Differences

This shows you the differences between two versions of the page.

--- arms:anix [2025/09/15 22:51] – [History of ANIX] Humphrey Boa-Gart
+++ arms:anix [2025/09/30 22:44] (current) – external edit 127.0.0.1
@@ Line 5: / Line 5: @@
 It foremost will be a **pentesting OS**, rigged up with all sorts of fun essential tools that every script kiddie and aspiring professional should have, that you can boot from a keydrive. It will also be a secure everyday OS that you can install to your laptop or home computer. Its spirit will be expressed with a sleek minimalist interface geared towards professionals who want to get things done quickly without software bloat and clunky design getting in the way.
-ANIX currently only exists in prototypical //“Research ANIX”// form. Some components like the [[gh>https://github.com/HumphreyBoaGart/dotfiles|GUI]] are already being distributed, whereas other components are still bound to their owner's local machines. Other parts, such as an installer or RISC-V port, are still completely theoretical.
+[{{ :arms:goattux.png?250|The only OS //guaranteed// to help you find gaping holes.}}]ANIX currently only exists in prototypical //“Research ANIX”// form. Some components like the [[gh>https://github.com/HumphreyBoaGart/dotfiles|GUI]] are already being distributed, whereas other components are still bound to their owner's local machines. Other parts, such as an installer or RISC-V port, are still completely theoretical.
 In order to further the development of ANIX, the Anonymous Military Institute is currently running the Research ANIX program. By following //(and field testing)// the [[arms:anix#single-anix-specification|Single ANIX Specification]], you too can build it you own //“ANIX-Spec”// operating system at home.
@@ Line 14: / Line 14: @@
 ANIX was the collision of several ongoing off-campus projects by several AMI faculty members and various independent [[anonymous:anonops|AnonOps]] cells. In order to fulfill their myriad job, hacking & security needs, they all began developing homebrew solutions based on the vast open-source software library of the UNIX/BSD/Linux-world.
-By the end of 2024, they had all realized that the sum total of their independent efforts comprised nearly an entire operating system, and one which could rival more bloated distros like [[arms:kali|Kali Linux]] and [[arms:parrot|Parrot OS]]. All that remained was to put the pieces together in the storied halls of the **Anonymous Military Institute** - //A 501©(3)(pending) non-profit scientific & educational organization//.
+By the end of 2024, they had all realized that the sum total of their independent efforts comprised nearly an entire operating system, and one which could rival more bloated distros like [[arms:kali|Kali Linux]] and [[arms:parrot|Parrot OS]]. All that remained was to put the pieces together in the storied halls of the **Anonymous Military Institute** - //A 501©(3)(pending) non-profit scientific & educational organization//, which by this point had acquired the research & insight of all the various short-lived //"Anonymous OS"// projects from years long past.
@@ Line 42: / Line 42: @@
 This specification will be updated periodically as Research ANIX becomes a more cohesive product. This heading will be re-signed as it is updated. — //[[user:hbg|Humphrey Boa-Gart]] 2025/01/04 22:34//
+Since the publication of this specification, Debian is now on version 13. Research ANIX will be standardizing on 13 instead of 12. This document will eventually be updated to reflect that. — //[[user:hbg|Humphrey Boa-Gart]] 2025/09/15 23:53//
+=== Where to Start ===
+Start with a clean version of Debian 12 aka "Bookworm". Install it as you would install any other copy of Linux to your computer, but without selecting any additional packages other than standard sys utilities. When you are done, it should dump you right to the command-line. Do all other normal setup things, like setting the timezone and getting the internet connection working. Run apt update and get everything up to date.
+Edit your fstab file to configure your /tmp directory as a tmpfs ramdisk. Do not rely on the stock systemd implementation.
+Base text editor should remain nano, so we don't have to pick sides in the emacs-vs-vim war.
+=== Initial Packages: ===
+  * Configure apt to use the https repos instead of http
+  * [[https://backports.debian.org/Instructions/|Configure the Backports repo]] and update to the latest kernel
+  * Install from apt: [[tools:wget]]
+  * Install [[tools:curl]] from Backports.
+=== Shells: ===
+  * /bin/sh symlinked to [[tools:dash]] for startup scripts
+  * [[tools:bash]] as the default userland shell
+  * Official support for [[tools:zsh]] as an optional bash alternative
+=== Logging: ===
+  * Install from apt: rsyslog
+  * [[https://www.going-flying.com/blog/debian-bookworm-journald.html|Neuter journald]]
+  * Have rsyslog publish its logs to /tmp/log
+  * Purge /var/log, but leave the folder and set up symlinks to the logfile locations in /tmp/log
+  * Keep track of anything else that makes logs and direct them to rsyslog (preferable) or /tmp/log
+  * Leave pathways for end-users to send persistent logs to ~/.log and /var/log
+==== Security Components ====
+  * Install from apt: ufw. Drop all incoming connections, log to dedicated log file via rsyslog
+  * umask 0077 as default
+  * Configure NetworkManager to [[diy:change-mac|randomize MAC addresses]]
+  * [[tools:wireguard|WireGuard]] & [[tools:openvpn|OpenVPN]] both preinstalled and ready to run configs from VPN providers, with easy killswitch option.
+  * A [[tools:tor]] switch through which you can optionally route your VPN and vice-versa.
+  * An airplane mode switch that puts the machine into a full Ring 0-only mode.
+  * A preconfigured hypervisor that makes it easy to run sandboxed applications in virtual machines alongside non-sandboxed applications.
+  * **Absolutely no telemetry or data collection. All third-party apps must be examined and hardened where possible.**
+==== User Interface ====
+=== Core Components: ===
+  * Install from apt: sway, swayidle, swaylock, swaybg, swayimg, sway-backgrounds, sway-notification-center, suckless-tools, waybar, bemenu, wofi, brightnessctl, grim, jq, slurp, imagemagick, wl-clipboard, xdg-desktop-portal, xdg-desktop-portal-gtk, xdg-user-dirs, xdg-utils, xdg-dbus-proxy, libadwaita-1-0, gnome-themes-extra, gnome-themes-extra-data, adwaita-qt, adwaita-qt6, wmctrl & xwayland
+  * Use [[github>HumphreyBoaGart/dotfiles]] package to wrangle Sway, Waybar and the Bash userland together.
+=== Other Components: ===
+  * Terminal Emulators: **sakura** //(with **foot** as backup/debug terminal)//
+  * File Browsers: **nemo** and **ranger**
+  * Status Monitors: whatever works
+  * Timekeeping: whatever works
+  * Display Management: **wdisplays** or equivalent
+  * Session Manager: **Stock login prompt** (can be styled) that opens to Sway, coupled with [[github>Big-B/swaylock-fancy]]. Have option for autologin.
+==== Additional Software ====
+=== Basics: ===
+  * At least **two web browsers**, including **Firefox**, sandboxed, preconfigured for security, and with garbage like Pocket deactivated. Disable disk caching and force the browser to cache to RAM.
+  * Install standalone GNOME components from apt: **gedit**, **gnome-contacts**, **gnome-calculator**, **gnome-disk-utility**, **gnome-keyring**
+  * Install **libreoffice** and **libreoffice-gtk3** from Backports
+  * Install a [[security:password-managers|password manager]]
+=== Multimedia: ===
+  * **Whatever** for image viewing
+  * **Whatever** for media playback
+  * A decently secure **PDF reader**
+  * **PulseAudio** OR **PipeWire** for hardware audio playback
+  * Install from apt: **blueman**, **ffmpeg**, **cheese**
+  * Install **yt-dlp** from Backports
+  * **Whatever** for wifi. Needs visual+cli interfaces for easily finding and connecting to wifi & mesh networks
+=== Pentesting Tools: ===
+  * [[arms:metasploit|Metasploit Framework]]
+  * [[arms:nmap]], [[arms:ncat]]
+  * anything useful that can be easily poached from Kali/Parrot, as most of those packages are just previously open-sourced software from independent developers.
+=== Other Repos: ===
+  * Flathub: [[tools:flatpak|Flatpak]] w/ [[https://flathub.org/apps/com.github.tchx84.Flatseal|Flatseal]] utility
+  * Dockerhub: [[tools:docker|Docker]] configured in [[https://docs.docker.com/engine/security/rootless/|Rootless Mode]].
+=== Misc: ===
+**You are not limited to the packages listed here. Feel free to include any additional pieces of software you think would be useful or necessary. This will help spur a healthy ecosystem of Research ANIX derivatives, as part of Anon's long-term scheme to conquer the world.**
+==== Use Modes ====
+ANIX will be distributed as a single ISO, and this ISO will need to provide for //(at the very least)// these two default modes of operation:
+  - Like most modern Linux installs, it will need to be able to liveboot off of virtual machines, and portable devices like USB drives. When it is run in portable mode, it will wipe itself back to a blank slate on every reboot, similar to [[arms:parrot|Parrot OS]].
+  - Accessible from the liveboot mode will also be an installer which installs a permanent version of ANIX to the specified memory device, where data persists across reboots. The installer also needs to be able to set up full-disk encryption on the device it installs ANIX to.
+Target platform is **x86-64**, though we certainly wouldn't complain if someone made an **ARM64** or **RISC-V** build of Research ANIX.
+{{tag>Armaments Tools}}

User Tools

Site Tools

Differences