel = Optional TrustAll
Server = file:///home/<user>/tmp/customrepo ## change user

adding files to image

## ssh key
> cat ~/.ssh/id_ed25519.pub >> \
		archlive/airootfs/root/.ssh/authorized_keys

## dotfiles
> git clone https://git.x33u.org/golenz/dotfiles \
		archlive/airootfs/root

setup file permissions

## archlive/profiledef.sh
...
file_permissions=(
  ...
  ## == root ssh key
  ["/root"]="0:0:0750"
  ["/root/.ssh"]="0:0:0700"
  ["/root/.ssh/authorized_keys"]="0:0:0600"
)

prevent the creation of an fallback initramfs image

## linux kernel
## edit archlive/airootfs/etc/mkinitcpio.d/linux.preset
PRESETS=('archiso')
ALL_kver='/boot/vmlinuz-linux'
ALL_config='/etc/mkinitcpio.conf'
archiso_image="/boot/initramfs-linux.img"

## linux-hardened kernel
## edit archlive/airootfs/etc/mkinitcpio.d/linux-hardened.preset
PRESETS=('archiso')
ALL_kver='/boot/vmlinuz-linux-hardened'
ALL_config='/etc/mkinitcpio.conf'
archiso_image="/boot/initramfs-linux.img-hardened"

ground settings

## edit archlive/airootfs/etc/vconsole
KEYMAP=de-latin1

## edit archlive/airootfs/etc/hostname
archcore-infosec

## edit archlive/airootfs/etc/mkinitcpio.conf
MODULES=(ext4 i915 intel_agp)

## edit archlive/airootfs/etc/locale.conf
LANG=en_US.UTF-8

## edit archlive/syslinux/archiso_head.cfg
MENU TITLE Archcore Infosec

autologin as root

## edit airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux

AUR packages

> mkdir -p ~/tmp/AUR
> cd ~/tmp/AUR
> git clone https://aur.archlinux.org/termshark.git \
	&& git clone https://aur.archlinux.org/adwaita-qt.git \
	&& git clone https://aur.archlinux.org/pjsua.git \
	&& git clone https://aur.archlinux.org/protonvpn-cli-ng.git \
	&& git clone https://aur.archlinux.org/rustscan.git \
	&& git clone https://aur.archlinux.org/smtp-user-enum.git \
	&& git clone https://aur.archlinux.org/netdiscover.git \
	&& git clone https://aur.archlinux.org/gobuster.git \
	&& git clone https://aur.archlinux.org/wpscan.git \
	&& git clone https://aur.archlinux.org/dirb.git \
	&& git clone https://aur.archlinux.org/whatweb.git \
	&& git clone https://aur.archlinux.org/smbmap.git \
	&& git clone https://aur.archlinux.org/wfuzz.git \
	&& git clone https://aur.archlinux.org/enum4linux.git \
	&& git clone https://aur.archlinux.org/dirbuster.git

> cd adwaita-qt && makepkg \
	&& cd ../pjsua && makepkg \
	&& cd ../protonvpn-cli-ng && makepkg \
	&& cd ../termshark && makepkg \
	&& cd ../rustscan && makepkg \
	&& cd ../smtp-user-enum && makepkg \
	&& cd ../netdiscover && makepkg
	&& cd ../gobuster && makepkg \
	&& cd ../wpscan && makepkg \
	&& cd ../dirb && makepkg	&& cd ../pjsua && makepkg \
	&& cd ../whatweb && makepkg \
	&& cd ../smbmap && makepkg	&& cd ../pjsua && makepkg \
	&& cd ../wfuzz && makepkg \
	&& cd ../enum4linux && makepkg \
	&& cd ../dirbuster && makepkg

> mkdir -p ~/tmp/customrepo
> repo-add ~/tmp/customrepo/customrepo.db.tar.gz \
	~/tmp/AUR/*/*.pkg.tar.zst

## == archcore 
linux
linux-hardened
base-devel
haveged
tmux
zsh
mc
rsync
sudo
git
openssh
zsh-syntax-highlighting
pulseaudio-bluetooth
pulseaudio
pavucontrol
flatpak
file-roller
zip
unzip
ccid
opensc
pcsc-tools
nfs-utils
gvfs
gvfs-mtp
netctl
dialog
wpa_supplicant
hugo
bluez-utils
virt-viewer
ansible
restic
tcpdump
reflector
geany
dnsutils
nmap
httrack
intel-media-driver
tree
cadaver
android-tools
remmina
freerdp
traceroute
docker
docker-compose
dnsmasq
pv
gparted
asciinema
bleachbit
usbutils
p7zip
ntfs-3g
xorg 
xorg-server 
xorg-xinit
xf86-video-intel
xfce4 
xfce4-goodies
xsecurelock 
xss-lock
spice-vdagent
xf86-video-qxl
zaproxy
neovim
vim
sqlmap
sslscan
socat
smbclient
python-pip
postgresql
openvpn
nmap
nikto
metasploit
hydra
exploitdb
curl