#!/bin/bash
# vim: set tabstop=2 shiftwidth=2 expandtab :
#See docs at docs/dev-related/getting_started-dev.txt for directions of how to use this.
#Add menu categories
#sudo mkdir -p /etc/xdg/menus/applications-merged
#sudo cp /home/dojo/dojobuild/menu/*.merge.menu /etc/xdg/menus/applications-merged/
xdg-desktop-menu install --novendor ~/dojobuild/menu/tools.directory $(grep -l =tools -r ~/dojobuild/ --include *.desktop)
xdg-desktop-menu install --novendor ~/dojobuild/menu/targets.directory $(grep -l =targets -r ~/dojobuild/ --include *.desktop)
xdg-desktop-menu install --novendor ~/dojobuild/menu/docs.directory $(grep -l =docs -r ~/dojobuild/ --include *.desktop)
#Add host names for targets
sudo bash -c 'cat ~/dojobuild/targets/hosts >> /etc/hosts'
#Setup terminal preferences
mkdir -p ~/.config/xfce4/terminal/
cp ~/dojobuild/configs/terminalrc ~/.config/xfce4/terminal/
#Detect 64 or 32 bit linux
arch=`uname -m`
#Subversion for tool installation
sudo apt-get -qy install subversion
#RVM for Ruby
sudo apt-get -qy install build-essential bison openssl libreadline7 libreadline-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev libyaml-0-2
curl -sSL https://get.rvm.io | bash
source "$HOME/.rvm/scripts/rvm"
#question shouldn't this be `source /home/dojo/.rvm/scripts/rvm`
rvm install 2.4.1
sudo echo "Just keeping the sudo session alive"
rvm install 1.8
rvm 2.4.1 --default
echo "rvm_silence_path_mismatch_check_flag=1" >> ~/.rvmrc
#Install lastest stable Nodejs
sudo apt-get install -y curl
cd ~
curl -sL https://deb.nodesource.com/setup_8.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo apt-get install -y nodejs
rm -rf nodesource_setup.sh
#openJDK install for when Burp is more fully tested
sudo apt-get -qy install openjdk-8-jdk
echo "export JAVA_HOME=/usr/lib/jvm/java-8-openjdk" >> ~/.profile
#Remove the dev packages necessary for the openJDK build
sudo apt-get -qy purge libpthread-stubs0-dev libsm-dev libx11-dev libxau-dev libxcb1-dev libxdmcp-dev libxt-dev x11proto-core-dev x11proto-input-dev x11proto-kb-dev xtrans-dev
#Apache install
sudo apt-get -qy install apache2
#patch apache conf to allow overrides in .htaccess
cd /etc/apache2/sites-available
sudo sh -c "cat /home/dojo/dojobuild/targets/apache_conf.diff | patch"
#PHP install
sudo apt-get -qy install php libapache2-mod-php
#Patch PHP to allow RFI, as the .htaccess directives don't seem to work anymore
sudo cp /etc/php/7.2/apache2/php.ini /etc/php/7.2/apache2/php-old.ini
sudo bash -c "sed 's/allow_url_include = Off/allow_url_include = On/' /etc/php/7.2/apache2/php-old.ini > /etc/php/7.2/apache2/php.ini"
#For mysql
sudo sh -c "echo mysql-server-5.7 mysql-server/root_password password dojo | debconf-set-selections"
sudo sh -c "echo mysql-server-5.7 mysql-server/root_password_again password dojo | debconf-set-selections"
sudo apt-get -qy install mysql-server mysql-client php-mysql
#For maven target dir
cd ~/
mkdir -p ~/targets/bin
#wavsep
wavsep_version=1.5
cd ~/
sudo apt-get -qy install tomcat8
#for db
sudo mkdir /var/lib/tomcat8/db
sudo chown tomcat8:tomcat8 /var/lib/tomcat8/db/
#wget -nv http://netassist.dl.sourceforge.net/project/wavsep/WAVSEP-v$wavsep_version/wavsep.war
