egorFiNE · November 17, 2024 23:57 · bsaunder2002 · Jun 21, 2024
diff --git a/depoison.sh b/depoison.sh
 # first cleanup
 apt -y purge --auto-remove systemd-timesyncd python3-systemd lxd-installer snapd systemd-resolved multipath-tools \
  polkitd libpolkit-gobject-1-0 udisks2 open-iscsi systemd-hwe-hwdb update-notifier-common ubuntu-release-upgrader-core \
  landscape-common unattended-upgrades apport uuid-runtime apparmor \
  plymouth

 # we need network-synced time
 apt -y install chrony

 # at this point there should be no packages in "uninstalled not purged" state, but let's keep the command line here for refs
 # dpkg --purge `dpkg -l | grep ^rc | awk '{print $2}'`

 # cleanup after cleaning up
 rm -rf /lib/udev/hwdb.d /var/lib/update-notifier /var/lib/ubuntu-release-upgrader /var/log/unattended-upgrades \
  /var/lib/update-manager /etc/apparmor.d/ /var/run/dbus /var/lib/dbus /etc/xml /etc/sgml 
  /usr/lib/systemd/system-shutdown /etc/cloud

 # bring back sane resolv.conf
 # it still going to be replaced by ifupdown later on, but we want to have resolver functional for the rest of the script
 rm -f /etc/resolv.conf
 echo 'nameserver 1.1.1.1' > /etc/resolv.conf
 chattr +i /etc/resolv.conf

 # bring back ssh daemon and get rid of socket activation
 systemctl disable --now ssh.socket
 systemctl mask ssh.socket
 systemctl enable --now ssh.service

 # now disabling the systemd masterpieces
 SHIT="apt-daily-upgrade.service apt-daily.service dm-event.socket systemd-fsckd.socket \
  systemd-journal-flush.service systemd-journald-audit.socket systemd-journald-dev-log.socket \
  systemd-journald.service systemd-journald.socket \
  systemd-logind.service systemd-rfkill.socket"

 systemctl stop $SHIT
 systemctl disable $SHIT

 # it's not enough to disable and stop, they WILL reenable themselves at one point; here's why "masking" was invented
 systemctl mask $SHIT

 # won't help anyway, you'll need to run this script again after each major apt update

 # remove binary logs
 rm -rf /var/log/journal

 # Not sure if we need these:
 systemctl kill --kill-who=all apt-daily.service
 systemctl kill --kill-who=all apt-daily-upgrade.service

 # get rid of systemd timers, all of them
 for i in `systemctl list-unit-files --type=timer --all --plain --no-legend | awk '{print $1}'`
 do
  systemctl disable $i
  systemctl mask $i
 done

 # get rid of "useful" cronjobs, as in: updating motd, updating apt, rebuilding man pages, etc
 rm -v /etc/cron.*/*

 # bring back basic cron stuff that is actually needed
 echo '/usr/sbin/logrotate /etc/logrotate.conf' > /etc/cron.daily/logrotate
 echo 'fstrim -v -a' > /etc/cron.weekly/fstrim
 chmod +x /etc/cron.*/*

 # remove systemd and capabilities from pam chain
 cd /etc/pam.d
 cat common-session | grep -v systemd > tmp && mv tmp common-session
 cat common-auth | grep -v pam_cap.so > tmp && mv tmp common-auth
 cd -

 # unmerging filesystems is not possible anymore either, we'll have to eat this up
 rm -rf /*is-merged*

 echo -n "What follows next is the removal of netplan and reinstall of ifupdown. ^C here if you are not sure"
 read

 # remove netplan and install ifupdown
 apt -y purge --auto-remove netplan.io netplan-generator python3-netplan libnetplan1 networkd-dispatcher
 apt -y install ifupdown 

 # write down basic interfaces
 cat > /etc/network/interfaces <<EOF
 auto lo
 iface lo inet loopback

 #auto enp0s1
 #iface enp0s1 inet dhcp
 EOF

 # TODO: perhaps, awk the first network interface and specify it as dhcp one in `/etc/interfaces`?
 # ifup enp0s1

 # cleanup after cleanup
 rm -rf /usr/share/netplan/netplan_cli/cli/commands /usr/lib/python3/dist-packages/netplan /etc/netplan 

