diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 1032af84..e1b7032a 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -1,10 +1,196 @@ #!/bin/bash # T-Pot Universal Installer -############# -# Got root? # -############# +################## +# I. Global vars # +################## +myBACKTITLE="T-Pot-Installer" +myCONF_FILE="/root/installer/iso.conf" +myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" +mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org" +myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" +myLSB_STABLE_SUPPORTED="stretch" +myLSB_TESTING_SUPPORTED="sid" +myREMOTESITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org" +myPREINSTALLPACKAGES="apache2-utils curl dialog grc figlet libcrack2 libpq-dev lsb-release software-properties-common toilet" +myINSTALLPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" +myINFO="\ +######################################## +### T-Pot Installer for Debian (Sid) ### +######################################## + +Disclaimer: +This script will install T-Pot on this system. +By running the script you know what you are doing: +1. SSH will be reconfigured to tcp/64295. +2. Your Debian installation will be upgraded to Sid / unstable. +3. Please ensure other means of access to this system in case something goes wrong. +4. At best this script will be executed on the console instead through a SSH session. + +######################################## + +Usage: + $0 --help - Help. + +Example: + $0 --type=user - Best option for most users." +myNETWORK_INTERFACES=" +wpa-driver wired +wpa-conf /etc/wpa_supplicant/wired8021x.conf + +### Example wireless config for 802.1x +### This configuration was tested with the IntelNUC series +### If problems occur you can try and change wpa-driver to \"iwlwifi\" +### Do not forget to enter a ssid in /etc/wpa_supplicant/wireless8021x.conf +### The Intel NUC uses wlpXsY notation instead of wlanX +# +#auto wlp2s0 +#iface wlp2s0 inet dhcp +# wpa-driver wext +# wpa-conf /etc/wpa_supplicant/wireless8021x.conf +" +myNETWORK_WIRED8021x="ctrl_interface=/var/run/wpa_supplicant +ctrl_interface_group=root +eapol_version=1 +ap_scan=1 +network={ + key_mgmt=IEEE8021X + eap=TLS + identity=\"host/$myCONF_PFX_HOST_ID\" + private_key=\"/etc/wpa_supplicant/8021x.pfx\" + private_key_passwd=\"$myCONF_PFX_PW\" +} +" +myNETWORK_WLAN8021x="ctrl_interface=/var/run/wpa_supplicant +ctrl_interface_group=root +eapol_version=1 +ap_scan=1 +network={ + ssid=\"\" + key_mgmt=WPA-EAP + pairwise=CCMP + group=CCMP + eap=TLS + identity=\"host/$myCONF_PFX_HOST_ID\" + private_key=\"/etc/wpa_supplicant/8021x.pfx\" + private_key_passwd=\"$myCONF_PFX_PW\" +} +" +myNETWORK_WLANEXAMPLE=" +### Example static ip config +### Replace with the name of your physical interface name +# +#auto eth0 +#iface eth0 inet static +# address 192.168.1.1 +# netmask 255.255.255.0 +# network 192.168.1.0 +# broadcast 192.168.1.255 +# gateway 192.168.1.1 +# dns-nameservers 192.168.1.1 + +### Example wireless config without 802.1x +### This configuration was tested with the IntelNUC series +### If problems occur you can try and change wpa-driver to "iwlwifi" +# +#auto wlan0 +#iface wlan0 inet dhcp +# wpa-driver wext +# wpa-ssid +# wpa-ap-scan 1 +# wpa-proto RSN +# wpa-pairwise CCMP +# wpa-group CCMP +# wpa-key-mgmt WPA-PSK +# wpa-psk \"\" +" +myUPDATECHECK="APT::Periodic::Update-Package-Lists \"1\"; +APT::Periodic::Download-Upgradeable-Packages \"0\"; +APT::Periodic::AutocleanInterval \"7\"; +" +mySYSCTLCONF=" +# Reboot after kernel panic, check via /proc/sys/kernel/panic[_on_oops] +# Set required map count for ELK +kernel.panic = 1 +kernel.panic_on_oops = 1 +vm.max_map_count = 262144 +net.ipv6.conf.all.disable_ipv6 = 1 +net.ipv6.conf.default.disable_ipv6 = 1 +net.ipv6.conf.lo.disable_ipv6 = 1 +" +myFAIL2BANCONF="[DEFAULT] +ignore-ip = 127.0.0.1/8 +bantime = 3600 +findtime = 600 +maxretry = 5 + +[nginx-http-auth] +enabled = true +filter = nginx-http-auth +port = 64297 +logpath = /data/nginx/log/error.log + +[pam-generic] +enabled = true +port = 64294 +filter = pam-generic +logpath = /var/log/auth.log + +[sshd] +enabled = true +port = 64295 +filter = sshd +logpath = /var/log/auth.log +" +mySYSTEMDFIX="[Link] +NamePolicy=kernel database onboard slot path +MACAddressPolicy=none +" +myCRONJOBS=" +# Check if updated images are available and download them +27 1 * * * root docker-compose -f /opt/tpot/etc/tpot.yml pull + +# Delete elasticsearch logstash indices older than 90 days +27 4 * * * root curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml + +# Uploaded binaries are not supposed to be downloaded +*/1 * * * * root mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/ + +# Daily reboot +27 3 * * * root systemctl stop tpot && docker stop \$(docker ps -aq) || docker rm \$(docker ps -aq) || reboot + +# Check for updated packages every sunday, upgrade and reboot +27 16 * * 0 root apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot +" +myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' +myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' +myROOTCOLORS="export LS_OPTIONS='--color=auto' +eval \"\`dircolors\`\" +alias ls='ls \$LS_OPTIONS' +alias ll='ls \$LS_OPTIONS -l' +alias l='ls \$LS_OPTIONS -lA'" + + +################# +# II. Functions # +################# + +# Create banners +function fuBANNER { + toilet -f ivrit "$1" +} + +# Create funny words for hostnames +function fuRANDOMWORD { + local myWORDFILE="$1" + local myLINES=$(cat $myWORDFILE | wc -l) + local myRANDOM=$((RANDOM % $myLINES)) + local myNUM=$((myRANDOM * myRANDOM % $myLINES + 1)) + echo -n $(sed -n "$myNUM p" $myWORDFILE | tr -d \' | tr A-Z a-z) +} + +# Do we have root? function fuGOT_ROOT { echo echo -n "### Checking for root: " @@ -18,15 +204,17 @@ if [ "$(whoami)" != "root" ]; echo "[ OK ]" fi } -fuGOT_ROOT - -############################################ -# Check for instaler package requirements. # -# If not present ask for installation # -############################################ +# Check for pre-installer package requirements. +# If not present install them function fuCHECKPACKAGES { - echo + export DEBIAN_FRONTEND=noninteractive + # Point to Debian (Sid, unstable) + tee /etc/apt/sources.list <&1>/dev/null if [ $? -ne 0 ]; then - dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nInternet connection test failed. This might indicate some problems with your connection. You can continue, but the installation might fail." 10 50 + dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nAvailability check failed. You can continue, but the installation might fail." 10 50 if [ $? = 1 ]; then dialog --keep-window --backtitle "$myBACKTITLE" --title "[ Abort ]" --msgbox "\nInstallation aborted. Exiting the installer." 7 50 @@ -77,39 +261,71 @@ function fuCHECKNET { fi; fi; let j+=1 - echo $(expr 100 \* $j / $mySITESCOUNT) | dialog --keep-window --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" --gauge "\n Now checking: $i\n" 8 80 + echo $(expr 100 \* $j / $mySITESCOUNT) | dialog --keep-window --title "[ Availability check ]" --backtitle "$myBACKTITLE" --gauge "\n Now checking: $i\n" 8 80 done; } -fuCHECKNET "https://hub.docker.com https://github.com https://pypi.python.org https://debian.org" -################################## -# Extract command line arguments # -################################## +# Install