wget -nv http://cytranet.dl.sourceforge.net/project/wavsep/WAVSEP-v$wavsep_version/wavsep.war
sudo mv wavsep.war /var/lib/tomcat8/webapps
sudo systemctl restart tomcat8
curl 'http://localhost:8080/wavsep/wavsep-install/install.jsp?username=root&password=dojo&host=localhost&port=3306' -o /dev/null
#webgoat
cd ~/
mkdir targets/WebGoat7.1
cd targets/WebGoat7.1
wget -nv https://github.com/WebGoat/WebGoat/releases/download/7.1/webgoat-container-7.1-exec.jar
cp ~/dojobuild/targets/webgoat-NG/*.sh ~/targets/bin/
#Hacme Casino
sudo apt-get -qy install build-essential libsqlite3-dev
rvm use 1.8
gem update --system 1.8.25
gem uninstall rubygems-update --version '> 1.8.25'
gem install rails -v 1.1.2
gem install sqlite3 mongrel
cd ~/
wget -nv https://downloads.sourceforge.net/project/websecuritydojo/Build_Files/HacmeCasino.tar.xz
cd ~/targets/
tar -xaf ~/HacmeCasino.tar.xz
rm ~/HacmeCasino.tar.xz
cp ~/dojobuild/targets/hacme_casino/*.sh ~/targets/bin/
ln -s ~/targets/HacmeCasino/install/userguide/HacmeCasino_UserGuide.pdf ~/Documents/HacmeCasino_UserGuide.pdf
#InsecureWebApp
iwa_version="20051027"
cd ~/
wget -nv http://downloads.sourceforge.net/project/insecurewebapp/insecurewebapp-1.0-builds/insecurewebapp/insecure-$iwa_version.zip
unzip -q insecure-$iwa_version.zip
sudo cp insecure/insecure.war /var/lib/tomcat8/webapps/
sudo chown tomcat8:tomcat8 /var/lib/tomcat8/webapps/insecure.war
rm -rf insecure/
rm -rf insecure-$iwa_version.zip
#DVWA
#dvwa_version="1.0.8"
dvwa_version="master"
sudo apt-get -qy install php-gd
cd ~/
wget -nv https://github.com/MavenSecurityConsulting/DVWA/archive/$dvwa_version.zip
mv $dvwa_version.zip DVWA-$dvwa_version.zip
unzip -q ~/DVWA-$dvwa_version.zip
mv DVWA-$dvwa_version dvwa
cat /home/dojo/dojobuild/targets/dvwa/dvwa-htaccess.diff | patch -d dvwa -p 0
cat /home/dojo/dojobuild/targets/dvwa/dvwa-setup.diff | patch -d dvwa -p 0
cp /home/dojo/dojobuild/targets/dvwa/config.inc.php dvwa/config/
cd ~/
sudo cp -r ~/dvwa /var/www/
sudo chown -R www-data:www-data /var/www/dvwa
#initialize dvwa database
sudo chown -R www-data:www-data /var/www/*
sudo /etc/init.d/apache2 restart && sleep 5
sudo apt-get -qy install curl
curl -d 'create_db=Create+%2F+Reset+Database' -o /dev/null http://localhost/dvwa/setup.php
rm ~/DVWA-$dvwa_version.zip
rm -rf ~/dvwa
# add dvwa.local virtualhost
sudo cp /home/dojo/dojobuild/targets/dvwa/dvwa-apache.conf /etc/apache2/sites-available/
sudo a2ensite dvwa-apache
sudo service apache2 reload
#maven PHP scripts
sudo apt-get -qy install php-sqlite3
sudo a2enmod rewrite
sudo bash -c 'echo -n 127.0.0.1 evil.example.com >> /etc/hosts'
cd /var/www/
sudo cp -r /home/dojo/dojobuild/php_scripts/* ./
sudo cp -r /home/dojo/dojobuild/php_scripts/.htaccess ./
sudo chown -R www-data:www-data *
#Mutillidae/NOWASP
mut_ver=2.6.65
cd ~/
sudo apt-get -qy install php-curl php-mbstring php-simplexml javascript-common
sudo service apache2 reload
cd /var/www/
sudo git clone https://github.com/webpwnized/mutillidae.git
sudo cp ~/dojobuild/targets/mutillidae/MySQLHandler.php mutillidae/classes/
sudo chown -R www-data:www-data mutillidae/
curl -o /dev/null http://127.0.0.1/mutillidae/set-up-database.php
# add nowasp.local virtualhost
sudo cp /home/dojo/dojobuild/targets/mutillidae/nowasp-apache.conf /etc/apache2/sites-available/
