User Tools

Site Tools

arms:anix

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
arms:anix [2025/09/15 22:47] – created Humphrey Boa-Gartarms:anix [2025/09/30 22:44] (current) – external edit 127.0.0.1
Line 5: Line 5:
 It foremost will be a **pentesting OS**, rigged up with all sorts of fun essential tools that every script kiddie and aspiring professional should have, that you can boot from a keydrive. It will also be a secure everyday OS that you can install to your laptop or home computer. Its spirit will be expressed with a sleek minimalist interface geared towards professionals who want to get things done quickly without software bloat and clunky design getting in the way. It foremost will be a **pentesting OS**, rigged up with all sorts of fun essential tools that every script kiddie and aspiring professional should have, that you can boot from a keydrive. It will also be a secure everyday OS that you can install to your laptop or home computer. Its spirit will be expressed with a sleek minimalist interface geared towards professionals who want to get things done quickly without software bloat and clunky design getting in the way.
  
-ANIX currently only exists in prototypical //“Research ANIX”// form. Some components like the [[gh>https://github.com/HumphreyBoaGart/dotfiles|GUI]] are already being distributed, whereas other components are still bound to their owner's local machines. Other parts, such as an installer or RISC-V port, are still completely theoretical.+[{{ :arms:goattux.png?250|The only OS //guaranteed// to help you find gaping holes.}}]ANIX currently only exists in prototypical //“Research ANIX”// form. Some components like the [[gh>https://github.com/HumphreyBoaGart/dotfiles|GUI]] are already being distributed, whereas other components are still bound to their owner's local machines. Other parts, such as an installer or RISC-V port, are still completely theoretical.
  
 In order to further the development of ANIX, the Anonymous Military Institute is currently running the Research ANIX program. By following //(and field testing)// the [[arms:anix#single-anix-specification|Single ANIX Specification]], you too can build it you own //“ANIX-Spec”// operating system at home. In order to further the development of ANIX, the Anonymous Military Institute is currently running the Research ANIX program. By following //(and field testing)// the [[arms:anix#single-anix-specification|Single ANIX Specification]], you too can build it you own //“ANIX-Spec”// operating system at home.
Line 14: Line 14:
 ANIX was the collision of several ongoing off-campus projects by several AMI faculty members and various independent [[anonymous:anonops|AnonOps]] cells. In order to fulfill their myriad job, hacking & security needs, they all began developing homebrew solutions based on the vast open-source software library of the UNIX/BSD/Linux-world. ANIX was the collision of several ongoing off-campus projects by several AMI faculty members and various independent [[anonymous:anonops|AnonOps]] cells. In order to fulfill their myriad job, hacking & security needs, they all began developing homebrew solutions based on the vast open-source software library of the UNIX/BSD/Linux-world.
  
-By the end of 2024, they had all realized that the sum total of their independent efforts comprised nearly an entire operating system, and one which could rival more bloated distros like [[arms:kali|Kali Linux]] and [[arms:parrot|Parrot OS]]. All that remained was to put the pieces together in the storied halls of the **Anonymous Military Institute** - //A 501©(3)(pending) non-profit scientific & educational organization//.+By the end of 2024, they had all realized that the sum total of their independent efforts comprised nearly an entire operating system, and one which could rival more bloated distros like [[arms:kali|Kali Linux]] and [[arms:parrot|Parrot OS]]. All that remained was to put the pieces together in the storied halls of the **Anonymous Military Institute** - //A 501©(3)(pending) non-profit scientific & educational organization//, which by this point had acquired the research & insight of all the various short-lived //"Anonymous OS"// projects from years long past.
  
  
 +===== Homework Assignment: Building Research ANIX =====
  
 +While ANIX cannot yet be downloaded, you can build your own flavor of **Research ANIX** - and we encourage you to! When you are done, you will have a lean and mean operating system that is geared for professionals. ANIX is going to make infosec fun again.
  
