summaryrefslogtreecommitdiffstats
path: root/livecd-fedora-security.ks.old
diff options
context:
space:
mode:
Diffstat (limited to 'livecd-fedora-security.ks.old')
-rw-r--r--livecd-fedora-security.ks.old465
1 files changed, 465 insertions, 0 deletions
diff --git a/livecd-fedora-security.ks.old b/livecd-fedora-security.ks.old
new file mode 100644
index 0000000..a6fa0c5
--- /dev/null
+++ b/livecd-fedora-security.ks.old
@@ -0,0 +1,465 @@
+lang en_US.UTF-8
+keyboard us
+timezone US/Eastern
+auth --useshadow --enablemd5
+selinux --enforcing
+firewall --enabled
+xconfig --startxonboot
+part / --size 1792
+services --enabled=network,NetworkManager --disabled=network,sshd,cups,snortd,sendmail,avahi-daemon,bluetooth,firstboot,isdn,netfs,nfslock,rpcbind,rpcgssd
+
+repo --name="rawhide" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=i386
+#repo --name="Fedora 9" --baseurl=http://download.boston.redhat.com/pub/fedora/linux/releases/9/Everything/i386/os/
+#repo --name="Fedora 9 Updates" --baseurl=http://download.boston.redhat.com/pub/fedora/linux/updates/9/i386/
+
+
+%packages
+@core
+@base-x
+@base
+@dial-up
+@hardware-support
+kernel
+memtest86+
+bash
+passwd
+policycoreutils
+chkconfig
+authconfig
+rootfiles
+
+# save some space
+-specspo
+-esc
+-samba-client
+-a2ps
+-mpage
+-redhat-lsb
+-sox
+-hplip
+-hpijs
+# smartcards won't really work on the livecd.
+-coolkey
+-ccid
+# duplicate functionality
+-pinfo
+-vorbis-tools
+# lose the compat stuff
+-compat*
+
+# scanning takes quite a bit of space :/
+-xsane
+-xsane-gimp
+-sane-backends
+
+# dictionaries are big
+-aspell-*
+-man-pages-*
+-scim-tables-*
+-wqy-bitmap-fonts
+-dejavu-fonts-experimental
+-dejavu-fonts
+
+# more fun with space saving
+-scim-lang-chinese
+scim-chewing
+scim-pinyin
+
+# save some space
+-gnome-user-docs
+-gimp-help
+-anacron
+-avahi*
+-autofs
+-metacity
+-sendmail
+-gnome-desktop
+-gnome-panel
+-gnome-pilot
+-evolution
+-vino
+-system-config-network
+-system-config-language
+
+firefox
+
+# lots of people want to have this
+gparted
+
+# livecd bits to set up the livecd and be able to install
+anaconda
+isomd5sum
+
+# security tools
+aide
+aircrack-ng
+airsnort
+argus
+chkrootkit
+clamav
+dd_rescue
+hexedit
+hping3
+john
+kismet
+lsof
+nbtscan
+nessus-client
+nessus-gui
+nessus-server
+nc
+nc6
+ngrep
+nmap
+nmap-frontend
+p0f
+pscan
+rats
+rkhunter
+scanmem
+scanssh
+sectool-gui
+snort
+socat
+splint
+tcpdump
+testdisk
+tiger
+tripwire
+wireshark-gnome
+xprobe2
+tcpxtract
+ettercap
+ettercap-gtk
+nbtscan
+halberd
+hunt
+firewalk
+foremost
+iptraf
+tor
+flawfinder
+dsniff
+pcapdiff
+
+# Other useful stuff
+screen
+openbox
+obconf
+obmenu
+desktop-backgrounds-basic
+feh
+vim-enhanced
+gnome-terminal
+gnome-menus
+etherape
+
+# make sure debuginfo doesn't end up on the live image
+-*debuginfo
+
+%end
+
+%post
+# FIXME: it'd be better to get this installed from a package
+cat > /etc/rc.d/init.d/fedora-live << EOF
+#!/bin/bash
+#
+# live: Init script for live image
+#
+# chkconfig: 345 00 99
+# description: Init script for live image.
+
+. /etc/init.d/functions
+
+if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ] || [ -e /.liveimg-configured ] ; then
+ exit 0
+fi
+
+exists() {
+ which \$1 >/dev/null 2>&1 || return
+ \$*
+}
+
+touch /.liveimg-configured
+
+# mount live image
+if [ -b /dev/live ]; then
+ mkdir -p /mnt/live
+ mount -o ro /dev/live /mnt/live
+fi
+
+# configure X, allowing user to override xdriver
+for o in \`cat /proc/cmdline\` ; do
+ case \$o in
+ xdriver=*)
+ xdriver="--set-driver=\${o#xdriver=}"
+ ;;
+ esac
+done
+
+exists system-config-display --noui --reconfig --set-depth=24 \$xdriver
+
+# add fedora user with no passwd
+useradd -c "Fedora Security" fedora
+usermod -G wheel fedora
+passwd -d fedora > /dev/null
+
+echo 'export PATH=$PATH:/sbin:/usr/sbin' >> /home/fedora/.bashrc
+
+# Hilight grep results - man dir_color for more colors
+echo "alias grep='grep --color'" >> /home/fedora/.bashrc
+echo "export GREP_COLOR='1;31'" >> /home/fedora/.bashrc
+
+##
+## openbox configuration
+##
+echo "openbox-session" > /home/fedora/.xsession
+chmod a+x /home/fedora/.xsession
+chown fedora:fedora /home/fedora/.xsession
+
+mkdir -p /home/fedora/.config/openbox
+cat >> /home/fedora/.config/openbox/autostart.sh << OBDONE
+
+# Run the system-wide support stuff
+. /etc/xdg/openbox/autostart.sh
+
+OBDONE
+
+# rc.xml
+cp /etc/xdg/openbox/rc.xml /home/fedora/.config/openbox
+sed -i -e 's/Clearlooks/Onyx/' /home/fedora/.config/openbox/rc.xml
+
+# menu.xml
+cat >> /home/fedora/.config/openbox/menu.xml << OBDONE
+<?xml version="1.0" encoding="UTF-8"?>
+
+<openbox_menu xmlns="http://openbox.org/3.4/menu">
+
+<menu id="recon-menu" label="Reconnaissance">
+ <item label="ettercap">
+ <action name="Execute"><command>gnome-terminal -e "su -c ettercap-gtk"</command></action>
+ </item>
+<item label="hping3">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'hping3; bash'"</command></action>
+ </item>
+ <item label="nc6">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'nc6 -h; bash'"</command></action>
+ </item>
+ <item label="nc">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'nc; bash'"</command></action>
+ </item>
+ <item label="ngrep">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'ngrep -h; bash'"</command></action>
+ </item>
+ <item label="nessus">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'nessus; bash'"</command></action>
+ </item>
+ <item label="nmap">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'nmap; bash'"</command></action>
+ </item>
+ <item label="p0f">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'p0f -h; bash'"</command></action>
+ </item>
+ <item label="scanssh">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'scanssh; bash'"</command></action>
+ </item>
+ <item label="socat">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'socat; bash'"</command></action>
+ </item>
+ <item label="tcpdump">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'tcpdump -h; bash'"</command></action>
+ </item>
+ <item label="tiger">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'tiger; bash'"</command></action>
+ </item>
+ <item label="wireshark">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'wireshark; bash'"</command></action>
+ </item>
+ <item label="xprobe2">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'xprobe2; bash'"</command></action>
+ </item>
+ <item label="nbtscan">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'nbtscan; bash'"</command></action>
+ </item>
+ <item label="tcpxtract">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'tcpxtract; bash'"</command></action>
+ </item>
+ <item label="firewalk">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'firewalk; bash'"</command></action>
+ </item>
+ <item label="hunt">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'hunt; bash'"</command></action>
+ </item>
+ <item label="halberd">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'halberd; bash'"</command></action>
+ </item>
+</menu>
+
+<menu id="forensics-menu" label="Forensics">
+ <item label="chkrootkit">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'chkrootkit; bash'"</command></action>
+ </item>
+ <item label="clamav">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'clamscan; bash'"</command></action>
+ </item>
+ <item label="dd_rescue">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'dd_rescue; bash'"</command></action>
+ </item>
+ <item label="gparted">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'gparted; bash'"</command></action>
+ </item>
+ <item label="hexedit">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'hexedit; bash'"</command></action>
+ </item>
+ <item label="prelude">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'prelude; bash'"</command></action>
