ANIX

The ORL Anonymous Information Computing System (or “ANIX”) is an experimental operating system being developed by the AMI Operations Research Laboratories. It is being developed expressly for the infosec market, developers, and Linux powerusers.

It foremost will be a pentesting OS, rigged up with all sorts of fun essential tools that every script kiddie and aspiring professional should have, that you can boot from a keydrive. It will also be a secure everyday OS that you can install to your laptop or home computer. Its spirit will be expressed with a sleek minimalist interface geared towards professionals who want to get things done quickly without software bloat and clunky design getting in the way.

The only OS guaranteed to help you find gaping holes.

ANIX currently only exists in prototypical “Research ANIX” form. Some components like the GUI are already being distributed, whereas other components are still bound to their owner's local machines. Other parts, such as an installer or RISC-V port, are still completely theoretical.

In order to further the development of ANIX, the Anonymous Military Institute is currently running the Research ANIX program. By following (and field testing) the Single ANIX Specification, you too can build it you own “ANIX-Spec” operating system at home.

ANIX was the collision of several ongoing off-campus projects by several AMI faculty members and various independent AnonOps cells. In order to fulfill their myriad job, hacking & security needs, they all began developing homebrew solutions based on the vast open-source software library of the UNIX/BSD/Linux-world.

By the end of 2024, they had all realized that the sum total of their independent efforts comprised nearly an entire operating system, and one which could rival more bloated distros like Kali Linux and Parrot OS. All that remained was to put the pieces together in the storied halls of the Anonymous Military Institute - A 501©(3)(pending) non-profit scientific & educational organization.

While ANIX cannot yet be downloaded, you can build your own flavor of Research ANIX - and we encourage you to! When you are done, you will have a lean and mean operating system that is geared for professionals. ANIX is going to make infosec fun again.

“But Professor, how will I build an operating system by myself?” Easier than you think! This is because ANIX is built on Debian 12, which provides for a clean stable base. It also gives you easy access to the rest of the components, as many of them are in the stock Debian package manager, and many of the others can be poached from the Debian-based Mint, Ubuntu, Kali & Parrot distros.

This provides an excellent opportunity for those looking to improve their Linux and command-line skills, as building Research ANIX will take you through the basics of how Linux works. And, by building your own custom Linux install, you will be following in the tradition of America's trade schools which have historically made students build their own toolboxes as a graduating rite-of-passage.

All students and research staff developing their own Research ANIX builds are required to submit their code and ANIX modifictions to AMI staff for inspection. Whatever team comes together in the process of this will be responsible for consolidating the best parts of everyone's Research ANIX builds into ANIX Version 1.0.

All participants who complete a Research ANIX build are welcome to fork ANIX at this point and market their own ANIX-derivative.

Research ANIX is a Linux distribution, and like all Linux distributions it is composed of many tiny software packages. ANIX veers towards simplicity, preferring simple packages with minimal dependencies. Those who have used Linux for a long time may find ANIX is more akin to the “old way” of doing things, though it still takes advantage of a modern Debian base.

The following list of packages is a guideline. It is not a complete set of step-by-step instructions! You should be at least somewhat-familiar with Linux before attempting to do this.

This specification will be updated periodically as Research ANIX becomes a more cohesive product. This heading will be re-signed as it is updated. — Humphrey Boa-Gart 2025/01/04 22:34

Start with a clean version of Debian 12 aka "Bookworm". Install it as you would install any other copy of Linux to your computer, but without selecting any additional packages other than standard sys utilities. When you are done, it should dump you right to the command-line. Do all other normal setup things, like setting the timezone and getting the internet connection working. Run apt update and get everything up to date.

Edit your fstab file to configure your /tmp directory as a tmpfs ramdisk. Do not rely on the stock systemd implementation.

Base text editor should remain nano, so we don't have to pick sides in the emacs-vs-vim war.

• Configure apt to use the https repos instead of http
• Configure the Backports repo and update to the latest kernel
• Install from apt: wget
• Install curl from Backports.

