diff options
author | Luke Macken <lmacken@fedoraproject.org> | 2007-04-01 16:34:02 -0400 |
---|---|---|
committer | Luke Macken <lmacken@redhat.com> | 2007-04-01 16:34:02 -0400 |
commit | d061d61a22437ca7dc955359fa397205d4425457 (patch) | |
tree | c63a10a5f993cf83664cee25ad9b2fabdf35b8fb | |
parent | d0ef5826975192716e4e72a20304d4ac6424d930 (diff) | |
download | security-spin-d061d61a22437ca7dc955359fa397205d4425457.tar.gz security-spin-d061d61a22437ca7dc955359fa397205d4425457.tar.xz security-spin-d061d61a22437ca7dc955359fa397205d4425457.zip |
Use new kickstart configuration
-rwxr-xr-x | 10-fedora-livecd-base.conf | 95 | ||||
-rwxr-xr-x | 20-fedora-livecd-gnome.conf | 173 | ||||
-rwxr-xr-x | 30-fedora-livecd-security.conf | 121 | ||||
-rw-r--r-- | fedora-livecd-wallpaper.jpg | bin | 420893 -> 0 bytes | |||
-rw-r--r-- | fedora-security-livecd.ks | 206 | ||||
-rw-r--r-- | fedora-security-livecd.spec | 58 |
6 files changed, 206 insertions, 447 deletions
diff --git a/10-fedora-livecd-base.conf b/10-fedora-livecd-base.conf deleted file mode 100755 index 3e3f207..0000000 --- a/10-fedora-livecd-base.conf +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash - -# livecd configuration for Base Fedora system - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - - -case $1 in - # inquire what packages to install; prints package list on stdout - pkgadd) - echo " -bash -kernel -passwd -shadow-utils -rpm -yum -openssh-clients -rsync -tree -wget -man -rootfiles -dhclient -cpuspeed -fedora-logos -file -tree -selinux-policy -selinux-policy-targeted -grub -sudo -" - ;; - - # run configuration scripts when all packages are installed - post) - mkdir -p /etc/sysconfig - - cat <<EOF > /etc/sysconfig/clock -ZONE="America/New_York" -UTC=true -ARC=false -EOF - - cat <<EOF > /etc/sysconfig/network -NETWORKING=yes -HOSTNAME=localhost.localdomain -EOF - - cat <<EOF > /etc/resolv.conf -EOF - - cat <<EOF > /etc/hosts -# Do not remove the following line, or various programs -# that require network functionality will fail. -127.0.0.1 localhost.localdomain localhost -::1 localhost.localdomain localhost -EOF - - cat <<EOF > /etc/sysconfig/i18n -LANG="en_US.UTF-8" -EOF - - cat <<EOF > /etc/sysconfig/keyboard -KEYBOARDTYPE="pc" -KEYTABLE="us" -EOF - pwconv - passwd -d root - ;; - - # run when an livecd install is complete to clean up - install-post) - ;; - - # run when an livecd install is complete; must prints packages to remove - install-pkgrem) -echo " -fedora-livecd -" - ;; -esac diff --git a/20-fedora-livecd-gnome.conf b/20-fedora-livecd-gnome.conf deleted file mode 100755 index bfb937a..0000000 --- a/20-fedora-livecd-gnome.conf +++ /dev/null @@ -1,173 +0,0 @@ -#!/bin/bash - -# livecd configuration for Fedora GNOME - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - - -case $1 in - # inquire what packages to install; must print packages to install - pkgadd) - echo " -chkconfig -gdm -gnome-panel -nautilus -metacity -gnome-themes -redhat-artwork -gnome-power-manager -gnome-volume-manager -desktop-printing -gnome-terminal -gedit -NetworkManager-gnome -NetworkManager-vpnc -NetworkManager-openvpn -xorg-x11-drivers -yelp -eog -firefox -totem -totem-mozplugin -gnome-session -system-config-display -vim-minimal -vim-X11 -gnome-applets -compiz -gucharmap -gcalctool -file-roller -gnome-utils -gconf-editor -evince -nautilus-open-terminal -gnome-bluetooth -pirut -setroubleshoot -gnome-python2-canvas -alacarte -system-config-date -system-config-users -system-config-rootpassword -system-config-printer -yum-updatesd -ntfs-3g -ntfsprogs -alsa-utils -dejavu-lgc-fonts -" - ;; - - # run configuration scripts when all packages are installed - post) - perl -i -p -e 's/id:3:initdefault:/id:5:initdefault:/' /etc/inittab - - chkconfig --level 345 network off - chkconfig --level 345 NetworkManager on - - cat > /etc/init.d/livecd <<EOF -#!