Skip to content

Instantly share code, notes, and snippets.

@billfitzgerald

billfitzgerald/system_setup.md

Last active June 19, 2024 12:16
Show Gist options
  • Save billfitzgerald/f4a5173e6b8b4771915d1b83e7f257fc to your computer and use it in GitHub Desktop.
Save billfitzgerald/f4a5173e6b8b4771915d1b83e7f257fc to your computer and use it in GitHub Desktop.
Download ZIP
Setup steps for a fresh install on Ubuntu 24.04
Raw
system_setup.md

I have been doing versions of this setup repeatedly over years. If I was smarter I would have written this down years ago. These steps are for Ubuntu 24.04; they should work with minimal modification for other Debian-based systems.

I'm now going to peel some grapes and make good use of all the time I just saved my future self.

This is also documented in this blog post: https://www.funnymonkey.com/2024/06/basic-setup-finally/

Update the install

sudo apt update

sudo apt upgrade

Install pw manager

The process for doing this will vary based on the password manager you use. Depending on your use case, I recommend 1Password or KeepassXC.

Install curl

sudo apt install curl

Install Mullvad VPN

https://mullvad.net/en/download/vpn/linux

sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc

echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list

sudo apt update

sudo apt install mullvad-vpn

Install Gnome Tweaks

sudo apt update && sudo apt install gnome-tweaks -y

Play fun things

sudo apt install ubuntu-restricted-extras

Install VLC via the App store

Install Flatpak

Some things require this; get it in place ahead of time.

sudo apt install flatpak

sudo apt install gnome-software-plugin-flatpak

flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

Create ssh keys

ssh-keygen -t ed25519 -C "foo@bar.com"

eval "$(ssh-agent -s)"

ssh-add ~/.ssh/id_ed25519

Verify Python is installed, and add some additional tools

python3 -V

sudo apt install -y build-essential libssl-dev libffi-dev python3-dev

sudo apt install -y python3-pip

sudo apt install -y python3-venv

Verify if git is installed; install it if needed

git --version

sudo apt install git

git config --global user.name "your name"

git config --global user.email "your_email"

Install Sublime Text

https://www.sublimetext.com/docs/linux_repositories.html

wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/sublimehq-archive.gpg > /dev/null

echo "deb https://download.sublimetext.com/ apt/stable/" | sudo tee /etc/apt/sources.list.d/sublime-text.list

sudo apt-get update

sudo apt-get install sublime-text

Buy a license for Sublime. It's awesome, pay them.

Install gdebi (for easier install of .deb packages)

sudo apt install gdebi

Install Obsidian

I downloaded the deb package from https://obsidian.md/download - I have found the deb package to be more reliable, but ymmv.

Once you have the deb file downloaded, cd to where it was downloaded and install it using gdebi. For me, this was:

cd ~/Downloads

sudo gdebi obsidian_1.6.3_amd64.deb

Install Node

Node can be installed in a few different ways. I prefer using Node Version Manager (NVM) to manage and install Node.

Get latest version from https://github.com/nvm-sh/nvm?tab=readme-ov-file#installing-and-updating

These install instructions contain the two shell commands needed to install NVM.

Once you have installed NVM, enable it by running: source ~/.bashrc

Then, install the LTS version of node:

nvm install --lts

If a specific application needs a different version, you can install it using NVM.

Install Java

Like Node, Java can be installed in a few different ways from different sources. I use the guide here to take the sting out of the decision making and review process: https://github.com/whichjdk/whichjdk.com

Based on the guidance from WhichJDK, I used the Adoptium Eclipse Temurin v21 LTS version of Java. Seriously, it gets me tired just writing this name out; the Java world is way more convoluted than it needs to be. Thanks, Oracle.