 +//“But Professor, how will I build an operating system by myself?”// Easier than you think! This is because ANIX is built on [[https://www.debian.org|Debian]], which provides for a clean stable base. It also gives you easy access to the rest of the components, as many of them are in the stock Debian package manager, and many of the others can be poached from the Debian-based Mint, Ubuntu, Kali & Parrot distros.
 +
 +This provides an excellent opportunity for those looking to improve their Linux and [[tools:bash|command-line]] skills, as building Research ANIX will take you through the basics of how Linux works. And, by building your own custom Linux install, you will be following in the tradition of America's trade schools which have historically made students build their own toolboxes as a graduating rite-of-passage.
 +
 +**All students and research staff developing their own Research ANIX builds are required to submit their code and ANIX modifictions to AMI staff for inspection.** Whatever team comes together in the process of this will be responsible for consolidating the best parts of everyone's Research ANIX builds into ANIX Version 1.0.
 +
 +//**All participants who complete a Research ANIX build are welcome to fork ANIX at this point and market their own ANIX-derivative.
 +**//
 +
 +
 +===== Single ANIX Specification =====
 +
 +Research ANIX is a Linux distribution, and like all Linux distributions it is composed of many tiny software packages. ANIX veers towards simplicity, preferring simple packages with minimal dependencies. Those who have used Linux for a long time may find ANIX is more akin to the “old way” of doing things, though it still takes advantage of a modern Debian base.
 +
 +The following list of packages is a **guideline**. //It is not a complete set of step-by-step instructions!// You should be at least somewhat-familiar with [[diy:linux|Linux]] before attempting to do this.
 +
 +
 +==== Base Components ====
 +
 +This specification will be updated periodically as Research ANIX becomes a more cohesive product. This heading will be re-signed as it is updated. — //[[user:hbg|Humphrey Boa-Gart]] 2025/01/04 22:34//
 +
 +Since the publication of this specification, Debian is now on version 13. Research ANIX will be standardizing on 13 instead of 12. This document will eventually be updated to reflect that. — //[[user:hbg|Humphrey Boa-Gart]] 2025/09/15 23:53//
 +
 +=== Where to Start ===
 +
 +Start with a clean version of Debian 12 aka "Bookworm". Install it as you would install any other copy of Linux to your computer, but without selecting any additional packages other than standard sys utilities. When you are done, it should dump you right to the command-line. Do all other normal setup things, like setting the timezone and getting the internet connection working. Run apt update and get everything up to date.
 +
 +Edit your fstab file to configure your /tmp directory as a tmpfs ramdisk. Do not rely on the stock systemd implementation.
 +
 +Base text editor should remain nano, so we don't have to pick sides in the emacs-vs-vim war.
 +
 +
 +=== Initial Packages: ===
 +
 +  * Configure apt to use the https repos instead of http
 +  * [[https://backports.debian.org/Instructions/|Configure the Backports repo]] and update to the latest kernel
 +  * Install from apt: [[tools:wget]]
 +  * Install [[tools:curl]] from Backports.
 +
 +=== Shells: ===
 +
 +  * /bin/sh symlinked to [[tools:dash]] for startup scripts
 +  * [[tools:bash]] as the default userland shell
 +  * Official support for [[tools:zsh]] as an optional bash alternative
 +
 +=== Logging: ===
 +
 +  * Install from apt: rsyslog
 +  * [[https://www.going-flying.com/blog/debian-bookworm-journald.html|Neuter journald]]
 +  * Have rsyslog publish its logs to /tmp/log
 +  * Purge /var/log, but leave the folder and set up symlinks to the logfile locations in /tmp/log
 +  * Keep track of anything else that makes logs and direct them to rsyslog (preferable) or /tmp/log
 +  * Leave pathways for end-users to send persistent logs to ~/.log and /var/log
 +
 +
 +==== Security Components ====
 +
 +  * Install from apt: ufw. Drop all incoming connections, log to dedicated log file via rsyslog
 +  * umask 0077 as default
 +  * Configure NetworkManager to [[diy:change-mac|randomize MAC addresses]]
