diff options
-rwxr-xr-x | 10-fedora-livecd-base.conf | 95 | ||||
-rwxr-xr-x | 20-fedora-livecd-gnome.conf | 173 | ||||
-rwxr-xr-x | 30-fedora-livecd-security.conf | 121 | ||||
-rw-r--r-- | fedora-security-livecd.spec | 58 |
4 files changed, 447 insertions, 0 deletions
diff --git a/10-fedora-livecd-base.conf b/10-fedora-livecd-base.conf new file mode 100755 index 0000000..3e3f207 --- /dev/null +++ b/10-fedora-livecd-base.conf @@ -0,0 +1,95 @@ +#!/bin/bash + +# livecd configuration for Base Fedora system + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + +case $1 in + # inquire what packages to install; prints package list on stdout + pkgadd) + echo " +bash +kernel +passwd +shadow-utils +rpm +yum +openssh-clients +rsync +tree +wget +man +rootfiles +dhclient +cpuspeed +fedora-logos +file +tree +selinux-policy +selinux-policy-targeted +grub +sudo +" + ;; + + # run configuration scripts when all packages are installed + post) + mkdir -p /etc/sysconfig + + cat <<EOF > /etc/sysconfig/clock +ZONE="America/New_York" +UTC=true +ARC=false +EOF + + cat <<EOF > /etc/sysconfig/network +NETWORKING=yes +HOSTNAME=localhost.localdomain +EOF + + cat <<EOF > /etc/resolv.conf +EOF + + cat <<EOF > /etc/hosts +# Do not remove the following line, or various programs +# that require network functionality will fail. +127.0.0.1 localhost.localdomain localhost +::1 localhost.localdomain localhost +EOF + + cat <<EOF > /etc/sysconfig/i18n +LANG="en_US.UTF-8" +EOF + + cat <<EOF > /etc/sysconfig/keyboard +KEYBOARDTYPE="pc" +KEYTABLE="us" +EOF + pwconv + passwd -d root + ;; + + # run when an livecd install is complete to clean up + install-post) + ;; + + # run when an livecd install is complete; must prints packages to remove + install-pkgrem) +echo " +fedora-livecd +" + ;; +esac diff --git a/20-fedora-livecd-gnome.conf b/20-fedora-livecd-gnome.conf new file mode 100755 index 0000000..bfb937a --- /dev/null +++ b/20-fedora-livecd-gnome.conf @@ -0,0 +1,173 @@ +#!/bin/bash + +# livecd configuration for Fedora GNOME + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + +case $1 in + # inquire what packages to install; must print packages to install + pkgadd) + echo " +chkconfig +gdm +gnome-panel +nautilus +metacity +gnome-themes +redhat-artwork +gnome-power-manager +gnome-volume-manager +desktop-printing +gnome-terminal +gedit +NetworkManager-gnome +NetworkManager-vpnc +NetworkManager-openvpn +xorg-x11-drivers +yelp +eog +firefox +totem +totem-mozplugin +gnome-session +system-config-display +vim-minimal +vim-X11 +gnome-applets +compiz +gucharmap +gcalctool +file-roller +gnome-utils +gconf-editor +evince +nautilus-open-terminal +gnome-bluetooth +pirut +setroubleshoot +gnome-python2-canvas +alacarte +system-config-date +system-config-users +system-config-rootpassword +system-config-printer +yum-updatesd +ntfs-3g +ntfsprogs +alsa-utils +dejavu-lgc-fonts +" + ;; + + # run configuration scripts when all packages are installed + post) + perl -i -p -e 's/id:3:initdefault:/id:5:initdefault:/' /etc/inittab + + chkconfig --level 345 network off + chkconfig --level 345 NetworkManager on + + cat > /etc/init.d/livecd <<EOF +#!/bin/bash +# +# livecd: Init script for live cd +# +# chkconfig: 345 00 99 +# description: Init script for live cd. + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" livecd || [ "\$1" != "start" ] || [ -e /.livecd-configured ] ; then + exit 0 +fi + +touch /.livecd-configured + +# mount livecd +mkdir -p /mnt/livecd +mount -o ro -t iso9660 /dev/livecd /mnt/livecd + +# configure X +system-config-display --noui --reconfig --set-depth=24 + +# unmute sound card +alsaunmute 0 2> /dev/null + +# add fedora user with no passwd +useradd -c "Fedora live CD" fedora +passwd -d fedora > /dev/null +# make fedora user use GNOME (TODO: make gdm DTRT instead of this hack) +echo "gnome-session" > /home/fedora/.xsession +chmod a+x /home/fedora/.xsession +chown fedora:fedora /home/fedora/.xsession +if [ -e /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png ] ; then + cp /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png /home/fedora/.face + chown fedora:fedora /home/fedora/.face + # TODO: would be nice to get e-d-s to pick this one up too... but how? +fi + +# setup a11y if requested +# +# todo: support also: +# - high contrast scheme +# - magnifier +# - on-screen keyboard +# - keyboard modifiers +# +#if strstr "\`cat /proc/cmdline\`" a11y_screenreader ; then +# gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t boolean /desktop/gnome/interface/accessibility true > /dev/null +# gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t list --list-type string /desktop/gnome/accessibility/startup/exec_ats [orca] > /dev/null +# # gah, orca is _kinda_ broken; need to fix the Orca RPM package instead +# # but need to do this since login on the live CD takes a long time... +# sed -e "s/sleep 30/sleep 600/" /usr/bin/orca > /usr/bin/orca.new +# mv /usr/bin/orca.new /usr/bin/orca +# chmod a+x /usr/bin/orca +#fi + +# change wallpaper to l33t livecd wallpaper +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /desktop/gnome/background/picture_filename /usr/share/backgrounds/images/fedora-livecd-wallpaper.jpg > /dev/null + +# set up autologin for user fedora +echo "[daemon]" > /etc/gdm/custom.conf +echo "AutomaticLoginEnable=true" >> /etc/gdm/custom.conf +echo "AutomaticLogin=fedora" >> /etc/gdm/custom.conf + +# turn off firstboot for livecd boots +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +# don't start yum-updatesd for livecd boots +chkconfig --levels 345 yum-updatesd off + +# Stopgap fix for RH #217966; should be fixed in HAL instead +touch /media/.hal-mtab + +EOF + chmod a+x /etc/init.d/livecd + /sbin/chkconfig --add livecd + ;; + + # run when an livecd install is complete to clean up + install-post) + /sbin/chkconfig --del livecd + rm -f /etc/init.d/livecd + ;; + + # run when an livecd install is complete; must prints packages to remove + install-pkgrem) +echo " +fedora-livecd-gnome +" + ;; +esac diff --git a/30-fedora-livecd-security.conf b/30-fedora-livecd-security.conf new file mode 100755 index 0000000..4063d7f --- /dev/null +++ b/30-fedora-livecd-security.conf @@ -0,0 +1,121 @@ +#!/bin/bash + +# livecd configuration for Fedora Security Auditing/Penetration Testing/Forensics livecd + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 US + + +case $1 in + # inquire what packages to install; prints package list on stdout + pkgadd) + echo " +scim +scim-libs +scim-bridge +scim-bridge-gtk +scim-anthy +scim-hangul +scim-pinyin +scim-chewing +scim-m17n +m17n-lib +m17n-db +m17n-db-* +scim-tables +scim-tables-* +scim-sinhala + +gnome-mag +gok +orca + +fonts-arabic +fonts-bengali +fonts-chinese +fonts-gujarati +fonts-hebrew +fonts-hindi +fonts-japanese +fonts-kannada +fonts-korean +fonts-malayalam +fonts-oriya +fonts-punjabi +fonts-sinhala +fonts-tamil +fonts-telugu + +gnome-theme-clearlooks-bigpack +xscreensaver-extras-gss +xscreensaver-gl-extras-gss +gparted + +# Other useful stuff +irssi +screen +gtk-recordmydesktop +byzanz +istanbul + +# Security tools +aide +aircrack-ng +airsnort +chkrootkit +clamav +dd_rescue +gpart +hexedit +hping3 +john +kismet +lsof +nessus-client +nessus-gui +nessus-server +nc +nc6 +ngrep +nmap +p0f +pscan +scanssh +snort +socat +splint +tcpdump +testdisk +tiger +tripwire +wireshark-gnome +xprobe2 +" + ;; + + # run configuration scripts when all packages are installed + post) + ;; + + # run when an livecd install is complete to clean up + install-post) + ;; + + # run when an livecd install is complete; must prints packages to remove + install-pkgrem) +echo " +fedora-livecd-security +" + ;; +esac diff --git a/fedora-security-livecd.spec b/fedora-security-livecd.spec new file mode 100644 index 0000000..6b8db57 --- /dev/null +++ b/fedora-security-livecd.spec @@ -0,0 +1,58 @@ +Name: fedora-security-livecd +Version: 0.1 +Release: 3%{?dist} +Summary: The configuration files for a Fedora-based security LiveCD +License: GPL +Group: System Environment/Base +URL: http://fedoraproject.org/wiki/LukeMacken/SecurityLiveCD +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Source0: 10-fedora-livecd-base.conf +Source1: 20-fedora-livecd-gnome.conf +Source2: 30-fedora-livecd-security.conf +# Wallpaper from Diana Fong, see http://www.isity.net/blog/?p=29 +Source3: fedora-livecd-wallpaper.jpg +Autoreq: 0 + +%description +This package contains the configuration files for building a +Fedora-based security LiveCD for use in security auditing, +penetration testing, forensics research, and much more. + + +%prep + +%build + +%install +rm -rf $RPM_BUILD_ROOT + +mkdir -p $RPM_BUILD_ROOT/etc/livecd/ +mkdir -p $RPM_BUILD_ROOT/usr/share/backgrounds/images +install -m 755 %{SOURCE0} $RPM_BUILD_ROOT/etc/livecd/ +install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/livecd/ +install -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/livecd/ +install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/usr/share/backgrounds/images/ + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root,-) +%dir /etc/livecd +/etc/livecd/10-fedora-livecd-base.conf +/etc/livecd/20-fedora-livecd-gnome.conf +/usr/share/backgrounds/images/fedora-livecd-wallpaper.jpg +/etc/livecd/30-fedora-livecd-security.conf + +%changelog +* Wed Mar 7 2007 Luke Macken <lmacken@redhat.com> - 1.0-3%{?dist} +- Another patch from Till Maas to add airsnort, gpart, p0f, scanssh, + nessus-{client,gui,server}, splint, testdisk, tiger, tripwire, + screen, gtk-recordmydesktop, byzanz, istanbul +- Also adding pscan + +* Wed Mar 7 2007 Luke Macken <lmacken@redhat.com> - 1.0-2%{?dist} +- Patch from Till Maas to add dd_rescue and aircrack-ng to livecd + +* Mon Mar 4 2007 Luke Macken <lmacken@redhat.com> - 1.0-1%{?dist} +- Initial package |