T-Pot dependencies +function fuGET_DEPS { +export DEBIAN_FRONTEND=noninteractive +echo +echo "### Upgrading packages." +echo +# Downlaod and upgrade packages, but silently keep existing configs +echo "docker.io docker.io/restart boolean true" | debconf-set-selections -v +echo "debconf debconf/frontend select noninteractive" | debconf-set-selections -v +apt-get -y dist-upgrade -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes +echo +echo "### Installing T-Pot dependencies." +echo +apt-get -y install $myINSTALLPACKAGES +# Remove exim4 +apt-get -y purge exim4-base +apt-get -y autoremove +} -# Check for Debian release +# Check for other services +function fuCHECK_PORTS { +if [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; + then + echo + echo "### Checking for active services." + echo + grc netstat -tulpen + echo + echo "### Please review your running services." + echo "### We will take care of SSH (22), but other services i.e. FTP (21), TELNET (23), SMTP (25), HTTP (80), HTTPS (443), etc." + echo "### might collide with T-Pot's honeypots and prevent T-Pot from starting successfully." + echo + while [ 1 != 2 ] + do + read -s -n 1 -p "Continue [y/n]? " mySELECT + echo + case "$mySELECT" in + [y,Y]) + break + ;; + [n,N]) + exit + ;; + esac + done +fi +} + +############################ +# III. Pre-Installer phase # +############################ +fuGOT_ROOT +fuCHECKPACKAGES "$myPREINSTALLPACKAGES" +fuCHECKNET "$myREMOTESITES" + +##################################### +# IV. Prepare installer environment # +##################################### + +# Check for Debian release and extract command line arguments myLSB=$(lsb_release -c | awk '{ print $2 }') -myLSB_STABLE_SUPPORTED="stretch" -myLSB_TESTING_SUPPORTED="sid" -myINFO="\ -########################################### -### T-Pot Installer for Debian unstable ### -########################################### - -Disclaimer: -This script will install T-Pot on this system, by running the script you know what you are doing: -1. SSH will be reconfigured to tcp/64295 -2. Some packages will be installed, some will be upgraded -3. Please ensure other means of access to this system in case something goes wrong. -4. At best this script well be executed on the console instead through a SSH session. - -########################################## - -Usage: - $0 --help - Help. - -Example: - $0 --type=user - Best option for most users." - if [ "$myLSB" != "$myLSB_STABLE_SUPPORTED" ] && [ "$myLSB" != "$myLSB_TESTING_SUPPORTED" ]; then echo "Aborting. Debian $myLSB is not supported." @@ -160,11 +376,7 @@ for i in "$@" esac done - -################################################### -# Validate command line arguments and load config # -################################################### - +# Validate command line arguments and load config # If a valid config file exists, set deployment type to "auto" and load the configuration if [ "$myTPOT_DEPLOYMENT_TYPE" == "auto" ] && [ "$myTPOT_CONF_FILE" == "" ]; then @@ -187,108 +399,18 @@ if [ -s "$myTPOT_CONF_FILE" ] && [ "$myTPOT_CONF_FILE" != "" ]; exit fi - -####################### -# Prepare environment # -####################### - -# Let's check if all dependencies are met -function fuGET_DEPS { -local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker console-setup console-setup-linux curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban figlet genisoimage git glances grc haveged html2text htop iptables iw jq kbd libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip toilet unattended-upgrades unzip vim wget wireless-tools wpasupplicant" -export DEBIAN_FRONTEND=noninteractive -tee /etc/apt/sources.list < End proxy setup -#################### -# User interaction # -#################### - # Let's ask the user for install flavor if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; then @@ -456,24 +574,28 @@ if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "use fi done fi -# If flavor is SENSOR do not write credentials -if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; - then - mkdir -p /data/nginx/conf 2>&1 - htpasswd -b -c /data/nginx/conf/nginxpasswd "$myCONF_WEB_USER" "$myCONF_WEB_PW" 2>&1 | dialog --keep-window --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; -fi dialog --clear -######################## -# Installation section # -######################## +########################## +# VI. Installation phase # +########################## exec 2> >(tee "/install.err") exec > >(tee "/install.log") +fuGET_DEPS + fuBANNER "Installing ..." +# If flavor is SENSOR do not write credentials +if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; + then + fuBANNER "Webuser creds" + mkdir -p /data/nginx/conf + htpasswd -b -c /data/nginx/conf/nginxpasswd "$myCONF_WEB_USER" "$myCONF_WEB_PW" +fi + # Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway) if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ]; then @@ -498,88 +620,16 @@ if [ "$myCONF_NTP_USE" == "0" ]; fi # Let's setup 802.1x networking -myNETWORK_INTERFACES=" -wpa-driver wired -wpa-conf /etc/wpa_supplicant/wired8021x.conf - -### Example wireless config for 802.1x -### This configuration was tested with the IntelNUC series -### If problems occur you can try and change wpa-driver to \"iwlwifi\" -### Do not forget to enter a ssid in /etc/wpa_supplicant/wireless8021x.conf -### The Intel NUC uses wlpXsY notation instead of wlanX -# -#auto wlp2s0 -#iface wlp2s0 inet dhcp -# wpa-driver wext -# wpa-conf /etc/wpa_supplicant/wireless8021x.conf -" -myNETWORK_WIRED8021x="ctrl_interface=/var/run/wpa_supplicant -ctrl_interface_group=root -eapol_version=1 -ap_scan=1 -network={ - key_mgmt=IEEE8021X - eap=TLS - identity=\"host/$myCONF_PFX_HOST_ID\" - private_key=\"/etc/wpa_supplicant/8021x.pfx\" - private_key_passwd=\"$myCONF_PFX_PW\" -} -" -myNETWORK_WLAN8021x="ctrl_interface=/var/run/wpa_supplicant -ctrl_interface_group=root -eapol_version=1 -ap_scan=1 -network={ - ssid=\"\" - key_mgmt=WPA-EAP - pairwise=CCMP - group=CCMP - eap=TLS - identity=\"host/$myCONF_PFX_HOST_ID\" - private_key=\"/etc/wpa_supplicant/8021x.pfx\" - private_key_passwd=\"$myCONF_PFX_PW\" -} -" if [ "myCONF_PFX_USE" == "0" ]; then fuBANNER "Setup 802.1x" cp $myCONF_PFX_FILE /etc/wpa_supplicant/ echo "$myNETWORK_INTERFACES" | tee -a /etc/network/interfaces - echo "$myNETWORK_WIRED8021x" | tee /etc/wpa_supplicant/wired8021x.conf - echo "$myNETWORK_WLAN8021x" | tee /etc/wpa_supplicant/wireless8021x.conf fi # Let's provide a wireless example config ... -myNETWORK_WLANEXAMPLE=" -### Example static ip config -### Replace with the name of your physical interface name -# -#auto eth0 -#iface eth0 inet static -# address 192.168.1.1 -# netmask 255.255.255.0 -# network 192.168.1.0 -# broadcast 192.168.1.255 -# gateway 192.168.1.1 -# dns-nameservers 192.168.1.1 - -### Example wireless config without 802.1x -### This configuration was tested with the IntelNUC series -### If problems occur you can try and change wpa-driver to "iwlwifi" -# -#auto wlan0 -#iface wlan0 inet dhcp -# wpa-driver wext -# wpa-ssid -# wpa-ap-scan 1 -# wpa-proto RSN -# wpa-pairwise CCMP -# wpa-group CCMP -# wpa-key-mgmt WPA-PSK -# wpa-psk \"\" -" fuBANNER "Example config" echo "$myNETWORK_WLANEXAMPLE" | tee -a /etc/network/interfaces @@ -657,80 +707,22 @@ fuBANNER "Pull images" fuPULLIMAGES # Let's add the daily update check