/bin/bash -# -# livecd: Init script for live cd -# -# chkconfig: 345 00 99 -# description: Init script for live cd. - -. /etc/init.d/functions - -if ! strstr "\`cat /proc/cmdline\`" livecd || [ "\$1" != "start" ] || [ -e /.livecd-configured ] ; then - exit 0 -fi - -touch /.livecd-configured - -# mount livecd -mkdir -p /mnt/livecd -mount -o ro -t iso9660 /dev/livecd /mnt/livecd - -# configure X -system-config-display --noui --reconfig --set-depth=24 - -# unmute sound card -alsaunmute 0 2> /dev/null - -# add fedora user with no passwd -useradd -c "Fedora live CD" fedora -passwd -d fedora > /dev/null -# make fedora user use GNOME (TODO: make gdm DTRT instead of this hack) -echo "gnome-session" > /home/fedora/.xsession -chmod a+x /home/fedora/.xsession -chown fedora:fedora /home/fedora/.xsession -if [ -e /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png ] ; then - cp /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png /home/fedora/.face - chown fedora:fedora /home/fedora/.face - # TODO: would be nice to get e-d-s to pick this one up too... but how? -fi - -# setup a11y if requested -# -# todo: support also: -# - high contrast scheme -# - magnifier -# - on-screen keyboard -# - keyboard modifiers -# -#if strstr "\`cat /proc/cmdline\`" a11y_screenreader ; then -# gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t boolean /desktop/gnome/interface/accessibility true > /dev/null -# gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t list --list-type string /desktop/gnome/accessibility/startup/exec_ats [orca] > /dev/null -# # gah, orca is _kinda_ broken; need to fix the Orca RPM package instead -# # but need to do this since login on the live CD takes a long time... -# sed -e "s/sleep 30/sleep 600/" /usr/bin/orca > /usr/bin/orca.new -# mv /usr/bin/orca.new /usr/bin/orca -# chmod a+x /usr/bin/orca -#fi - -# change wallpaper to l33t livecd wallpaper -gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /desktop/gnome/background/picture_filename /usr/share/backgrounds/images/fedora-livecd-wallpaper.jpg > /dev/null - -# set up autologin for user fedora -echo "[daemon]" > /etc/gdm/custom.conf -echo "AutomaticLoginEnable=true" >> /etc/gdm/custom.conf -echo "AutomaticLogin=fedora" >> /etc/gdm/custom.conf - -# turn off firstboot for livecd boots -echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot - -# don't start yum-updatesd for livecd boots -chkconfig --levels 345 yum-updatesd off - -# Stopgap fix for RH #217966; should be fixed in HAL instead -touch /media/.hal-mtab - -EOF - chmod a+x /etc/init.d/livecd - /sbin/chkconfig --add livecd - ;; - - # run when an livecd install is complete to clean up - install-post) - /sbin/chkconfig --del livecd - rm -f /etc/init.d/livecd - ;; - - # run when an livecd install is complete; must prints packages to remove - install-pkgrem) -echo " -fedora-livecd-gnome -" - ;; -esac diff --git a/30-fedora-livecd-security.conf b/30-fedora-livecd-security.conf deleted file mode 100755 index 4063d7f..0000000 --- a/30-fedora-livecd-security.conf +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash - -# livecd configuration for Fedora Security Auditing/Penetration Testing/Forensics livecd - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 US - - -case $1 in - # inquire what packages to install; prints package list on stdout - pkgadd) - echo " -scim -scim-libs -scim-bridge -scim-bridge-gtk -scim-anthy -scim-hangul -scim-pinyin -scim-chewing -scim-m17n -m17n-lib -m17n-db -m17n-db-* -scim-tables -scim-tables-* -scim-sinhala - -gnome-mag -gok -orca - -fonts-arabic -fonts-bengali -fonts-chinese -fonts-gujarati -fonts-hebrew -fonts-hindi -fonts-japanese -fonts-kannada -fonts-korean -fonts-malayalam -fonts-oriya -fonts-punjabi -fonts-sinhala -fonts-tamil -fonts-telugu - -gnome-theme-clearlooks-bigpack -xscreensaver-extras-gss -xscreensaver-gl-extras-gss -gparted - -# Other useful stuff -irssi -screen -gtk-recordmydesktop -byzanz -istanbul - -# Security tools -aide -aircrack-ng -airsnort -chkrootkit -clamav -dd_rescue -gpart -hexedit -hping3 -john -kismet -lsof -nessus-client -nessus-gui -nessus-server -nc -nc6 -ngrep -nmap -p0f -pscan -scanssh -snort -socat -splint -tcpdump -testdisk -tiger -tripwire -wireshark-gnome -xprobe2 -" - ;; - - # run configuration scripts when all packages are installed - post) - ;; - - # run when an livecd install is complete to clean up - install-post) - ;; - - # run when an livecd install is complete; must prints packages to remove - install-pkgrem) -echo " -fedora-livecd-security -" - ;; -esac diff --git a/fedora-livecd-wallpaper.jpg b/fedora-livecd-wallpaper.jpg Binary files differdeleted file mode 100644 index 01da305..0000000 --- a/fedora-livecd-wallpaper.jpg +++ /dev/null diff --git a/fedora-security-livecd.ks b/fedora-security-livecd.ks new file mode 100644 index 0000000..ca632cf --- /dev/null +++ b/fedora-security-livecd.ks @@ -0,0 +1,206 @@ +lang en_US.UTF-8 +keyboard us +timezone US/Eastern +auth --useshadow --enablemd5 +selinux --enforcing +firewall --disabled +repo --name=d7 --baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/os +repo --name=e7 --baseurl=http://download.fedora.redhat.com/pub/fedora/linux/extras/development/i386 +xconfig --startxonboot +services --enabled=NetworkManager,dhcdbd --disabled=network,sshd + +%packages +# basic desktop packages +@graphical-internet +#@graphics +#@sound-and-video +@gnome-desktop +@base-x +#@games +@base +@core +@admin-tools +@dial-up +@hardware-support +#@printing +kernel + +scim* +-scim-devel +-scim-doc +-scim-qt +# work around yum API bug with specifying wildcards for now +scim-tables +scim-tables-* +scim-sinhala +scim-libs +scim-bridge +scim-bridge-gtk +scim-anthy +scim-hangul +scim-pinyin +scim-chewing +scim-m17n + +m17n-lib +m17n-db +#m17n-db-* + +fonts-* +# work around yum API bug with specifying wildcards for now +fonts-arabic +fonts-bengali +fonts-chinese +fonts-gujarati +fonts-hebrew +fonts-hindi +fonts-japanese +fonts-kannada +fonts-korean +fonts-malayalam +fonts-oriya +fonts-punjabi +fonts-sinhala +fonts-tamil +fonts-telugu + +# dictionaries are big +-aspell-* +-m17n-db-* +-man-pages-* +# gimp help is huge +-gimp-help +# lose the compat stuff +-compat* + +# space sucks +-festival +-gok +-gnome-speech +-ekiga +-gnome-user-docs +-specspo +-esc +-samba-client +-a2ps +-vino +-redhat-lsb + +# smartcards won't really work on the livecd. and we _need_ space +-coolkey +-ccid + +# scanning takes quite a bit of space :/ +-xsane +-xsane-gimp + +# while hplip requires pyqt, it has to go +-hplip + +evince + +# livecd bits to set up the livecd and be able to install +anaconda + +# Security LiveCD Tools +# Other useful stuff +irssi +screen +gtk-recordmydesktop +byzanz +istanbul +#tor + +# Security tools +aide +aircrack-ng +airsnort +chkrootkit +clamav +dd_rescue +gpart +hexedit +hping3 +john +kismet +lsof +nessus-client +nessus-gui +nessus-server +nc +nc6 +ngrep +nmap +p0f +pscan +scanssh +snort +socat +splint +tcpdump +testdisk +tiger +tripwire +wireshark-gnome +xprobe2 +tcpxtract +ettercap + + +%post +# FIXME: it'd be better to get this installed from a package +cat > /etc/rc.d/init.d/fedora-livecd << EOF +#!