• /bin/sh symlinked to dash for startup scripts
• bash as the default userland shell
• Official support for zsh as an optional bash alternative

• Install from apt: rsyslog
• Neuter journald
• Have rsyslog publish its logs to /tmp/log
• Purge /var/log, but leave the folder and set up symlinks to the logfile locations in /tmp/log
• Keep track of anything else that makes logs and direct them to rsyslog (preferable) or /tmp/log
• Leave pathways for end-users to send persistent logs to ~/.log and /var/log

• Install from apt: ufw. Drop all incoming connections, log to dedicated log file via rsyslog
• umask 0077 as default
• Configure NetworkManager to randomize MAC addresses
• WireGuard & OpenVPN both preinstalled and ready to run configs from VPN providers, with easy killswitch option.
• A tor switch through which you can optionally route your VPN and vice-versa.
• An airplane mode switch that puts the machine into a full Ring 0-only mode.
• A preconfigured hypervisor that makes it easy to run sandboxed applications in virtual machines alongside non-sandboxed applications.
• Absolutely no telemetry or data collection. All third-party apps must be examined and hardened where possible.

• Install from apt: sway, swayidle, swaylock, swaybg, swayimg, sway-backgrounds, sway-notification-center, suckless-tools, waybar, bemenu, wofi, brightnessctl, grim, jq, slurp, imagemagick, wl-clipboard, xdg-desktop-portal, xdg-desktop-portal-gtk, xdg-user-dirs, xdg-utils, xdg-dbus-proxy, libadwaita-1-0, gnome-themes-extra, gnome-themes-extra-data, adwaita-qt, adwaita-qt6, wmctrl & xwayland
• Use HumphreyBoaGart/dotfiles package to wrangle Sway, Waybar and the Bash userland together.

• Terminal Emulators: sakura and foot
• File Browsers: nemo and ranger
• Status Monitors: btop, htop and process-viewer
• Timekeeping: calcurse and gnome-clocks or equivalent
• Display Management: wdisplays or equivalent
• Session Manager: Stock login prompt (can be styled) that opens to Sway, coupled with Big-B/swaylock-fancy. Have option for autologin.

• At least two web browsers, including Firefox, installed however, sandboxed, preconfigured for security, and with garbage like Pocket deactivated. Disable disk caching and force the browser to cache to RAM.
• Install standalone GNOME components from apt: gedit, gnome-contacts, gnome-calculator, gnome-disk-utility, gnome-keyring
• Install libreoffice and libreoffice-gtk3 from Backports
• Install a password manager

• Whatever for image viewing
• Whatever for media playback
• A decently secure PDF reader
• PulseAudio OR PipeWire for hardware audio playback
• Install from apt: blueman, ffmpeg, cheese
• Install yt-dlp from Backports
• Whatever for wifi. Needs visual+cli interfaces for easily finding and connecting to wifi & mesh networks

• Metasploit Framework
• nmap, ncat,
• anything useful that can be easily poached from Kali/Parrot, as most of those packages are just previously open-sourced software from independent developers.

• Flathub: Flatpak w/ Flatseal utility
• Dockerhub: Docker configured in Rootless Mode.

You are not limited to the packages listed here. Feel free to include any additional pieces of software you think would be useful or necessary. This will help spur a healthy ecosystem of Research ANIX derivatives, as part of Anon's long-term scheme to conquer the world.

ANIX will be distributed as a single ISO, and this ISO will need to provide for (at the very least) these two default modes of operation:

1. Like most modern Linux installs, it will need to be able to liveboot off of virtual machines, and portable devices like USB drives. When it is run in portable mode, it will wipe itself back to a blank slate on every reboot, similar to Parrot OS.
2. Accessible from the liveboot mode will also be an installer which installs a permanent version of ANIX to the specified memory device, where data persists across reboots. The installer also needs to be able to set up full-disk encryption on the device it installs ANIX to.

Target platform is x86-64, though we certainly wouldn't complain if someone made an ARM64 or RISC-V build of Research ANIX.