I have been doing versions of this setup repeatedly over years. If I was smarter I would have written this down years ago. These steps are for Ubuntu 24.04; they should work with minimal modification for other Debian-based systems.
I’m now going to peel some grapes and make good use of all the time I just saved my future self.
I also saved a copy of these instructions on Github.
Update the install
sudo apt update
sudo apt upgrade
Install pw manager, import passwords
The process for doing this will vary based on the password manager you use. Depending on your use case, I recommend 1Password or KeepassXC.
Install curl
sudo apt install curl
Install Mullvad VPN
https://mullvad.net/en/download/vpn/linux
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
sudo apt update
sudo apt install mullvad-vpn
Install Gnome Tweaks
sudo apt update && sudo apt install gnome-tweaks -y
Play fun things
sudo apt install ubuntu-restricted-extras
Install VLC via the App store
Like it says.
Install Flatpak
Some things require this; get it in place ahead of time.
sudo apt install flatpak
sudo apt install gnome-software-plugin-flatpak
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
Create ssh keys
ssh-keygen -t ed25519 -C "foo@bar.com"
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
Verify Python is installed, and add some additional tools
python3 -V
sudo apt install -y build-essential libssl-dev libffi-dev python3-dev
sudo apt install -y python3-pip
sudo apt install -y python3-venv
Verify if git is installed; install it if needed
git --version
sudo apt install git
git config --global user.name "your name"
git config --global user.email "your_email"
Install SublimeText
https://www.sublimetext.com/docs/linux_repositories.html
wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/sublimehq-archive.gpg > /dev/null
echo "deb https://download.sublimetext.com/ apt/stable/" | sudo tee /etc/apt/sources.list.d/sublime-text.list
sudo apt-get update
sudo apt-get install sublime-text
Buy a license for Sublime. It’s awesome, pay them.
Install gdebi (for easier install of .deb packages)
sudo apt install gdebi
Install Obsidian
I downloaded the deb package from https://obsidian.md/download – I have found the deb package to be more reliable, but ymmv.
Once you have the deb file downloaded, cd to where it was downloaded and install it using gdebi. For me, this was:
cd ~/Downloads
sudo gdebi obsidian_1.6.3_amd64.deb
Install Node
Node can be installed in a few different ways. I prefer using Node Version Manager (NVM) to manage and install Node.
Get latest version from https://github.com/nvm-sh/nvm?tab=readme-ov-file#installing-and-updating
These install instructions contain the two shell commands needed to install NVM.
Once you have installed NVM, enable it by running:
source ~/.bashrc
Then, install the LTS version of node:
nvm install --lts
If a specific application needs a different version, you can install it using NVM.
Install Java
Like Node, Java can be installed in a few different ways from different sources. I use the guide here to take the sting out of the decision making and review process: https://github.com/whichjdk/whichjdk.com
Based on the guidance from WhichJDK, I used the Adoptium Eclipse Temurin v21 LTS version of Java. Seriously, it gets me tired just writing this name out; the Java world is way more convoluted than it needs to be. Thanks, Oracle.
The instructions to install Eclipse Temurin are available here: https://adoptium.net/installation/linux/
Verify that some packages required for install are in place:
sudo apt install -y wget apt-transport-https gpg
I used a slightly different command than what’s listed on the install instuctions. Specifically, I added “sudo” to the tee commands in the next two install steps. Without this addition, the steps failed with a permissions issue because only the initial command (and not the subsequent piped commands) ran as sudo.
sudo wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/adoptium.gpg > /dev/null
sudo echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | sudo tee /etc/apt/sources.list.d/adoptium.list
sudo apt update
sudo apt install temurin-21-jdk
Install OWASP ZAP
From https://www.zaproxy.org/download/ download the Linux Installer. This should download a file named “ZAP_[VERSION_NUMBER]_unix.sh” – at the time of this writing, ZAP is on version 2.15.0, so the Linux Installer is named ZAP_2_15_0_unix.sh
In a terminal, navigate to ~/Downloads and make the install script executable:
chmod +x ./ZAP_2_15_0_unix.sh
Then, run the install script.
sudo ./ZAP_2_15_0_unix.sh
Install nmap
sudo apt install nmap
Nmap needs to run as root; this requirement can be sidestepped by allowing nmap to be run using the –privileged flag. To enable use of the –privileged flag:
sudo apt install libcap2-bin
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap)
Install Wireshark
sudo add-apt-repository ppa:wireshark-dev/stable
sudo apt update
sudo apt install wireshark
Select “Yes” to allow non-superusers to capture packets. To complete the configuration steps that allow non-superusers to use Wireshark to capture network traffic, add the current user to the “wireshark” group.
sudo usermod -aG wireshark $(whoami)
Tshark is a command line version of wireshark I use in some cases; check if it is installed by:
which tshark
If this does not return anything, install tshark:
sudo apt install tshark
Then, shut down and restart your system to have the permissions created during the Wireshark and tshark install take effect.
When you reboot your system, verify that tshark is working by entering:
tshark -D
This will show all the network interfaces you can use to capture traffic.
Install Docker
Verify/install some required dependencies:
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Add current user to the “docker” group. This is generally okay assuming that Docker is being installed on a laptop/computer that is only used by one trusted person. For more info see here: https://docs.docker.com/engine/security/#docker-daemon-attack-surface
sudo usermod -aG docker $USER
Shut down and restart the computer.
Verify the version of docker:
docker --version
Verify that Docker is running:
systemctl status docker
(hit Shift-q to exit)
Test the Docker install:
docker run hello-world
https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository
https://docs.docker.com/engine/install/linux-postinstall/
Run MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF
https://mobsf.github.io/docs/#/
docker pull opensecurity/mobile-security-framework-mobsf:latest
docker run -it --rm \
-p 8000:8000 \
opensecurity/mobile-security-framework-mobsf:latest
GIMP
sudo apt install gimp
VirtualBox
Install Base VirtualBox and the Extension Pack
sudo apt update
wget -O- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --dearmor --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] http://download.virtualbox.org/virtualbox/debian $(. /etc/os-release && echo "$VERSION_CODENAME") contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
sudo apt install virtualbox-7.0
If you have secure boot enabled, walk through the steps displayed onscreen.
Add the current user to the ‘vboxusers’ group.
sudo usermod -a -G vboxusers $USER
Then, reboot your system. If you have Secure Boot enabled, you will need to enter your secure boot passcode (created while installing VirtualBox) during the login process.
Download the Extension Pack from https://www.virtualbox.org/wiki/Downloads
Start Virtual Box; add the Extension pack (Extension –> Install, or Ctrl-Shift-I)
Google Earth
sudo wget -qO - https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor | sudo tee /etc/apt/keyrings/google-earth.gpg >/dev/null
sudo sh -c 'echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google-earth.gpg] https://dl.google.com/linux/earth/deb/ stable main" > /etc/apt/sources.list.d/google-earth.list'
sudo apt update
sudo apt install google-earth-pro-stable