fedora-isobuilder/kickstarts/security.ks

# Fedora 42 Security/Forensics Toolkit Live ISO

url --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-42&arch=x86_64

lang en_US.UTF-8
keyboard us
timezone UTC --utc

rootpw --plaintext changeme
user --name=analyst --groups=wheel --plaintext --password=analyst

network --bootproto=dhcp --device=link --activate --onboot=yes

bootloader --location=mbr --timeout=5

clearpart --all --initlabel
autopart --type=plain

%packages --excludedocs
@core
kernel
systemd
NetworkManager
nmap
tcpdump
wireshark-cli
openssl
gnupg2
aide
rkhunter
lynis
sleuthkit
testdisk
foremost
vim
tmux
htop
strace
ltrace
gdb
curl
wget
netcat
socat
bind-utils
whois
traceroute
mtr
python3
python3-pip
bash-completion
podman
buildah
cryptsetup
-plymouth*
-abrt*
%end

%post --erroronfail
systemctl enable NetworkManager

# Security hardening
echo "* hard core 0" >> /etc/security/limits.conf

cat > /etc/sysctl.d/99-security.conf << SEOF
kernel.core_pattern=|/bin/false
kernel.dmesg_restrict=1
kernel.randomize_va_space=2
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.default.accept_source_route=0
SEOF

mkdir -p /home/analyst/workspace/{captures,evidence,reports}
chown -R analyst:analyst /home/analyst/workspace

dnf clean all
%end

reboot