diff options
author | Luke Macken <lewk@csh.rit.edu> | 2008-07-18 03:31:42 -0400 |
---|---|---|
committer | Luke Macken <lmacken@redhat.com> | 2008-07-18 03:31:42 -0400 |
commit | 229b0ab72051d6c4dc5b7282020b5111d217ac58 (patch) | |
tree | 5b0283166288cbbf61cba293cda0f0b1e513ff33 /livecd-fedora-security.ks | |
parent | fbe6a002da2e4e176135fc20afb06c6295632ec7 (diff) | |
download | security-spin-229b0ab72051d6c4dc5b7282020b5111d217ac58.tar.gz security-spin-229b0ab72051d6c4dc5b7282020b5111d217ac58.tar.xz security-spin-229b0ab72051d6c4dc5b7282020b5111d217ac58.zip |
Sync up many changes
- Add new packages
* nbtscan
* nmap-frontend
* rats
* rkhunter
* scanmem
- Remove our hardcoded openbox pipe menu, as it is now in Fedora's package
- Do not mount swap partitions...
- Add the fedora user to the wheel group
- Add some useful bash options
- Fix a bunch of menu entries
- Clean up our package list
- Add repository definitions for f9{,-updates}
- Disable the exim service
Diffstat (limited to 'livecd-fedora-security.ks')
-rw-r--r-- | livecd-fedora-security.ks | 76 |
1 files changed, 25 insertions, 51 deletions
diff --git a/livecd-fedora-security.ks b/livecd-fedora-security.ks index d962000..941274d 100644 --- a/livecd-fedora-security.ks +++ b/livecd-fedora-security.ks @@ -7,13 +7,16 @@ firewall --enabled xconfig --startxonboot part / --size 1792 services --enabled=network,NetworkManager --disabled=network,sshd,cups,snortd,sendmail,avahi-daemon,bluetooth,firstboot,isdn,netfs,nfslock,rpcbind,rpcgssd -repo --name=development --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=i386 + +repo --name="rawhide" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=i386 +#repo --name="Fedora 9" --baseurl=http://download.boston.redhat.com/pub/fedora/linux/releases/9/Everything/i386/os/ +#repo --name="Fedora 9 Updates" --baseurl=http://download.boston.redhat.com/pub/fedora/linux/updates/9/i386/ + %packages @core @base-x @base -@core @dial-up @hardware-support kernel @@ -41,7 +44,6 @@ rootfiles # duplicate functionality -pinfo -vorbis-tools --wget # lose the compat stuff -compat* @@ -76,9 +78,9 @@ scim-pinyin -gnome-pilot -evolution -vino +-system-config-network +-system-config-language -system-config-network -system-config-language firefox # lots of people want to have this @@ -100,6 +102,7 @@ hping3 john kismet lsof +nbtscan nessus-client nessus-gui nessus-server @@ -107,8 +110,12 @@ nc nc6 ngrep nmap +nmap-frontend p0f pscan +rats +rkhunter +scanmem scanssh snort socat @@ -179,14 +186,6 @@ if [ -b /dev/live ]; then mount -o ro /dev/live /mnt/live fi -# enable swaps unless requested otherwise -swaps=\`blkid -t TYPE=swap -o device\` -if ! strstr "\`cat /proc/cmdline\`" noswap -a [ -n "\$swaps" ] ; then - for s in \$swaps ; do - action "Enabling swap partition \$s" swapon \$s - done -fi - # configure X, allowing user to override xdriver for o in \`cat /proc/cmdline\` ; do case \$o in @@ -199,11 +198,16 @@ done exists system-config-display --noui --reconfig --set-depth=24 \$xdriver # add fedora user with no passwd -useradd -c "Fedora Live" fedora +useradd -c "Fedora Security" fedora +usermod -G wheel fedora passwd -d fedora > /dev/null echo 'export PATH=$PATH:/sbin:/usr/sbin' >> /home/fedora/.bashrc +# Hilight grep results - man dir_color for more colors +echo "alias grep='grep --color'" >> /home/fedora/.bashrc +echo "export GREP_COLOR='1;31'" >> /home/fedora/.bashrc + ## ## openbox configuration ## @@ -217,43 +221,12 @@ cat >> /home/fedora/.config/openbox/autostart.sh << OBDONE # Run the system-wide support stuff . /etc/xdg/openbox/autostart.sh -# Set default Fedora background -feh --bg-scale /usr/share/backgrounds/images/default.png - OBDONE # rc.xml cp /etc/xdg/openbox/rc.xml /home/fedora/.config/openbox sed -i -e 's/Clearlooks/Onyx/' /home/fedora/.config/openbox/rc.xml -# -# Gnome pipe menu -# -cat >> /home/fedora/.config/openbox/obgnome.py << OBGNOME -#!/usr/bin/python -tt -import gobject -import gmenu -def walk_menu(entry): - if entry.get_type() == gmenu.TYPE_DIRECTORY: - print '<menu id="%s" label="%s">' % (entry.menu_id, entry.get_name()) - map(walk_menu, entry.get_contents()) - print '</menu>' - elif entry.get_type() == gmenu.TYPE_ENTRY and not entry.is_excluded: - print """ - <item label="%s"> - <action name="Execute"> - <command>%s</command> - </action> - </item> - """ % (entry.get_name(), entry.get_exec()) - -print "<openbox_pipe_menu>" -map(walk_menu, gmenu.lookup_tree('applications.menu').root.get_contents()) -print "</openbox_pipe_menu>" -OBGNOME -chown fedora:fedora /home/fedora/.config/openbox/obgnome.py -chmod a+x /home/fedora/.config/openbox/obgnome.py - # menu.xml cat >> /home/fedora/.config/openbox/menu.xml << OBDONE <?xml version="1.0" encoding="UTF-8"?> @@ -268,13 +241,13 @@ cat >> /home/fedora/.config/openbox/menu.xml << OBDONE <action name="Execute"><command>gnome-terminal -e "sh -c 'hping3; bash'"</command></action> </item> <item label="nc6"> - <action name="Execute"><command>gnome-terminal -e "sh -c 'nc6; bash'"</command></action> + <action name="Execute"><command>gnome-terminal -e "sh -c 'nc6 -h; bash'"</command></action> </item> <item label="nc"> <action name="Execute"><command>gnome-terminal -e "sh -c 'nc; bash'"</command></action> </item> <item label="ngrep"> - <action name="Execute"><command>gnome-terminal -e "sh -c 'ngrep; bash'"</command></action> + <action name="Execute"><command>gnome-terminal -e "sh -c 'ngrep -h; bash'"</command></action> </item> <item label="nessus"> <action name="Execute"><command>gnome-terminal -e "sh -c 'nessus; bash'"</command></action> @@ -283,7 +256,7 @@ cat >> /home/fedora/.config/openbox/menu.xml << OBDONE <action name="Execute"><command>gnome-terminal -e "sh -c 'nmap; bash'"</command></action> </item> <item label="p0f"> - <action name="Execute"><command>gnome-terminal -e "sh -c 'p0f; bash'"</command></action> + <action name="Execute"><command>gnome-terminal -e "sh -c 'p0f -h; bash'"</command></action> </item> <item label="scanssh"> <action name="Execute"><command>gnome-terminal -e "sh -c 'scanssh; bash'"</command></action> @@ -292,7 +265,7 @@ cat >> /home/fedora/.config/openbox/menu.xml << OBDONE <action name="Execute"><command>gnome-terminal -e "sh -c 'socat; bash'"</command></action> </item> <item label="tcpdump"> - <action name="Execute"><command>gnome-terminal -e "sh -c 'tcpdump; bash'"</command></action> + <action name="Execute"><command>gnome-terminal -e "sh -c 'tcpdump -h; bash'"</command></action> </item> <item label="tiger"> <action name="Execute"><command>gnome-terminal -e "sh -c 'tiger; bash'"</command></action> @@ -325,7 +298,7 @@ cat >> /home/fedora/.config/openbox/menu.xml << OBDONE <action name="Execute"><command>gnome-terminal -e "sh -c 'chkrootkit; bash'"</command></action> </item> <item label="clamav"> - <action name="Execute"><command>gnome-terminal -e "sh -c 'clamav; bash'"</command></action> + <action name="Execute"><command>gnome-terminal -e "sh -c 'clamscan; bash'"</command></action> </item> <item label="dd_rescue"> <action name="Execute"><command>gnome-terminal -e "sh -c 'dd_rescue; bash'"</command></action> @@ -382,7 +355,7 @@ cat >> /home/fedora/.config/openbox/menu.xml << OBDONE <action name="Execute"><command>gnome-terminal -e "sh -c 'snort; bash'"</command></action> </item> <item label="tripwire"> - <action name="Execute"><command>gnome-terminal -e "sh -c 'tripwire; bash'"</command></action> + <action name="Execute"><command>gnome-terminal -e "sh -c 'tripwire --help; bash'"</command></action> </item> </menu> @@ -454,6 +427,7 @@ chkconfig --level 345 atd off 2>/dev/null chkconfig --level 345 anacron off 2>/dev/null chkconfig --level 345 readahead_early off 2>/dev/null chkconfig --level 345 readahead_later off 2>/dev/null +chkconfig --level 345 exim off 2>/dev/null # Stopgap fix for RH #217966; should be fixed in HAL instead touch /media/.hal-mtab |