Commit 9ee0d7b5 authored by Jamie Scaife's avatar Jamie Scaife

Added package configuration variables for all other packages, added check for...

Added package configuration variables for all other packages, added check for gpg2/gpg, other minor changes
parent c47a42f8
#!/bin/bash
#dl-integrity-verify (Download & Verify) by Jamie Scaife (jamieweb.net) created 2019-05-26 23:00
gnupg="gpg2"
#Check GnuPG 2.x/GnuPG 1.x availability
if (command -v gpg2 > /dev/null); then
gnupg="gpg2"
echo "Using GnuPG 2.x."
elif (command -v gpg > /dev/null); then
gnupg="gpg"
echo "Using GnuPG 1.x."
else
echo "GnuPG 2.x or GnuPG 1.x are not installed. Please install 'gpg2' (preferred) or 'gpg'. Exiting..."
exit
fi
#Check Whiptail/Dialog availability
if (command -v whiptail > /dev/null); then
menu="whiptail"
elif (command -v dialog > /dev/null); then
menu="dialog"
echo "Using Dialog, as Whiptail doesn't appear to be installed."
else
echo "Whiptail or Dialog are not installed. Please install 'whiptail' (preferred) or 'dialog'. Exiting..."
exit
fi
while [[ $# -gt 0 ]]; do
argument="$1"
......@@ -28,16 +49,6 @@ while [[ $# -gt 0 ]]; do
esac
done
if (command -v whiptail > /dev/null); then
menu="whiptail"
elif (command -v dialog > /dev/null); then
menu="dialog"
echo "Using Dialog, as Whiptail doesn't appear to be installed."
else
echo "Whiptail/Dialog is not installed. Please install Whiptail (preferred) or Dialog. Exiting..."
exit
fi
log () {
if [ "$1" == "noout" ]; then
cat - >> "$log_file"
......@@ -69,15 +80,15 @@ confirm_choice () {
fi
}
verify_origin () {
echo -e "\nVerifying download origin: '${dl_site//./[.]}'" | log
verify_site () {
echo -e "\nVerifying download site: '${dl_site//./[.]}'" | log
dl_site_sha256_actual=$(sha256sum <<< "$dl_site" | head -c 64)
echo "Expected hash: $dl_site_sha256_expected" | log
echo "Actual hash: $dl_site_sha256_actual" | log
if [ "$dl_site_sha256_expected" == "$dl_site_sha256_actual" ]; then
echo -e "Download origin check: OK\n" | log
echo -e "Download site check: OK\n" | log
else
echo "Download origin check FAILED. Exiting..." | log
echo "Download site check FAILED. Exiting..." | log
exit
fi
}
......@@ -107,7 +118,7 @@ check_clobber () {
download () {
source "sites/$dl_site_name"
verify_origin
verify_site
echo "Downloading files..." | log
for file in "${dl_files[@]}"; do
echo "Downloading '$file'..." | log
......@@ -184,13 +195,13 @@ hash_verify () { # <algo> <file> <directory>
choice=$("$menu" --clear --title "Download & Verify" --menu "Select a package:" 13 55 5 \
"Ubuntu 18.04 LTS" " (ISO)" \
"Xubuntu 18.04 LTS" " (ISO)" \
"Kali Linux" " (ISO)" \
"Kali Linux 2019.2" " (ISO)" \
"Cygwin" " (EXE)" \
"KeePassXC" " (MSI)" \
"Nmap" " (EXE)" \
"Notepad++" " (EXE)" \
"VirtualBox" " (EXE)" \
"Wireshark" " (EXE)" 3>&2 2>&1 1>&3)
"KeePassXC 2.4.3" " (MSI)" \
"Nmap 7.70" " (EXE)" \
"Notepad++ 7.7" " (EXE)" \
"VirtualBox 6.0.8" " (EXE)" \
"Wireshark 3.0.2" " (EXE)" 3>&2 2>&1 1>&3)
#Confirm choice
confirm_choice "$choice"
......@@ -207,7 +218,81 @@ case "$choice" in
;;
"Xubuntu 18.04 LTS")
echo xubuntu
file_name="xubuntu-18.04.2-desktop-amd64.iso"
dl_site_name="ubuntu-cdimages"
dl_site_sha256_expected="f8a490304bd43649c91c700f2272c356db952fa1326e4cff51368951efeaf521"
dl_path="xubuntu/releases/18.04.2/release"
dl_files=("$file_name" "SHA256SUMS" "SHA256SUMS.gpg" "SHA1SUMS" "SHA1SUMS.gpg" "MD5SUMS" "MD5SUMS.gpg")
verif_method="gpg_signed_hashes_sha256_sha1_md5"
;;
"Kali Linux 2019.2")
file_name="kali-linux-2019.2-amd64.iso"
dl_site_name="kali-cdimage"
dl_site_sha256_expected="1a6f0fdebd881aa60ece5076a99349e2e8f5bbf2735d77dc7ae2442979da7f80"
dl_path="kali-2019.2"
dl_files=("$file_name" "SHA256SUMS" "SHA256SUMS.gpg" "SHA1SUMS" "SHA1SUMS.gpg")
verif_method="gpg_signed_hashes_sha256_sha1"
;;
"Cygwin")
file_name="setup-x86_64.exe"
sig_name="setup-x86_64.exe.sig"
dl_site_name="cygwin"
dl_site_sha256_expected="beba6f771796df99e487f70dd307f254b050d1b9923a4bfa1c7bf0ba8c7a21cd"
dl_path=""
dl_files=("$file_name" "$sig_name")
verif_method="gpg_signed_direct"
;;
"KeePassXC 2.4.3")
file_name="KeePassXC-2.4.3-Win64.msi"
sig_name="KeePassXC-2.4.3-Win64.msi.sig"
dl_site_name="github-keepassxreboot"
dl_site_sha256_expected="9a2bc7b6290f8bb569cc510cf56b8b847e102cf8f4d8b8f09127785a7b36b9a5"
dl_path="2.4.3"
dl_files=("$file_name" "$sig_name")
verif_method="gpg_signed_direct"
;;
"Nmap 7.70")
file_name="nmap-7.70-setup.exe"
sig_name="sigs/nmap-7.70-setup.exe.asc"
dl_site_name="nmap-dist"
dl_site_sha256_expected="506d1efe9a49d17dd9d73613bc4e2d305e9f8b1ad55caeca78d926a4a637d832"
dl_path=""
dl_files=("$file_name" "$sig_name")
verif_method="gpg_signed_direct"
;;
"Notepad++ 7.7")
file_name="npp.7.7.Installer.x64.exe"
sig_name="npp.7.7.Installer.x64.exe.sig"
dl_site_name="npp-repository"
dl_site_sha256_expected="bb38a037264882fa19a0830a9857bd6c3a07868f7aff07d3782e1278057fa7f7"
dl_path="7.x"
dl_files=("$file_name" "$sig_name")
verif_method="gpg_signed_direct"
;;
"VirtualBox 6.0.8")
file_name="VirtualBox-6.0.8-130520-Win.exe"
dl_site_name="virtualbox-downloads"
dl_site_sha256_expected="30da57bc00cfef94e80ed860c19cd0f0898193742d3c68f3616073dbb9314f38"
dl_path="6.0.8"
dl_files=("$file_name" SHA256SUMS MD5SUMS)
verif_method="hashed_direct_sha256_md5"
security_warning="VirtualBox doesn't provide GPG signed releases, so a network or site-level attacker could bypass this integrity verification. Also check the Authenticode signing for extra assurance."
;;
"Wireshark 3.0.2")
file_name="win64/Wireshark-win64-3.0.2.exe"
sig_name="SIGNATURES-3.0.2.txt"
dl_site_name="wireshark-downloads"
dl_site_sha256_expected="9d5e133d874e70434799b0fcd2e27f636226e1c247ad152ccd16f29825c39aec"
dl_path=""
dl_files=("$file_name" "$sig_name")
verif_method="wireshark_gpg_signed_message_with_hashes_sha256_sha1_md5"
;;
*)
......@@ -227,6 +312,7 @@ fi
printf "\n" | log
#Select and perform the relevant verification method
#Could just call function names from variable here, but using a case statement to help prevent arbitrary function name calling, and for future expansion
case "$verif_method" in
"gpg_signed_hashes_sha256_sha1_md5") #Ubuntu ISOs
gpg_signed_hashes_sha256_sha1_md5
......@@ -240,8 +326,20 @@ case "$verif_method" in
gpg_signed_direct
;;
"hashed_direct_sha256_md5")
hashed_direct_sha256_md5
;;
"wireshark_gpg_signed_message_with_hashes_sha256_sha1_md5")
wireshark_gpg_signed_message_with_hashes_sha256_sha1_md5
;;
*)
echo "Script error - invalid verification method. Exiting..." | log
exit
;;
esac
if [ -z "$security_warning" ]; then
echo -e "\nSECURITY WARNING: $security_warning" | log
fi
dl_site="https://cygwin.com/"
dl_site="https://github.com/keepassxreboot/keepassxc/releases/download/"
dl_site="https://cdimage.kali.org/"
dl_site="https://nmap.org/dist/"
dl_site="https://notepad-plus-plus.org/repository/"
dl_site="http://cdimages.ubuntu.com/"
dl_origin="http://releases.ubuntu.com/"
dl_site="http://releases.ubuntu.com/"
dl_site="https://download.virtualbox.org/virtualbox/"
dl_site="https://www.wireshark.org/download/"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment