-
Notifications
You must be signed in to change notification settings - Fork 889
/
setup_wargame.sh
471 lines (406 loc) · 15.9 KB
/
setup_wargame.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
#!/bin/bash
#########################################
# Pre-install checks
#########################################
# Warn the user about running this on their host machine
# (because it makes various invasive settings-changes, and runs a ton of vulnerable services)
echo -e "\x1b[31;1mDON'T RUN THIS ON YOUR REAL COMPUTER\x1b[0m"
echo "Are you running this inside a VM? (If you don't know what that means, don't run the script.)"
read -p "(yes/no)> "
if [ "$REPLY" != 'yes' ]; then
exit
fi
if [ "$USER" != 'root' ]; then
echo "ERROR: Script must be run using root!"
exit
fi
echo -e "\x1b[32;1mProceeding with the installation.\x1b[0m"
#########################################
# Per-Machine Install Variables
#########################################
# change these things
export PUBKEY=""
export REALUSER='gameadmin'
export HOSTNAME='warzone'
export LEVELS_DIR='/levels'
export SKEL_DIR='/etc/skel'
export SKEL_LINK_DIR='/etc/cfg'
export TOOLS_DIR='/tools'
export TOOLOWNER='toolman'
# leave as is
export VIMRC=$(echo $SKEL_LINK_DIR/.vimrc)
export SCREENRC=$(echo $SKEL_LINK_DIR/.screenrc)
export BASHRC=$(echo $SKEL_LINK_DIR/.bashrc)
export PROFILE=$(echo $SKEL_LINK_DIR/.profile)
export GDBINIT=$(echo $SKEL_LINK_DIR/.gdbinit)
export R2CONF=$(echo $SKEL_LINK_DIR/.radare2rc)
#########################################
# Basic Setup
#########################################
# hush login motd
touch .hushlogin
# update and apt-get a ton of stuff
apt-get update
apt-get -y upgrade
apt-get -y install unattended-upgrades htop fonts-inconsolata git gdb gcc gcc-multilib g++ g++-multilib git ltrace linux-source openssh-server python-pip ipython python-dev vim guile-2.0 unzip socat libncurses5-dev texinfo
sudo dpkg-reconfigure -plow unattended-upgrades
# Create main user
useradd -m -s /bin/bash $REALUSER
adduser $REALUSER sudo
# install ssh key
HOME_DIR=$(eval echo ~$REALUSER)
sudo -u $REALUSER mkdir $HOME_DIR/.ssh
chmod 700 $HOME_DIR/.ssh
sudo -u $REALUSER echo $PUBKEY > $HOME_DIR/.ssh/authorized_keys
chmod 600 $HOME_DIR/.ssh/authorized_keys
chown $REALUSER:$REALUSER $HOME_DIR/.ssh/authorized_keys
restart ssh
# set perms
chmod 0700 $HOME_DIR
# set hostname
old_hostname=$(cat /etc/hostname)
hostname "$HOSTNAME"
cat /etc/hosts | sed s/"$old_hostname"/"$HOSTNAME"/ > /tmp/newhosts
mv /tmp/newhosts /etc/hosts
echo "$HOSTNAME" > /etc/hostname
#########################################
# Configure Wargame Environment
#########################################
# hardening / wargamification
# restricting access mostly means make root accessible only, chmod 700 or s/t
chmod 700 `which dmesg`
chmod 700 `which fuser`
chmod 700 `which htop`
chmod 700 `which kill`
chmod 700 `which killall`
chmod 700 `which lsof`
chmod 700 `which pgrep`
chmod 700 `which pkill`
chmod 700 `which ps`
chmod 700 `which screen`
chmod 700 `which su`
chmod 700 `which tmux`
chmod 700 `which top`
chmod 700 `which ulimit`
chmod 700 `which users`
chmod 700 `which w`
chmod 700 `which wall`
chmod 700 `which who`
chmod 700 `which write`
# restrict access to /proc/maps/
sed -i 's/^exit 0$//' /etc/rc.local
echo -e 'mount -o remount,hidepid=2 /proc\n' >> /etc/rc.local
mount -o remount,hidepid=2 /proc
chmod 551 /proc
# make /tmp be not world readable, have sticky bits
chmod 1773 /tmp
# disable ssh'ing ? (not sure if possible, but these make it harder)
iptables -A OUTPUT -p tcp --dport 22 -j DROP
chmod 700 `which ssh`
# disable aslr
echo 0 | tee /proc/sys/kernel/randomize_va_space
echo 'kernel.randomize_va_space = 0' > /etc/sysctl.d/01-disable-aslr.conf
# resource management, stop forkbombs and filling the server (nproclimit)
# make group for wargame users
groupadd gameuser
echo -e '@gameuser\thard\tnproc\t500' >> /etc/security/limits.conf
echo -e '@gameuser\t-\tpriority\t15' >> /etc/security/limits.conf
# on-login banner
chmod -x /etc/update-motd.d/*
echo -e '#!/bin/sh\ncat /etc/banner' > /etc/update-motd.d/00-banner
chmod +x /etc/update-motd.d/00-banner
echo 'G1swOzMxbSAgICAgICAgX19fX19fX19fX19fX19fX19fX18uX19fICBfX19fX19fX19fX19fX19f
X19fX19fX19fX19fXyAgICAgICAgICAgICAgICANCiAgICAgICAgXF9fX19fXyAgIFxfX19fX18g
ICBcICAgfC8gICBfX19fXy9cXyAgIF9fX19fL1xfICAgX19fIFwgICAgICAgICAgICAgICANCiAg
ICAgICAgIHwgICAgICAgXy98ICAgICBfX18vICAgfFxfX19fXyAgXCAgfCAgICBfXylfIC8gICAg
XCAgXC8gICAgICAgICAgICAgICANCiAgICAgICAgIHwgICAgfCAgIFx8ICAgIHwgICB8ICAgfC8g
ICAgICAgIFwgfCAgICAgICAgXFwgICAgIFxfX19fICAgICAgICAgICAgICANCiAgICAgICAgIHxf
X19ffF8gIC98X19fX3wgICB8X19fL19fX19fX18gIC8vX19fX19fXyAgLyBcX19fX19fICAvICAg
ICAgICAgICAgICANCiAgICAgICAgICAgICAgICBcLyAgICAgICAgICAgICAgICAgICAgICBcLyAg
ICAgICAgIFwvICAgICAgICAgXC8gICAgICAgICAgICAgICANChtbMDszNm0gX18gICAgICBfXyAg
X19fX18gX19fX19fX19fX19fX19fX19fX19fX19fX19fXyAgICBfX19fX19fICBfX19fX19fX19f
Xw0KLyAgXCAgICAvICBcLyAgXyAgXFxfX19fX18gICBcX19fXyAgICAvXF9fX19fICBcICAgXCAg
ICAgIFwgXF8gICBfX19fXy8NClwgICBcL1wvICAgLyAgL19cICBcfCAgICAgICBfLyAvICAgICAv
ICAvICAgfCAgIFwgIC8gICB8ICAgXCB8ICAgIF9fKV8gDQogXCAgICAgICAgLyAgICB8ICAgIFwg
ICAgfCAgIFwvICAgICAvXyAvICAgIHwgICAgXC8gICAgfCAgICBcfCAgICAgICAgXA0KICBcX18v
XCAgL1xfX19ffF9fICAvX19fX3xfICAvX19fX19fXyBcXF9fX19fX18gIC9cX19fX3xfXyAgL19f
X19fX18gIC8NCiAgICAgICBcLyAgICAgICAgIFwvICAgICAgIFwvICAgICAgICBcLyAgICAgICAg
XC8gICAgICAgICBcLyAgICAgICAgXC8gDQoNChtbMG0gICAgICAgIC0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tICAgICAgICANCg0KICAgICAg
ICAgICAgICAgICAgICAgICBDaGFsbGVuZ2VzIGFyZSBpbiAvbGV2ZWxzICAgICAgICAgICAgICAg
ICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgUGFzc3dvcmRzIGFyZSBpbiAvaG9tZS9sYWIq
Ly5wYXNzICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgIFlvdSBjYW4gY3JlYXRlIGZp
bGVzIG9yIHdvcmsgZGlyZWN0b3JpZXMgaW4gL3RtcCAgICAgICAgICAgIA0KICAgICAgICAgICAg
ICAgICAgICANCiAgICAgICAgIC0tLS0tLS0tLS0tLS0tLS0tWyAbWzA7OTJtY29udGFjdEBycGlz
LmVjG1swbSBdLS0tLS0tLS0tLS0tLS0tLS0gICAgICAgICAgDQoNCg==' | base64 -d > /etc/banner
rm /etc/legal
# disable crontab
touch /etc/cron.allow
#more I'm sure
#########################################
# Install Tools
#########################################
# make tools owner
useradd -M -s /bin/false $TOOLOWNER
# make tools dir
mkdir $TOOLS_DIR
chmod 777 $TOOLS_DIR
source ./external_tools.sh
install_pip2s
install_gdb_peda
install_checksec
install_radare2
install_fixenv
install_shtest
# set perms
chown -R $TOOLOWNER:$TOOLOWNER $TOOLS_DIR/*
chmod 775 $TOOLS_DIR
#########################################
# Create Skeleton User
#########################################
# this should populate the skel folder with symlinks. That way any user we make later on the
# server will auto copy these settings, and they will be in a single location for editing.
export SKEL=$SKEL_DIR
mkdir $SKEL_LINK_DIR
# setup vim config
touch $VIMRC
(echo syntax on \
; echo set tabstop=4 softtabstop=4 shiftwidth=4 \
; echo set expandtab ai number ruler \
; echo highlight Comment ctermfg=green \
; echo set viminfo=) >> $VIMRC
echo "[+] Configured VIM!"
# setup .bashrc
cp $SKEL_DIR/.bashrc $BASHRC
(echo -e "\n# Start user config" \
; echo "export TERM=screen-256color" \
; echo "export PS1='\[\033[01;31m\]\u\[\033[00;37m\]@\[\033[01;32m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" \
; echo "export ENV='/etc/profile'" \
; echo "alias grep='grep --color=auto'" \
; echo "alias ls='ls --color=auto -l'" \
; echo "alias checksec='checksec --file'" \
; echo "alias ropgadget='ROPgadget --binary'" \
; echo "alias gdb='gdb -q'") >> $BASHRC
echo "[+] Configured bash!"
# setup .profile
cp $SKEL_DIR/.profile $PROFILE
echo "[+] Configured profile!"
# setup .gdbinit
(echo -e "\nset disassembly-flavor intel" \
; echo "set detach-on-fork off" \
; echo "set follow-fork-mode child") >> $GDBINIT
echo "[+] Configured gdb!"
# setup radare2 config
echo 'e scr.utf8 = true' > $R2CONF
mkdir -p $SKEL_LINK_DIR/.config/radare2
ln -s /dev/null $SKEL_LINK_DIR/.config/radare2/history
# make sure the admin user gets these pretty confs, too
cp $SKEL_LINK_DIR/.* /home/$REALUSER/
chown -R $REALUSER:$REALUSER $(eval echo ~$REALUSER)
# start fresh and add symlinks
rm -rf $SKEL_DIR
mkdir $SKEL_DIR
ln -s $VIMRC $SKEL_DIR/.vimrc
ln -s $BASHRC $SKEL_DIR/.bashrc
ln -s $PROFILE $SKEL_DIR/.profile
ln -s $GDBINIT $SKEL_DIR/.gdbinit
ln -s $R2CONF $SKEL_DIR/.radare2rc
ln -s $SKEL_LINK_DIR/.config $SKEL_DIR/.config
# disable bash history
ln -s /dev/null $SKEL_DIR/.bash_history
chattr -fR +i $SKEL_LINK_DIR
#########################################
# Setup wargame
#########################################
function setup_level {
if [ "$#" -ne 7 ]; then
echo "ERROR: Missing arguments"
exit
fi
# rename arguments
username=$1
next_level=$2
next_password=$3
level_subdir=$4
local level_files=("${!5}")
local level_owners=("${!6}")
local level_perms=("${!7}")
# unchattr passwd
chattr -f -i /etc/passwd
chattr -f -i /etc/shadow
# make current level user
user_home=$(eval echo ~$username)
id -u $username &> /dev/null; uexist=$?;
if [ "$uexist" -eq "1" ]; then
useradd -m -s /bin/bash -G gameuser $username
user_home=$(eval echo ~$username)
echo $username:$([ -f $user_home/.pass ] && cat $user_home/.pass \
|| echo $level_subdir"start") | chpasswd
fi
# make next level user
next_home=$(eval echo ~$next_level)
id -u $next_level &> /dev/null; uexist=$?;
if [ "$uexist" -eq "1" ]; then
useradd -m -s /bin/bash -G gameuser $next_level
next_home=$(eval echo ~$next_level)
echo $next_level:$next_password | chpasswd
echo $next_password > $next_home/.pass
chown $next_level:$next_level $next_home/.pass
chmod 0400 $next_home/.pass
fi
# make sure everything is unchattr'd
chattr -fR -i $user_home
chattr -fR -i $next_home
chattr -fR -i $LEVELS_DIR
# add the levels and perms
llen=${#level_files[@]}
for (( i=0; i<${llen}; i++ )); do
chown ${level_owners[$i]} $LEVELS_DIR/$level_subdir/${level_files[$i]}
chmod ${level_perms[$i]} $LEVELS_DIR/$level_subdir/${level_files[$i]}
done
# re-chattr levels/directories
chattr -fR +i $user_home
chattr -fR +i $next_home
chattr -fR +i $LEVELS_DIR
# re-chattr passwd
chattr -f +i /etc/passwd
chattr -f +i /etc/shadow
}
function add_simple_level {
local level_files=("$1" "$1.c")
local level_owners=("$2:$1" "$1:$1")
local level_perms=("4550" "0400")
setup_level $1 $2 $3 $4 level_files[@] level_owners[@] level_perms[@]
}
function add_socat_on_start {
# $1 = working directory
# $2 = exec cmd
# $3 = listen part
# $4 = user to run exec as
echo -e "cd $1\nsocat TCP-LISTEN:$3,reuseaddr,fork,su=$4 EXEC:\"$2\" &" >> /etc/rc.local
}
# Stick levels folder where it belongs
mkdir $LEVELS_DIR
if [ -d "./levels" ]
then
cp -R ./levels/* $LEVELS_DIR
else
echo "ERROR: ./levels not found"
exit
fi
# Add LICENSE and ACKNOWLEDGEMENTS
cp LICENSE $LEVELS_DIR/LICENSE
cp LICENSE $LEVELS_DIR/CHANGELOG
cp ACKNOWLEDGEMENTS $LEVELS_DIR/ACKNOWLEDGEMENTS
chmod 444 $LEVELS_DIR/ACKNOWLEDGEMENTS
chmod 444 $LEVELS_DIR/CHANGELOG
chmod 444 $LEVELS_DIR/LICENSE
# Add lab01
# Will throw some errors since no source file, but w/e
lab=lab1
add_simple_level $lab'C' $lab'B' 'n0_str1ngs_n0_pr0bl3m' lab01
add_simple_level $lab'B' $lab'A' '1337_3nCRyptI0n_br0' lab01
add_simple_level $lab'A' $lab'end' '1uCKy_Gue55' lab01
# Add lab02
lab=lab2
add_simple_level $lab'C' $lab'B' '1m_all_ab0ut_d4t_b33f' lab02
add_simple_level $lab'B' $lab'A' 'i_c4ll_wh4t_i_w4nt_n00b' lab02
add_simple_level $lab'A' $lab'end' 'D1d_y0u_enj0y_y0ur_cats?' lab02
# Add lab03
lab=lab3
add_simple_level $lab'C' $lab'B' 'th3r3_iz_n0_4dm1ns_0n1y_U!' lab03
add_simple_level $lab'B' $lab'A' 'wh0_n33ds_5h3ll3_wh3n_U_h4z_s4nd' lab03
add_simple_level $lab'A' $lab'end' 'sw00g1ty_sw4p_h0w_ab0ut_d3m_h0ps' lab03
# Add lab04
lab=lab4
add_simple_level $lab'C' $lab'B' 'bu7_1t_w4sn7_brUt3_f0rc34b1e!' lab04
add_simple_level $lab'B' $lab'A' 'fg3ts_d0e5n7_m4k3_y0u_1nv1nc1bl3' lab04
add_simple_level $lab'A' $lab'end' '1t_w4s_ju5t_4_w4rn1ng' lab04
# Add lab05
lab=lab5
add_simple_level $lab'C' $lab'B' 's0m3tim3s_r3t2libC_1s_3n0ugh' lab05
add_simple_level $lab'B' $lab'A' 'th4ts_th3_r0p_i_lik3_2_s33' lab05
add_simple_level $lab'A' $lab'end' 'byp4ss1ng_d3p_1s_c00l_am1rite' lab05
# Add lab06
lab=lab6
add_simple_level $lab'C' $lab'B' 'p4rti4l_0verwr1tes_r_3nuff' lab06
level_files=($lab'B' $lab'B.c' $lab'B.readme')
level_owners=($lab'A:'$lab'B' $lab'B:'$lab'B' $lab'B:'$lab'B')
level_perms=('0550' '0400' '0400')
setup_level $lab'B' $lab'A' 'strncpy_1s_n0t_s0_s4f3_l0l' lab06 level_files[@] level_owners[@] level_perms[@]
add_socat_on_start "$LEVELS_DIR/lab06" "timeout 300 $LEVELS_DIR/lab06/lab6B" 6642 $lab'A'
add_simple_level $lab'A' $lab'end' 'eye_gu3ss_0n_@ll_mah_h0m3w3rk' lab06
# Add lab07
lab=lab7
add_simple_level $lab'C' $lab'A' 'us3_4ft3r_fr33s_4re_s1ck' lab07
level_files=($lab'A' $lab'A.c' $lab'A.readme')
level_owners=($lab'end:'$lab'A' $lab'A:'$lab'A' $lab'A:'$lab'A')
level_perms=('0550' '0400' '0400')
setup_level $lab'A' $lab'end' '0verfl0wz_0n_th3_h3ap_4int_s0_bad' lab07 level_files[@] level_owners[@] level_perms[@]
add_socat_on_start "$LEVELS_DIR/lab07" "timeout 60 $LEVELS_DIR/lab07/lab7A" 7741 $lab'end'
# Add lab08
lab=lab8
add_simple_level $lab'C' $lab'B' '3v3ryth1ng_Is_@_F1l3' lab08
add_simple_level $lab'B' $lab'A' 'Th@t_w@5_my_f@v0r1t3_ch@11' lab08
level_files=($lab'A' $lab'A.c' $lab'A.readme')
level_owners=($lab'end:'$lab'A' $lab'A:'$lab'A' $lab'A:'$lab'A')
level_perms=('0550' '0400' '0400')
setup_level $lab'A' $lab'end' 'H4x0r5_d0nt_N33d_m3t4pHYS1c5' lab08 level_files[@] level_owners[@] level_perms[@]
add_socat_on_start "$LEVELS_DIR/lab08" "timeout 60 $LEVELS_DIR/lab08/lab8A" 8841 $lab'end'
# Add lab09 (cpp and networked)
lab=lab9
level_files=($lab'C' $lab'C.cpp' $lab'C.readme')
level_owners=($lab'A:'$lab'C' $lab'C:'$lab'C' $lab'C:'$lab'C')
level_perms=('0550' '0400' '0400')
setup_level $lab'C' $lab'A' '1_th0uGht_th4t_w4rn1ng_wa5_l4m3' lab09 level_files[@] level_owners[@] level_perms[@]
add_socat_on_start "$LEVELS_DIR/lab09" "timeout 60 $LEVELS_DIR/lab09/lab9C" 9943 $lab'A'
level_files=($lab'A' $lab'A.cpp' $lab'A.readme')
level_owners=($lab'end:'$lab'A' $lab'A:'$lab'A' $lab'A:'$lab'A')
level_perms=('0550' '0400' '0400')
setup_level $lab'A' $lab'end' '1_d1dNt_3v3n_n33d_4_Hilti_DD350' lab09 level_files[@] level_owners[@] level_perms[@]
add_socat_on_start "$LEVELS_DIR/lab09" "timeout 300 $LEVELS_DIR/lab09/lab9A" 9941 $lab'end'
# Add project1
lab=project1
level_files=('tw33tchainz' 'README')
level_owners=($lab'_priv:'$lab $lab':'$lab)
level_perms=('4550' '0400')
setup_level $lab $lab'_priv' 'm0_tw33ts_m0_ch4inz_n0_m0n3y' $lab level_files[@] level_owners[@] level_perms[@]
# Add project2
lab=project2
level_files=('rpisec_nuke' 'README' 'GENERAL_CROWELL.key' 'GENERAL_DOOM.key' 'GENERAL_HOTZ.key')
level_owners=($lab'_priv:'$lab $lab':'$lab $lab'_priv:'$lab $lab'_priv:'$lab $lab'_priv:'$lab)
level_perms=('0550' '0400' '0400' '0400' '0400')
setup_level $lab $lab'_priv' 'th3_pr1nt_funct10n_w4s_100_l!n3s_al0ne' $lab level_files[@] level_owners[@] level_perms[@]
add_socat_on_start "$LEVELS_DIR/project2" "timeout 300 $LEVELS_DIR/project2/rpisec_nuke" 31337 $lab'_priv'
# Add lecture examples
lecuser=lecture
lecpriv=lecture_priv
## Make users
chattr -fR -i /etc/passwd
chattr -fR -i /etc/shadow
useradd -m -s /bin/bash -G gameuser $lecuser
echo $lecuser':'$lecuser | chpasswd
useradd -m -s /bin/bash -G gameuser $lecpriv
passwd -l $lecpriv
chattr -fR +i $(eval echo ~$lecuser)
chattr -fR +i $(eval echo ~$lecpriv)
chattr -fR +i /etc/passwd
chattr -fR +i /etc/shadow
## Set permissions
chattr -fR -i $LEVELS_DIR
find /levels/lecture -type f | xargs -I {} chown $lecpriv:$lecuser {} {}
find /levels/lecture -type f | xargs -I {} chmod 4550 {} {}
find /levels/lecture -type f -name '*.c*' | xargs -I {} chown $lecuser:$lecuser {} {}
find /levels/lecture -type f -name '*.c*' | xargs -I {} chmod 0400 {} {}
chattr -fR +i $LEVELS_DIR
# This needs to be here
echo 'exit 0' >> /etc/rc.local
echo '*** DONE! ***'
echo -n 'reboot now? (y/n): '
read REBOOT
if [ "$REBOOT" == 'y' ]; then
reboot
else
echo 'You must reboot for certain settings to kick in'
echo 'Please reboot soon'
fi