with a weekly clean interval -myUPDATECHECK="APT::Periodic::Update-Package-Lists \"1\"; -APT::Periodic::Download-Upgradeable-Packages \"0\"; -APT::Periodic::AutocleanInterval \"7\"; -" fuBANNER "Modify checks" echo "$myUPDATECHECK" | tee /etc/apt/apt.conf.d/10periodic # Let's make sure to reboot the system after a kernel panic -mySYSCTLCONF=" -# Reboot after kernel panic, check via /proc/sys/kernel/panic[_on_oops] -# Set required map count for ELK -kernel.panic = 1 -kernel.panic_on_oops = 1 -vm.max_map_count = 262144 -net.ipv6.conf.all.disable_ipv6 = 1 -net.ipv6.conf.default.disable_ipv6 = 1 -net.ipv6.conf.lo.disable_ipv6 = 1 -" fuBANNER "Tweak sysctl" echo "$mySYSCTLCONF" | tee -a /etc/sysctl.conf # Let's setup fail2ban config -myFAIL2BANCONF="[DEFAULT] -ignore-ip = 127.0.0.1/8 -bantime = 3600 -findtime = 600 -maxretry = 5 - -[nginx-http-auth] -enabled = true -filter = nginx-http-auth -port = 64297 -logpath = /data/nginx/log/error.log - -[pam-generic] -enabled = true -port = 64294 -filter = pam-generic -logpath = /var/log/auth.log - -[sshd] -enabled = true -port = 64295 -filter = sshd -logpath = /var/log/auth.log -" fuBANNER "Setup fail2ban" echo "$myFAIL2BANCONF" | tee /etc/fail2ban/jail.d/tpot.conf # Fix systemd error https://github.com/systemd/systemd/issues/3374 -mySYSTEMDFIX="[Link] -NamePolicy=kernel database onboard slot path -MACAddressPolicy=none -" fuBANNER "Systemd fix" echo "$mySYSTEMDFIX" | tee /etc/systemd/network/99-default.link # Let's add some cronjobs -myCRONJOBS=" -# Check if updated images are available and download them -27 1 * * * root docker-compose -f /opt/tpot/etc/tpot.yml pull - -# Delete elasticsearch logstash indices older than 90 days -27 4 * * * root curator --config /opt/tpot/etc/curator/curator.yml /opt/tpot/etc/curator/actions.yml - -# Uploaded binaries are not supposed to be downloaded -*/1 * * * * root mv --backup=numbered /data/dionaea/roots/ftp/* /data/dionaea/binaries/ - -# Daily reboot -27 3 * * * root systemctl stop tpot && docker stop \$(docker ps -aq) || docker rm \$(docker ps -aq) || reboot - -# Check for updated packages every sunday, upgrade and reboot -27 16 * * 0 root apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot -" fuBANNER "Add cronjobs" echo "$myCRONJOBS" | tee -a /etc/crontab @@ -738,24 +730,24 @@ echo "$myCRONJOBS" | tee -a /etc/crontab fuBANNER "Files & folders" mkdir -p /data/adbhoney/downloads /data/adbhoney/log \ /data/ciscoasa/log \ - /data/conpot/log \ + /data/conpot/log \ /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \ /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \ /data/elasticpot/log \ /data/elk/data /data/elk/log \ /data/glastopf/log /data/glastopf/db \ /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \ - /data/glutton/log \ - /data/heralding/log \ + /data/glutton/log \ + /data/heralding/log \ /data/mailoney/log \ /data/medpot/log \ - /data/nginx/log \ + /data/nginx/log \ /data/emobility/log \ /data/ews/conf \ /data/rdpy/log \ /data/spiderfoot \ /data/suricata/log /home/tsec/.ssh/ \ - /data/tanner/log /data/tanner/files \ + /data/tanner/log /data/tanner/files \ /data/p0f/log touch /data/spiderfoot/spiderfoot.db touch /data/nginx/log/error.log @@ -789,13 +781,6 @@ sed -i 's#After=.*#After=systemd-tmpfiles-setup.service console-screen.service k # Let's enable a color prompt and add /opt/tpot/bin to path fuBANNER "Setup prompt" -myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' -myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' -myROOTCOLORS="export LS_OPTIONS='--color=auto' -eval \"\`dircolors\`\" -alias ls='ls \$LS_OPTIONS' -alias ll='ls \$LS_OPTIONS -l' -alias l='ls \$LS_OPTIONS -lA'" tee -a /root/.bashrc <