sudo a2ensite nowasp-apache
# disable javascript-common config so it does conflict with mutillidae javascript directory
sudo a2disconf javascript-common
sudo service apache2 reload
#gruyere
cd ~/
wget -nv http://google-gruyere.appspot.com/gruyere-code.zip
mkdir ~/targets/gruyere
cd ~/targets/gruyere
unzip -q ~/gruyere-code.zip
cp ~/dojobuild/targets/gruyere/start.sh ./
cp ~/dojobuild/targets/gruyere/stop.sh ./
cp ~/dojobuild/targets/gruyere/gruyere_drop_defenses.diff ./
#Mirror documentation
wget -nv --mirror http://google-gruyere.appspot.com/
mv google-gruyere.appspot.com docs
cd docs/static
wget -nv http://wayback.archive.org/web/20100204014409/http://code.google.com/images/code_logo.png
cd ../
for file in index.html part1 part2 part3 part4 part5
do
sed -i 's/\/#/index\.html#/g' $file
sed -i 's/\/code\.google\.com\/images\/code\_logo\.png/static\/code\_logo\.png/g' $file
sed -i 's/src=\"\//src=\"/g' $file
sed -i 's/href=\"\//href=\"/g' $file
sed -i 's/href=\"\.\.\/static/href=\"static/g' $file
sed -i 's/href=\"code\/?\([^/]*\)\//href=\"code\/\1\//g' $file
done
cd code/
rm index.html\?res*
rename 's/index\.html\?//' index.html\?*
rm index.html\?*
sed -i 's/\"\/static\//\"\.\.\/static\//g' index.html
sed -i 's/href=\"\/code/href=\"\.\.\/code/g' ../static/codeindex.html
rm ~/gruyere-code.zip
#OWASP Juice Shop
mkdir -p ~/targets/juice-shop
cd ~/targets/juice-shop
wget https://github.com/bkimminich/juice-shop/archive/master.zip
unzip -q master.zip
mv juice-shop-master app
wget https://www.gitbook.com/download/pdf/book/bkimminich/pwning-owasp-juice-shop -O ~/Documents/pwning-owasp-juice-shop.pdf
cd ~/targets/juice-shop/app
npm install
sed -i 's/port: 3000/port: 3008/g' config/default.yml
rm ~/targets/juice-shop/master.zip
cp ~/dojobuild/targets/juice-shop/*.sh ~/targets/juice-shop/
#Django.nV
sudo apt-get install -qy python3-pip
cd ~/targets
wget https://github.com/nVisium/django.nV/archive/master.zip
unzip -q master.zip
mv django.nV-master django.nV
rm master.zip
sudo pip3 install virtualenv
cd django.nV
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt
./reset_db.sh
deactivate
cp -rf ~/dojobuild/targets/django.nV/bin ~/targets/django.nV
cd ~/
#Cleanup env for use
sudo /etc/init.d/apache2 restart
#Tools
#Make tool dir
mkdir -p ~/tools/
mkdir -p ~/tools/bin/
#arachni
arach_ver=1.5.1-0.5.12
arach_short=${arach_ver%-*}
sudo apt-get -qy install build-essential curl libcurl3
mkdir ~/tools/arachni
cd ~/
wget -nv https://github.com/Arachni/arachni/releases/download/v$arach_short/arachni-$arach_ver-linux-$arch.tar.gz
tar -xaf arachni-$arach_ver-linux-$arch.tar.gz
cp -r arachni-$arach_ver/* tools/arachni/
rm -rf arachni-$arach_ver
rm arachni-$arach_ver-linux-$arch.tar.gz
echo 'export PATH="$PATH:$HOME/tools/arachni/bin"' >> ~/.profile
#raise open file limits
sudo sh -c 'echo "fs.file-max = 500000" >> /etc/sysctl.conf'
sudo sed -i 's/# End of file//' /etc/security/limits.conf
sudo sh -c 'echo "* soft nofile 60000
* hard nofile 60000
# End of file" >> /etc/security/limits.conf'
sudo cp ~/dojobuild/tools/arachni/*.sh ~/tools/arachni/
sudo cp ~/dojobuild/tools/arachni/*.svg ~/tools/arachni/
sudo cp ~/dojobuild/tools/arachni/*.png ~/tools/arachni/
