diff options
Diffstat (limited to 'livecd-fedora-security.ks.old')
-rw-r--r-- | livecd-fedora-security.ks.old | 465 |
1 files changed, 465 insertions, 0 deletions
diff --git a/livecd-fedora-security.ks.old b/livecd-fedora-security.ks.old new file mode 100644 index 0000000..a6fa0c5 --- /dev/null +++ b/livecd-fedora-security.ks.old @@ -0,0 +1,465 @@ +lang en_US.UTF-8 +keyboard us +timezone US/Eastern +auth --useshadow --enablemd5 +selinux --enforcing +firewall --enabled +xconfig --startxonboot +part / --size 1792 +services --enabled=network,NetworkManager --disabled=network,sshd,cups,snortd,sendmail,avahi-daemon,bluetooth,firstboot,isdn,netfs,nfslock,rpcbind,rpcgssd + +repo --name="rawhide" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=i386 +#repo --name="Fedora 9" --baseurl=http://download.boston.redhat.com/pub/fedora/linux/releases/9/Everything/i386/os/ +#repo --name="Fedora 9 Updates" --baseurl=http://download.boston.redhat.com/pub/fedora/linux/updates/9/i386/ + + +%packages +@core +@base-x +@base +@dial-up +@hardware-support +kernel +memtest86+ +bash +passwd +policycoreutils +chkconfig +authconfig +rootfiles + +# save some space +-specspo +-esc +-samba-client +-a2ps +-mpage +-redhat-lsb +-sox +-hplip +-hpijs +# smartcards won't really work on the livecd. +-coolkey +-ccid +# duplicate functionality +-pinfo +-vorbis-tools +# lose the compat stuff +-compat* + +# scanning takes quite a bit of space :/ +-xsane +-xsane-gimp +-sane-backends + +# dictionaries are big +-aspell-* +-man-pages-* +-scim-tables-* +-wqy-bitmap-fonts +-dejavu-fonts-experimental +-dejavu-fonts + +# more fun with space saving +-scim-lang-chinese +scim-chewing +scim-pinyin + +# save some space +-gnome-user-docs +-gimp-help +-anacron +-avahi* +-autofs +-metacity +-sendmail +-gnome-desktop +-gnome-panel +-gnome-pilot +-evolution +-vino +-system-config-network +-system-config-language + +firefox + +# lots of people want to have this +gparted + +# livecd bits to set up the livecd and be able to install +anaconda +isomd5sum + +# security tools +aide +aircrack-ng +airsnort +argus +chkrootkit +clamav +dd_rescue +hexedit +hping3 +john +kismet +lsof +nbtscan +nessus-client +nessus-gui +nessus-server +nc +nc6 +ngrep +nmap +nmap-frontend +p0f +pscan +rats +rkhunter +scanmem +scanssh +sectool-gui +snort +socat +splint +tcpdump +testdisk +tiger +tripwire +wireshark-gnome +xprobe2 +tcpxtract +ettercap +ettercap-gtk +nbtscan +halberd +hunt +firewalk +foremost +iptraf +tor +flawfinder +dsniff +pcapdiff + +# Other useful stuff +screen +openbox +obconf +obmenu +desktop-backgrounds-basic +feh +vim-enhanced +gnome-terminal +gnome-menus +etherape + +# make sure debuginfo doesn't end up on the live image +-*debuginfo + +%end + +%post +# FIXME: it'd be better to get this installed from a package +cat > /etc/rc.d/init.d/fedora-live << EOF +#!/bin/bash +# +# live: Init script for live image +# +# chkconfig: 345 00 99 +# description: Init script for live image. + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ] || [ -e /.liveimg-configured ] ; then + exit 0 +fi + +exists() { + which \$1 >/dev/null 2>&1 || return + \$* +} + +touch /.liveimg-configured + +# mount live image +if [ -b /dev/live ]; then + mkdir -p /mnt/live + mount -o ro /dev/live /mnt/live +fi + +# configure X, allowing user to override xdriver +for o in \`cat /proc/cmdline\` ; do + case \$o in + xdriver=*) + xdriver="--set-driver=\${o#xdriver=}" + ;; + esac +done + +exists system-config-display --noui --reconfig --set-depth=24 \$xdriver + +# add fedora user with no passwd +useradd -c "Fedora Security" fedora +usermod -G wheel fedora +passwd -d fedora > /dev/null + +echo 'export PATH=$PATH:/sbin:/usr/sbin' >> /home/fedora/.bashrc + +# Hilight grep results - man dir_color for more colors +echo "alias grep='grep --color'" >> /home/fedora/.bashrc +echo "export GREP_COLOR='1;31'" >> /home/fedora/.bashrc + +## +## openbox configuration +## +echo "openbox-session" > /home/fedora/.xsession +chmod a+x /home/fedora/.xsession +chown fedora:fedora /home/fedora/.xsession + +mkdir -p /home/fedora/.config/openbox +cat >> /home/fedora/.config/openbox/autostart.sh << OBDONE + +# Run the system-wide support stuff +. /etc/xdg/openbox/autostart.sh + +OBDONE + +# rc.xml +cp /etc/xdg/openbox/rc.xml /home/fedora/.config/openbox +sed -i -e 's/Clearlooks/Onyx/' /home/fedora/.config/openbox/rc.xml + +# menu.xml +cat >> /home/fedora/.config/openbox/menu.xml << OBDONE +<?xml version="1.0" encoding="UTF-8"?> + +<openbox_menu xmlns="http://openbox.org/3.4/menu"> + +<menu id="recon-menu" label="Reconnaissance"> + <item label="ettercap"> + <action name="Execute"><command>gnome-terminal -e "su -c ettercap-gtk"</command></action> + </item> +<item label="hping3"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'hping3; bash'"</command></action> + </item> + <item label="nc6"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'nc6 -h; bash'"</command></action> + </item> + <item label="nc"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'nc; bash'"</command></action> + </item> + <item label="ngrep"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'ngrep -h; bash'"</command></action> + </item> + <item label="nessus"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'nessus; bash'"</command></action> + </item> + <item label="nmap"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'nmap; bash'"</command></action> + </item> + <item label="p0f"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'p0f -h; bash'"</command></action> + </item> + <item label="scanssh"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'scanssh; bash'"</command></action> + </item> + <item label="socat"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'socat; bash'"</command></action> + </item> + <item label="tcpdump"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'tcpdump -h; bash'"</command></action> + </item> + <item label="tiger"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'tiger; bash'"</command></action> + </item> + <item label="wireshark"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'wireshark; bash'"</command></action> + </item> + <item label="xprobe2"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'xprobe2; bash'"</command></action> + </item> + <item label="nbtscan"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'nbtscan; bash'"</command></action> + </item> + <item label="tcpxtract"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'tcpxtract; bash'"</command></action> + </item> + <item label="firewalk"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'firewalk; bash'"</command></action> + </item> + <item label="hunt"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'hunt; bash'"</command></action> + </item> + <item label="halberd"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'halberd; bash'"</command></action> + </item> +</menu> + +<menu id="forensics-menu" label="Forensics"> + <item label="chkrootkit"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'chkrootkit; bash'"</command></action> + </item> + <item label="clamav"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'clamscan; bash'"</command></action> + </item> + <item label="dd_rescue"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'dd_rescue; bash'"</command></action> + </item> + <item label="gparted"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'gparted; bash'"</command></action> + </item> + <item label="hexedit"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'hexedit; bash'"</command></action> + </item> + <item label="prelude"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'prelude; bash'"</command></action> + </item> + <item label="testdisk"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'testdisk; bash'"</command></action> + </item> + <item label="foremost"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'foremost; bash'"</command></action> + </item> +</menu> + +<menu id="wireless-menu" label="Wireless"> + <item label="aircrack-ng"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'aircrack-ng; bash'"</command></action> + </item> + <item label="airsnort"> + <action name="Execute"><command>airsnort</command></action> + </item> + <item