+ </item>
+ <item label="testdisk">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'testdisk; bash'"</command></action>
+ </item>
+ <item label="foremost">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'foremost; bash'"</command></action>
+ </item>
+</menu>
+
+<menu id="wireless-menu" label="Wireless">
+ <item label="aircrack-ng">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'aircrack-ng; bash'"</command></action>
+ </item>
+ <item label="airsnort">
+ <action name="Execute"><command>airsnort</command></action>
+ </item>
+ <item label="kismet">
+ <action name="Execute"><command>kismet</command></action>
+ </item>
+ <item label="dsniff">
+ <action name="Execute"><command>dsniff</command></action>
+ </item>
+</menu>
+
+<menu id="code-menu" label="Code Analysis">
+ <item label="pscan">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'pscan; bash'"</command></action>
+ </item>
+ <item label="splint">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'splint; bash'"</command></action>
+ </item>
+ <item label="flawfinder">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'flawfinder; bash'"</command></action>
+ </item>
+</menu>
+
+<menu id="id-menu" label="Intrusion Detection">
+ <item label="aide">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'aide; bash'"</command></action>
+ </item>
+ <item label="snort">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'snort; bash'"</command></action>
+ </item>
+ <item label="tripwire">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'tripwire --help; bash'"</command></action>
+ </item>
+</menu>
+
+<menu id="password-menu" label="Password Tools">
+ <item label="john">
+ <action name="Execute"><command>gnome-terminal -e "sh -c 'john; bash'"</command></action>
+ </item>
+</menu>
+
+<menu id="root-menu" label="Fedora Security Spin">
+ <separator label="Fedora Security Spin" />
+ <menu id="recon-menu" />
+ <menu id="forensics-menu" />
+ <menu id="wireless-menu" />
+ <menu id="id-menu" />
+ <menu id="code-menu" />
+ <menu id="password-menu" />
+ <separator />
+ <item label="Terminal">
+ <action name="Execute">
+ <command>gnome-terminal</command>
+ </action>
+ </item>
+ <item label="Firefox">
+ <action name="Execute">
+ <command>firefox</command>
+ </action>
+ </item>
+ <separator />
+ <menu id="fedora" label="Fedora" execute="/home/fedora/.config/openbox/obgnome.py" />
+ <item label="Install to Hard Drive">
+ <action name="Execute">
+ <command>liveinst</command>
+ </action>
+ </item>
+ <separator />
+ <menu id="client-list-menu" />
+ <separator />
+ <item label="ObConf">
+ <action name="Execute">
+ <startupnotify><enabled>yes</enabled><icon>openbox</icon></startupnotify>
+ <command>obconf</command>
+ </action>
+ </item>
+ <item label="Reconfigure">
+ <action name="Reconfigure" />
+ </item>
+ <separator />
+ <item label="Exit">
+ <action name="Exit" />
+ </item>
+</menu>
+
+</openbox_menu>
+
+OBDONE
+##
+
+# turn off firstboot for livecd boots
+echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
+
+# don't start yum-updatesd for livecd boots
+chkconfig --level 345 yum-updatesd off 2>/dev/null
+
+# don't start cron/at as they tend to spawn things which are
+# disk intensive that are painful on a live image
+chkconfig --level 345 crond off 2>/dev/null
+chkconfig --level 345 atd off 2>/dev/null
+chkconfig --level 345 anacron off 2>/dev/null
+chkconfig --level 345 readahead_early off 2>/dev/null
+chkconfig --level 345 readahead_later off 2>/dev/null
+chkconfig --level 345 exim off 2>/dev/null
+
+# Stopgap fix for RH #217966; should be fixed in HAL instead
+touch /media/.hal-mtab
+
+# workaround clock syncing on shutdown that we don't want (#297421)
+sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt
+
+# disable screensaver locking
+gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null
+# set up timed auto-login for after 60 seconds
+sed -i -e 's/\[daemon\]/[daemon]\nTimedLoginEnable=true\nTimedLogin=fedora\nTimedLoginDelay=60/' /etc/gdm/custom.conf
+if [ -e /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png ] ; then
+ cp /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png /home/fedora/.face
+ chown fedora:fedora /home/fedora/.face
+ # TODO: would be nice to get e-d-s to pick this one up too... but how?
+fi
+
+EOF
+
+chmod 755 /etc/rc.d/init.d/fedora-live
+/sbin/restorecon /etc/rc.d/init.d/fedora-live
+/sbin/chkconfig --add fedora-live
+
+# save a little bit of space at least...
+rm -f /boot/initrd*
+
+%end
+
+
+%post --nochroot
+cp $INSTALL_ROOT/usr/share/doc/*-release-*/GPL $LIVE_ROOT/GPL
+cp $INSTALL_ROOT/usr/share/doc/HTML/readme-live-image/en_US/readme-live-image-en_US.txt $LIVE_ROOT/README
+%end
generated by cgit (git 2.34.1) at 2024-04-19 18:12:01 +0000