 +  * [[tools:wireguard|WireGuard]] & [[tools:openvpn|OpenVPN]] both preinstalled and ready to run configs from VPN providers, with easy killswitch option.
 +  * A [[tools:tor]] switch through which you can optionally route your VPN and vice-versa.
 +  * An airplane mode switch that puts the machine into a full Ring 0-only mode.
 +  * A preconfigured hypervisor that makes it easy to run sandboxed applications in virtual machines alongside non-sandboxed applications.
 +  * **Absolutely no telemetry or data collection. All third-party apps must be examined and hardened where possible.**
 +
 +
 +==== User Interface ====
 +
 +=== Core Components: ===
 +
 +  * Install from apt: sway, swayidle, swaylock, swaybg, swayimg, sway-backgrounds, sway-notification-center, suckless-tools, waybar, bemenu, wofi, brightnessctl, grim, jq, slurp, imagemagick, wl-clipboard, xdg-desktop-portal, xdg-desktop-portal-gtk, xdg-user-dirs, xdg-utils, xdg-dbus-proxy, libadwaita-1-0, gnome-themes-extra, gnome-themes-extra-data, adwaita-qt, adwaita-qt6, wmctrl & xwayland
 +  * Use [[github>HumphreyBoaGart/dotfiles]] package to wrangle Sway, Waybar and the Bash userland together.
 +
 +=== Other Components: ===
 +
 +  * Terminal Emulators: **sakura** //(with **foot** as backup/debug terminal)//
 +  * File Browsers: **nemo** and **ranger**
 +  * Status Monitors: whatever works
 +  * Timekeeping: whatever works
 +  * Display Management: **wdisplays** or equivalent
 +  * Session Manager: **Stock login prompt** (can be styled) that opens to Sway, coupled with [[github>Big-B/swaylock-fancy]]. Have option for autologin.
 +
 +
 +==== Additional Software ====
 +
 +=== Basics: ===
 +
 +  * At least **two web browsers**, including **Firefox**, sandboxed, preconfigured for security, and with garbage like Pocket deactivated. Disable disk caching and force the browser to cache to RAM.
 +  * Install standalone GNOME components from apt: **gedit**, **gnome-contacts**, **gnome-calculator**, **gnome-disk-utility**, **gnome-keyring**
 +  * Install **libreoffice** and **libreoffice-gtk3** from Backports
 +  * Install a [[security:password-managers|password manager]]
 +
 +=== Multimedia: ===
 +
 +  * **Whatever** for image viewing
 +  * **Whatever** for media playback
 +  * A decently secure **PDF reader**
 +  * **PulseAudio** OR **PipeWire** for hardware audio playback
 +  * Install from apt: **blueman**, **ffmpeg**, **cheese**
 +  * Install **yt-dlp** from Backports
 +  * **Whatever** for wifi. Needs visual+cli interfaces for easily finding and connecting to wifi & mesh networks
 +
 +=== Pentesting Tools: ===
 +
 +  * [[arms:metasploit|Metasploit Framework]]
 +  * [[arms:nmap]], [[arms:ncat]]
 +  * anything useful that can be easily poached from Kali/Parrot, as most of those packages are just previously open-sourced software from independent developers.
 +
 +=== Other Repos: ===
 +
 +  * Flathub: [[tools:flatpak|Flatpak]] w/ [[https://flathub.org/apps/com.github.tchx84.Flatseal|Flatseal]] utility
 +  * Dockerhub: [[tools:docker|Docker]] configured in [[https://docs.docker.com/engine/security/rootless/|Rootless Mode]].
 +
 +=== Misc: ===
 +
 +**You are not limited to the packages listed here. Feel free to include any additional pieces of software you think would be useful or necessary. This will help spur a healthy ecosystem of Research ANIX derivatives, as part of Anon's long-term scheme to conquer the world.**
 +
 +
 +==== Use Modes ====
 +
 +ANIX will be distributed as a single ISO, and this ISO will need to provide for //(at the very least)// these two default modes of operation:
 +
 +  - Like most modern Linux installs, it will need to be able to liveboot off of virtual machines, and portable devices like USB drives. When it is run in portable mode, it will wipe itself back to a blank slate on every reboot, similar to [[arms:parrot|Parrot OS]].
 +  - Accessible from the liveboot mode will also be an installer which installs a permanent version of ANIX to the specified memory device, where data persists across reboots. The installer also needs to be able to set up full-disk encryption on the device it installs ANIX to.
 +
 +Target platform is **x86-64**, though we certainly wouldn't complain if someone made an **ARM64** or **RISC-V** build of Research ANIX.
 +
 +
 +{{tag>Armaments Tools}}
arms/anix.1757976426.txt.gz · Last modified: (external edit)

Find this page online at: https://bestpoint.institute/arms/anix