label="kismet"> + <action name="Execute"><command>kismet</command></action> + </item> + <item label="dsniff"> + <action name="Execute"><command>dsniff</command></action> + </item> +</menu> + +<menu id="code-menu" label="Code Analysis"> + <item label="pscan"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'pscan; bash'"</command></action> + </item> + <item label="splint"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'splint; bash'"</command></action> + </item> + <item label="flawfinder"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'flawfinder; bash'"</command></action> + </item> +</menu> + +<menu id="id-menu" label="Intrusion Detection"> + <item label="aide"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'aide; bash'"</command></action> + </item> + <item label="snort"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'snort; bash'"</command></action> + </item> + <item label="tripwire"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'tripwire --help; bash'"</command></action> + </item> +</menu> + +<menu id="password-menu" label="Password Tools"> + <item label="john"> + <action name="Execute"><command>gnome-terminal -e "sh -c 'john; bash'"</command></action> + </item> +</menu> + +<menu id="root-menu" label="Fedora Security Spin"> + <separator label="Fedora Security Spin" /> + <menu id="recon-menu" /> + <menu id="forensics-menu" /> + <menu id="wireless-menu" /> + <menu id="id-menu" /> + <menu id="code-menu" /> + <menu id="password-menu" /> + <separator /> + <item label="Terminal"> + <action name="Execute"> + <command>gnome-terminal</command> + </action> + </item> + <item label="Firefox"> + <action name="Execute"> + <command>firefox</command> + </action> + </item> + <separator /> + <menu id="fedora" label="Fedora" execute="/home/fedora/.config/openbox/obgnome.py" /> + <item label="Install to Hard Drive"> + <action name="Execute"> + <command>liveinst</command> + </action> + </item> + <separator /> + <menu id="client-list-menu" /> + <separator /> + <item label="ObConf"> + <action name="Execute"> + <startupnotify><enabled>yes</enabled><icon>openbox</icon></startupnotify> + <command>obconf</command> + </action> + </item> + <item label="Reconfigure"> + <action name="Reconfigure" /> + </item> + <separator /> + <item label="Exit"> + <action name="Exit" /> + </item> +</menu> + +</openbox_menu> + +OBDONE +## + +# turn off firstboot for livecd boots +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +# don't start yum-updatesd for livecd boots +chkconfig --level 345 yum-updatesd off 2>/dev/null + +# don't start cron/at as they tend to spawn things which are +# disk intensive that are painful on a live image +chkconfig --level 345 crond off 2>/dev/null +chkconfig --level 345 atd off 2>/dev/null +chkconfig --level 345 anacron off 2>/dev/null +chkconfig --level 345 readahead_early off 2>/dev/null +chkconfig --level 345 readahead_later off 2>/dev/null +chkconfig --level 345 exim off 2>/dev/null + +# Stopgap fix for RH #217966; should be fixed in HAL instead +touch /media/.hal-mtab + +# workaround clock syncing on shutdown that we don't want (#297421) +sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt + +# disable screensaver locking +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null +# set up timed auto-login for after 60 seconds +sed -i -e 's/\[daemon\]/[daemon]\nTimedLoginEnable=true\nTimedLogin=fedora\nTimedLoginDelay=60/' /etc/gdm/custom.conf +if [ -e /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png ] ; then + cp /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png /home/fedora/.face + chown fedora:fedora /home/fedora/.face + # TODO: would be nice to get e-d-s to pick this one up too... but how? +fi + +EOF + +chmod 755 /etc/rc.d/init.d/fedora-live +/sbin/restorecon /etc/rc.d/init.d/fedora-live +/sbin/chkconfig --add fedora-live + +# save a little bit of space at least... +rm -f /boot/initrd* + +%end + + +%post --nochroot +cp $INSTALL_ROOT/usr/share/doc/*-release-*/GPL $LIVE_ROOT/GPL +cp $INSTALL_ROOT/usr/share/doc/HTML/readme-live-image/en_US/readme-live-image-en_US.txt $LIVE_ROOT/README +%end |