#BeEF
cd ~/tools/
git clone --depth 1 git://github.com/beefproject/beef.git
cd beef
cp ~/dojobuild/tools/beef/*.pem ./
rvm install 2.4
rvm use 2.4
gem install bundler
sudo apt-get -qy install libsqlite3-0 libsqlite3-dev sqlite3 nodejs
bundle install
sudo apt-get -qy remove libsqlite3-dev
#Change config file to use port 3001 instead
ruby -pi.bak -e "gsub(/3000/, '3001')" config.yaml
ruby -pi.bak -e "gsub(/passwd: \"beef\"/, 'passwd: \"dojo\"')" config.yaml
#enable metasploit integration
cd ~/tools/beef/
patch < ~/dojobuild/tools/beef/beef_config.diff
#metasploit interation in metasploit build
cp ~/dojobuild/tools/beef/*.sh ~/tools/bin/
cp ~/dojobuild/tools/beef/*.png ~/tools/beef/
#Burp
#config setup
cd ~/
tar -xavf ~/dojobuild/tools/burp/burpsuiteconfig.tar.xz
mkdir -p ~/.java/.userPrefs/
cd ~/.java/.userPrefs/
tar -xavf ~/dojobuild/tools/burp/burpjavauserprefs.tar
cp ~/dojobuild/tools/burp/dojo-burp-proj.json ~/tools/BurpSuiteCommunity/
#misc setup
cp ~/dojobuild/tools/burp/payloads.txt ~/tools/BurpSuiteCommunity/
cp ~/dojobuild/tools/burp/EULA.txt ~/tools/BurpSuiteCommunity/
cd ~/tools/BurpSuiteCommunity/
wget http://search.maven.org/remotecontent?filepath=org/python/jython-standalone/2.7.0/jython-standalone-2.7.0.jar
mv remotecontent\?filepath=org%2Fpython%2Fjython-standalone%2F2.7.0%2Fjython-standalone-2.7.0.jar jython-standalone-2.7.0.jar
#Chromium
sudo apt-get -qy install chromium-browser
sudo update-alternatives --set gnome-www-browser /usr/bin/firefox
sudo update-alternatives --set x-www-browser /usr/bin/firefox
#curl
sudo apt-get -qy install curl
#extract
sudo apt-get -qy install extract
#nikto
sudo apt-get -qy install nikto
sudo nikto -update
mkdir ~/tools/nikto
cp ~/dojobuild/tools/nikto/nikto.png ~/tools/nikto/
#commix
cd ~/tools/
git clone https://github.com/commixproject/commix.git commix
cd ~/
cp ~/dojobuild/tools/commix/commix.png ~/tools/commix/
#gobuster
sudo apt-get install p7zip-full
mkdir ~/tools/gobuster
cd ~/tools/gobuster
wget -nv https://github.com/OJ/gobuster/releases/download/v2.0.1/gobuster-linux-amd64.7z
7z e gobuster-linux-amd64.7z
chmod +x gobuster
rm -rf gobuster-linux-amd64.7z
rm -rf gobuster-linux-amd64
cd ~/
#metasploit
cd ~/tools/
#svn export https://www.metasploit.com/svn/framework3/trunk/ metasploit
wget -nv https://github.com/rapid7/metasploit-framework/archive/master.zip
unzip -q master.zip
rm master.zip
mv metasploit-framework-master metasploit
rvm use default
sudo apt-get -qy install libpcap0.8 libpcap-dev
gem install pcaprub
#Database setup
sudo apt-get -qy install libpq5 libpq-dev postgresql libsqlite3-dev
gem install pg activerecord-postgresql-adapter
cd ~/tools/metasploit
gem install bundler
bundle install
cd ~/
sudo apt-get -qy purge libpq-dev libsqlite3-dev libpcap-dev
sudo apt-get -qy autoremove
gem install msgpack
sudo -u postgres createuser msf_user -RSD
sudo -u postgres psql -c "ALTER USER msf_user WITH PASSWORD 'msf_pass'"
sudo -u postgres createdb --owner=msf_user msf_database
echo 'export MSF_DATABASE_CONFIG="/home/dojo/tools/metasploit/database.yml"'>> ~/.profile
cp ~/dojobuild/tools/metasploit/database.yml ~/tools/metasploit/
#BeEF integration
cp ~/dojobuild/tools/beef/beef.rc ~/tools/metasploit/