The instructions to install Eclipse Temurin are available here: https://adoptium.net/installation/linux/

Verify that some packages required for install are in place:

sudo apt install -y wget apt-transport-https gpg

I used a slightly different command than what's listed on the install instuctions. Specifically, I added "sudo" to the tee commands in the next two install steps. Without this addition, the steps failed with a permissions issue because only the initial command (and not the subsequent piped commands) ran as sudo.

sudo wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/adoptium.gpg > /dev/null

sudo echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | sudo tee /etc/apt/sources.list.d/adoptium.list

sudo apt update

sudo apt install temurin-21-jdk

Install OWASP ZAP

From https://www.zaproxy.org/download/ download the Linux Installer. This should download a file named "ZAP_[VERSION_NUMBER]_unix.sh" - at the time of this writing, ZAP is on version 2.15.0, so the Linux Installer is named ZAP_2_15_0_unix.sh

In a terminal, navigate to ~/Downloads and make the install script executable: chmod +x ./ZAP_2_15_0_unix.sh

Then, run the install script.

sudo ./ZAP_2_15_0_unix.sh

Install nmap

sudo apt install nmap

Nmap needs to run as root; this requirement can be sidestepped by allowing nmap to be run using the --privileged flag. To enable use of the --privileged flag:

sudo apt install libcap2-bin

sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap)

Install Wireshark

sudo add-apt-repository ppa:wireshark-dev/stable

sudo apt update

sudo apt install wireshark

Select "Yes" to allow non-superusers to capture packets. To complete the configuration steps that allow non-superusers to use Wireshark to capture network traffic, add the current user to the "wireshark" group.

sudo usermod -aG wireshark $(whoami)

Tshark is a command line version of wireshark I use in some cases; check if it is installed by:

which tshark

If this does not return anything, install tshark:

sudo apt install tshark

Then, shut down and restart your system to have the permissions created during the Wireshark and tshark install take effect.

When you reboot your system, verify that tshark is working by entering:

tshark -D

This will show all the network interfaces you can use to capture traffic.

Install Docker

Verify/install some required dependencies:

sudo apt-get install ca-certificates curl

sudo install -m 0755 -d /etc/apt/keyrings

sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc

sudo chmod a+r /etc/apt/keyrings/docker.asc

echo   "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |   sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Add current user to the "docker" group. This is generally okay assuming that Docker is being installed on a laptop/computer that is only used by one trusted person. For more info see here: https://docs.docker.com/engine/security/#docker-daemon-attack-surface

sudo usermod -aG docker $USER

Shut down and restart the computer.

Verify the version of docker:

docker --version

Verify that Docker is running:

systemctl status docker (hit Shift-q to exit)

Test the Docker install:

docker run hello-world

https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository

https://docs.docker.com/engine/install/linux-postinstall/

Run MobSF

https://github.com/MobSF/Mobile-Security-Framework-MobSF

https://mobsf.github.io/docs/#/

docker pull opensecurity/mobile-security-framework-mobsf:latest

docker run -it --rm \
    -p 8000:8000 \
    opensecurity/mobile-security-framework-mobsf:latest

GIMP

sudo apt install gimp

VirtualBox

Install Base VirtualBox and the Extension Pack

sudo apt update

wget -O- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --dearmor --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] http://download.virtualbox.org/virtualbox/debian $(. /etc/os-release && echo "$VERSION_CODENAME") contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list

sudo apt install virtualbox-7.0

If you have secure boot enabled, walk through the steps displayed onscreen.

Add the current user to the 'vboxusers' group. sudo usermod -a -G vboxusers $USER

Then, reboot your system. If you have Secure Boot enabled, you will need to enter your secure boot passcode (created while installing VirtualBox) during the login process.

Download the Extension Pack from https://www.virtualbox.org/wiki/Downloads

Start Virtual Box; add the Extension pack (Extension --> Install, or Ctrl-Shift-I)

Google Earth

sudo wget -qO - https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor | sudo tee /etc/apt/keyrings/google-earth.gpg >/dev/null

sudo sh -c 'echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google-earth.gpg] https://dl.google.com/linux/earth/deb/ stable main" > /etc/apt/sources.list.d/google-earth.list'

sudo apt update

sudo apt install google-earth-pro-stable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment