Make git repo

kickstarts/security.ks

@@ -0,0 +1,84 @@
+# Fedora 42 Security/Forensics Toolkit Live ISO
+
+url --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-42&arch=x86_64
+
+lang en_US.UTF-8
+keyboard us
+timezone UTC --utc
+
+rootpw --plaintext changeme
+user --name=analyst --groups=wheel --plaintext --password=analyst
+
+network --bootproto=dhcp --device=link --activate --onboot=yes
+
+bootloader --location=mbr --timeout=5
+
+clearpart --all --initlabel
+autopart --type=plain
+
+%packages --excludedocs
+@core
+kernel
+systemd
+NetworkManager
+nmap
+tcpdump
+wireshark-cli
+openssl
+gnupg2
+aide
+rkhunter
+lynis
+sleuthkit
+testdisk
+foremost
+vim
+tmux
+htop
+strace
+ltrace
+gdb
+curl
+wget
+netcat
+socat
+bind-utils
+whois
+traceroute
+mtr
+python3
+python3-pip
+bash-completion
+podman
+buildah
+cryptsetup
+-plymouth*
+-abrt*
+%end
+
+%post --erroronfail
+systemctl enable NetworkManager
+
+# Security hardening
+echo "* hard core 0" >> /etc/security/limits.conf
+
+cat > /etc/sysctl.d/99-security.conf << SEOF
+kernel.core_pattern=|/bin/false
+kernel.dmesg_restrict=1
+kernel.randomize_va_space=2
+net.ipv4.conf.all.rp_filter=1
+net.ipv4.conf.default.rp_filter=1
+net.ipv4.icmp_echo_ignore_broadcasts=1
+net.ipv4.conf.all.accept_source_route=0
+net.ipv4.conf.default.accept_source_route=0
+net.ipv6.conf.all.accept_source_route=0
+net.ipv6.conf.default.accept_source_route=0
+SEOF
+
+mkdir -p /home/analyst/workspace/{captures,evidence,reports}
+chown -R analyst:analyst /home/analyst/workspace
+
+dnf clean all
+%end
+
+reboot