cp ~/dojobuild/tools/metasploit/metasploit-icon.png ~/tools/metasploit/
cp ~/dojobuild/tools/metasploit/msfconsole ~/tools/bin/
#nmap
sudo apt-get -qy install nmap zenmap
xdg-desktop-menu install --novendor ~/dojobuild/menu/tools.directory ~/dojobuild/tools/zenmap/zenmap.desktop
#RATS
sudo apt-get -qy install expat libexpat1-dev
wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/rough-auditing-tool-for-security/rats-2.4.tgz
tar -xzvf rats-2.4.tgz
cd rats-2.4
./configure
make
sudo make install
cd ../
rm rats-2.4.tgz
sudo rm -rf rats-2.4
#skipfish
skipfish_version="2.10b"
cd ~/
mkdir -p ~/tools
wget -nv https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/skipfish/skipfish-$skipfish_version.tgz
cd ~/tools
tar -xaf ~/skipfish-$skipfish_version.tgz
sudo apt-get -qy install libidn11-dev libssl-dev libpcre3-dev
mv ~/tools/skipfish-$skipfish_version ~/tools/skipfish
cd ~/tools/skipfish/
make
#Skipfish no longer seems to check for a default word list
#cp ~/tools/skipfish/dictionaries/medium.wl ~/tools/skipfish/skipfish.wl
sudo apt-get -qy purge libidn11-dev libssl-dev libpcre3-dev
rm ~/skipfish-$skipfish_version.tgz
#sqlmap
sudo apt-get -qy install libucl1 upx-ucl
cd ~/tools/
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git
echo 'export PATH="$PATH:$HOME/tools/sqlmap"' >> ~/.profile
#Zed Attack Proxy
##### ----- When changing version, review updates below ----- #####
zap_version="2.7.0"
###################################################################
cd ~/
wget -nv https://github.com/zaproxy/zaproxy/releases/download/${zap_version}/ZAP_${zap_version}_Linux.tar.gz
mkdir -p ~/tools/zap
cd ~/tools/zap/
tar -xaf /home/dojo/ZAP_${zap_version}_Linux.tar.gz
mv ZAP_${zap_version}/* ./
rmdir ZAP_${zap_version}
#Install and update plugins by putting them in the plugins dir. Will be unpacked automatically on first run
cd plugin
#Install optional plugins. Check for new versions when upgrading
wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.7/sqliplugin-beta-12.zap
wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.7/fuzzdb-release-4.zap
wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.7/treetools-beta-7.zap
# The following are updates for 2.6.0, change when updating version
# wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.6/spiderAjax-release-20.zap
# wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.6/webdriverlinux-beta-3.zap
# wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.6/selenium-release-11.zap
# wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.6/zest-beta-24.zap
# wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.6/quickstart-release-21.zap
# wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowserlinux64-alpha-3.zap
# wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowserlinux32-alpha-3.zap
# wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowser-alpha-5.zap
# wget -nv https://github.com/zaproxy/zap-extensions/releases/download/2.6/replacer-beta-3.zap
cp ~/dojobuild/tools/zap/zap48x48.png ~/tools/zap/
mkdir -p ~/.ZAP/
cp ~/dojobuild/tools/zap/config.xml ~/.ZAP/
rm ~/ZAP_${zap_version}_Linux.tar.gz
#w3af TODO: python-wekit no longer available in repos. Look for replacement if needed.
sudo apt-get -qy install python-setuptools python-pip libssl-dev graphviz python2.7-dev libsqlite3-dev libxslt1-dev libyaml-dev libxml2-dev python-gtksourceview2
sudo pip install --upgrade pip
mkdir -p ~/tools
cd ~/tools
git clone --depth 1 https://github.com/andresriancho/w3af.git
cd ~/tools/w3af
./w3af_console
sudo /tmp/w3af_dependency_install.sh
sudo npm install -g retire
sudo pip install xdot==0.6
cp /home/dojo/dojobuild/tools/w3af/w3af-icon.svg /home/dojo/tools/w3af/w3af-icon.svg
#FIXME: patch w3af dependency check and remove -dev packages
#Zim/Scrot for notetaking
sudo apt-get -qy install zim scrot
#to install background images
sudo cp ~/dojobuild/theming/dojo-background.png /usr/share/xfce4/backdrops/
mkdir /home/dojo/theming/
cp ~/dojobuild/theming/maven-shield.png /home/dojo/theming/
# cd /etc/gdm
# sudo tar -xvf /home/dojo/dojobuild/theming/gdm.tar
mkdir -p /home/dojo/.gconf/desktop/gnome/background
cp /home/dojo/dojobuild/theming/%gconf.xml /home/dojo/.gconf/desktop/gnome/background/%gconf.xml
cd ~/
#add cleanup files
mkdir ~/bin
cp /home/dojo/dojobuild/bin/* ~/bin/
#Firefox extensions and bookmarks
mkdir -p ~/.mozilla/firefox/
cd ~/.mozilla/firefox/
tar -xaf ~/dojobuild/firefox-profile.tar.xz
cp ~/dojobuild/tools/MM3-ProxySwitch.txt ~/tools/
#Sideex firefox extention (beta Selenium IDE)
cd ~/Downloads
wget -nv http://sideex.org/FF/SideeX_2.3.2_Firefox.zip
mkdir -p ~/tools/sideex/
cd ~/tools/sideex
unzip ~/Downloads/SideeX_2.3.2_Firefox.zip
# Already installed in firefox profile. If not, see sideex webpage
#Documentation
cd ~/Documents
wget -nv https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP%20Top%2010%20-%202010.pdf
wget -nv https://www.owasp.org/images/f/f8/OWASP_Top_10_-_2013.pdf
wget -nv http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf
wget -nv https://www.owasp.org/images/1/19/OTGv4.pdf
mv OTGv4.pdf OWASP_Testing_Guide_v4.pdf
wget -nv http://projects.webappsec.org/f/WASC-TC-v1_0.pdf
wget -nv http://projects.webappsec.org/f/WASC-TC-v2_0.pdf
sudo ln -s ~/Documents/ /var/www/docs
cp ~/dojobuild/docs/dev-related ./
#html5 XSS cheatsheet
cd ~/
git clone --depth 1 https://github.com/cure53/H5SC.git html5security
sed -i.bak 's/https:\/\/siteproxy.ruqli.workers.dev:443\/https\/rawgithub.com\/cure53\/H5SC\/master/../g' html5security/html/index.html
sudo cp -R html5security/ /var/www/
sudo chown -R www-data:www-data /var/www/html5security/
rm -rf html5security
#rsnake XSS cheat sheet 2 beta
sudo cp -R ~/dojobuild/docs/xss_cheat_sheet_2/ /var/www/
sudo chown -R www-data:www-data /var/www/xss_cheat_sheet_2/
#README file
cp ~/dojobuild/docs/README.html ~/dojobuild/docs/GettingStarted.html ~/Desktop
#For my sanity
sudo apt-get -qy install vim-gnome
#For automated tests
sudo pip install selenium
sudo apt-get -qy install python-pexpect
#For VMware integration
sudo apt-get -qy install dkms open-vm-tools # open-vm-tools-dkms is marked as deprecated and errors out on install. see https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1783085
#To limit to localhost
sudo ufw allow from 127.0.0.0/8 to/8 127.0.0.0/8
sudo ufw allow from ::1 to ::1
sudo ufw default deny
sudo ufw enable
#To cleanup and save space
sudo apt-get -qy purge libreoffice* aisleriot gnome-sudoku gnomine mahjongg quadrapassel simple-scan libsane* gimp gimp-* pidgin pidgin-* thunderbird thunderbird-* rdesktop vinagre abiword abiword-* xfce4-dict gnumeric gnumeric-* orage transmission-* xchat* gmusicbrowser parole xfburn libisofs6 libcdparanoia* fonts-noto-cjk
sudo apt-get -qy autoremove
sudo apt-get -qy install evince
#update locate for new files
sudo updatedb
echo -e "\nPlease reboot for full features. Thanks!"