/bin/bash +# +# livecd: Init script for live cd +# +# chkconfig: 345 00 99 +# description: Init script for live cd. + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" livecd || [ "\$1" != "start" ] || [ -e /.livecd-configured ] ; then + exit 0 +fi + +exists() { + which \$1 >/dev/null 2>&1 || return + \$* +} + +touch /.livecd-configured + +# mount livecd +mkdir -p /mnt/livecd +mount -o ro -t iso9660 /dev/livecd /mnt/livecd + +# configure X +exists system-config-display --noui --reconfig --set-depth=24 + +# unmute sound card +exists alsaunmute 0 2> /dev/null + +# add fedora user with no passwd +useradd -c "Fedora live CD" fedora +passwd -d fedora > /dev/null +if [ -e /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png ] ; then + cp /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png /home/fedora/.face + chown fedora:fedora /home/fedora/.face + # TODO: would be nice to get e-d-s to pick this one up too... but how? +fi + +# turn off firstboot for livecd boots +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +# don't start yum-updatesd for livecd boots +chkconfig --levels 345 yum-updatesd off + +# Stopgap fix for RH #217966; should be fixed in HAL instead +touch /media/.hal-mtab +EOF +chmod 755 /etc/rc.d/init.d/fedora-livecd +/sbin/restorecon /etc/rc.d/init.d/fedora-livecd +/sbin/chkconfig --add fedora-livecd + +# big hack, but how else can we fit? +rm -rf /usr/share/doc/* diff --git a/fedora-security-livecd.spec b/fedora-security-livecd.spec deleted file mode 100644 index 6b8db57..0000000 --- a/fedora-security-livecd.spec +++ /dev/null @@ -1,58 +0,0 @@ -Name: fedora-security-livecd -Version: 0.1 -Release: 3%{?dist} -Summary: The configuration files for a Fedora-based security LiveCD -License: GPL -Group: System Environment/Base -URL: http://fedoraproject.org/wiki/LukeMacken/SecurityLiveCD -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Source0: 10-fedora-livecd-base.conf -Source1: 20-fedora-livecd-gnome.conf -Source2: 30-fedora-livecd-security.conf -# Wallpaper from Diana Fong, see http://www.isity.net/blog/?p=29 -Source3: fedora-livecd-wallpaper.jpg -Autoreq: 0 - -%description -This package contains the configuration files for building a -Fedora-based security LiveCD for use in security auditing, -penetration testing, forensics research, and much more. - - -%prep - -%build - -%install -rm -rf $RPM_BUILD_ROOT - -mkdir -p $RPM_BUILD_ROOT/etc/livecd/ -mkdir -p $RPM_BUILD_ROOT/usr/share/backgrounds/images -install -m 755 %{SOURCE0} $RPM_BUILD_ROOT/etc/livecd/ -install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/livecd/ -install -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/livecd/ -install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/usr/share/backgrounds/images/ - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root,-) -%dir /etc/livecd -/etc/livecd/10-fedora-livecd-base.conf -/etc/livecd/20-fedora-livecd-gnome.conf -/usr/share/backgrounds/images/fedora-livecd-wallpaper.jpg -/etc/livecd/30-fedora-livecd-security.conf - -%changelog -* Wed Mar 7 2007 Luke Macken <lmacken@redhat.com> - 1.0-3%{?dist} -- Another patch from Till Maas to add airsnort, gpart, p0f, scanssh, - nessus-{client,gui,server}, splint, testdisk, tiger, tripwire, - screen, gtk-recordmydesktop, byzanz, istanbul -- Also adding pscan - -* Wed Mar 7 2007 Luke Macken <lmacken@redhat.com> - 1.0-2%{?dist} -- Patch from Till Maas to add dd_rescue and aircrack-ng to livecd - -* Mon Mar 4 2007 Luke Macken <lmacken@redhat.com> - 1.0-1%{?dist} -- Initial package |