 SHIT="systemd-networkd.service systemd-networkd.socket"
 # can't be disabled, so we must mask and it won't come up after reboot
 systemctl mask $SHIT

 echo "Please reboot"
	# first cleanup
	apt -y purge --auto-remove systemd-timesyncd python3-systemd lxd-installer snapd systemd-resolved multipath-tools \
	polkitd libpolkit-gobject-1-0 udisks2 open-iscsi systemd-hwe-hwdb update-notifier-common ubuntu-release-upgrader-core \
	landscape-common unattended-upgrades apport uuid-runtime apparmor \
	plymouth

	# we need network-synced time
	apt -y install chrony

	# at this point there should be no packages in "uninstalled not purged" state, but let's keep the command line here for refs
	# dpkg --purge `dpkg -l \| grep ^rc \| awk '{print $2}'`

	# cleanup after cleaning up
	rm -rf /lib/udev/hwdb.d /var/lib/update-notifier /var/lib/ubuntu-release-upgrader /var/log/unattended-upgrades \
	/var/lib/update-manager /etc/apparmor.d/ /var/run/dbus /var/lib/dbus /etc/xml /etc/sgml
	/usr/lib/systemd/system-shutdown /etc/cloud

	# bring back sane resolv.conf
	# it still going to be replaced by ifupdown later on, but we want to have resolver functional for the rest of the script
	rm -f /etc/resolv.conf
	echo 'nameserver 1.1.1.1' > /etc/resolv.conf
	chattr +i /etc/resolv.conf

	# bring back ssh daemon and get rid of socket activation
	systemctl disable --now ssh.socket
	systemctl mask ssh.socket
	systemctl enable --now ssh.service

	# now disabling the systemd masterpieces
	SHIT="apt-daily-upgrade.service apt-daily.service dm-event.socket systemd-fsckd.socket \
	systemd-journal-flush.service systemd-journald-audit.socket systemd-journald-dev-log.socket \
	systemd-journald.service systemd-journald.socket \
	systemd-logind.service systemd-rfkill.socket"

	systemctl stop $SHIT
	systemctl disable $SHIT

	# it's not enough to disable and stop, they WILL reenable themselves at one point; here's why "masking" was invented
	systemctl mask $SHIT

	# won't help anyway, you'll need to run this script again after each major apt update

	# remove binary logs
	rm -rf /var/log/journal

	# Not sure if we need these:
	systemctl kill --kill-who=all apt-daily.service
	systemctl kill --kill-who=all apt-daily-upgrade.service

	# get rid of systemd timers, all of them
	for i in `systemctl list-unit-files --type=timer --all --plain --no-legend \| awk '{print $1}'`
	do
	systemctl disable $i
	systemctl mask $i
	done

	# get rid of "useful" cronjobs, as in: updating motd, updating apt, rebuilding man pages, etc
	rm -v /etc/cron./

	# bring back basic cron stuff that is actually needed
	echo '/usr/sbin/logrotate /etc/logrotate.conf' > /etc/cron.daily/logrotate
	echo 'fstrim -v -a' > /etc/cron.weekly/fstrim
	chmod +x /etc/cron./

	# remove systemd and capabilities from pam chain
	cd /etc/pam.d
	cat common-session \| grep -v systemd > tmp && mv tmp common-session
	cat common-auth \| grep -v pam_cap.so > tmp && mv tmp common-auth
	cd -

	# unmerging filesystems is not possible anymore either, we'll have to eat this up
	rm -rf /is-merged

	echo -n "What follows next is the removal of netplan and reinstall of ifupdown. ^C here if you are not sure"
	read

	# remove netplan and install ifupdown
	apt -y purge --auto-remove netplan.io netplan-generator python3-netplan libnetplan1 networkd-dispatcher
	apt -y install ifupdown

	# write down basic interfaces
	cat > /etc/network/interfaces <<EOF
	auto lo
	iface lo inet loopback

	#auto enp0s1
	#iface enp0s1 inet dhcp
	EOF

	# TODO: perhaps, awk the first network interface and specify it as dhcp one in `/etc/interfaces`?
	# ifup enp0s1

	# cleanup after cleanup
	rm -rf /usr/share/netplan/netplan_cli/cli/commands /usr/lib/python3/dist-packages/netplan /etc/netplan

	SHIT="systemd-networkd.service systemd-networkd.socket"
	# can't be disabled, so we must mask and it won't come up after reboot
	systemctl mask $SHIT

	echo "Please reboot"