lang en_US.UTF-8 keyboard us timezone US/Eastern auth --useshadow --enablemd5 selinux --enforcing firewall --enabled xconfig --startxonboot part / --size 1792 services --enabled=network,NetworkManager --disabled=network,sshd,cups,snortd,sendmail,avahi-daemon,bluetooth,firstboot,isdn,netfs,nfslock,rpcbind,rpcgssd repo --name="rawhide" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=i386 #repo --name="Fedora 9" --baseurl=http://download.boston.redhat.com/pub/fedora/linux/releases/9/Everything/i386/os/ #repo --name="Fedora 9 Updates" --baseurl=http://download.boston.redhat.com/pub/fedora/linux/updates/9/i386/ %packages @core @base-x @base @dial-up @hardware-support kernel memtest86+ bash passwd policycoreutils chkconfig authconfig rootfiles # save some space -specspo -esc -samba-client -a2ps -mpage -redhat-lsb -sox -hplip -hpijs # smartcards won't really work on the livecd. -coolkey -ccid # duplicate functionality -pinfo -vorbis-tools # lose the compat stuff -compat* # scanning takes quite a bit of space :/ -xsane -xsane-gimp -sane-backends # dictionaries are big -aspell-* -man-pages-* -scim-tables-* -wqy-bitmap-fonts -dejavu-fonts-experimental -dejavu-fonts # more fun with space saving -scim-lang-chinese scim-chewing scim-pinyin # save some space -gnome-user-docs -gimp-help -anacron -avahi* -autofs -metacity -sendmail -gnome-desktop -gnome-panel -gnome-pilot -evolution -vino -system-config-network -system-config-language firefox # lots of people want to have this gparted # livecd bits to set up the livecd and be able to install anaconda isomd5sum # security tools aide aircrack-ng airsnort argus chkrootkit clamav dd_rescue hexedit hping3 john kismet lsof nbtscan nessus-client nessus-gui nessus-server nc nc6 ngrep nmap nmap-frontend p0f pscan rats rkhunter scanmem scanssh sectool-gui snort socat splint tcpdump testdisk tiger tripwire wireshark-gnome xprobe2 tcpxtract ettercap ettercap-gtk nbtscan halberd hunt firewalk foremost iptraf tor flawfinder dsniff pcapdiff # Other useful stuff screen openbox obconf obmenu desktop-backgrounds-basic feh vim-enhanced gnome-terminal gnome-menus etherape # make sure debuginfo doesn't end up on the live image -*debuginfo %end %post # FIXME: it'd be better to get this installed from a package cat > /etc/rc.d/init.d/fedora-live << EOF #!/bin/bash # # live: Init script for live image # # chkconfig: 345 00 99 # description: Init script for live image. . /etc/init.d/functions if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ] || [ -e /.liveimg-configured ] ; then exit 0 fi exists() { which \$1 >/dev/null 2>&1 || return \$* } touch /.liveimg-configured # mount live image if [ -b /dev/live ]; then mkdir -p /mnt/live mount -o ro /dev/live /mnt/live fi # configure X, allowing user to override xdriver for o in \`cat /proc/cmdline\` ; do case \$o in xdriver=*) xdriver="--set-driver=\${o#xdriver=}" ;; esac done exists system-config-display --noui --reconfig --set-depth=24 \$xdriver # add fedora user with no passwd useradd -c "Fedora Security" fedora usermod -G wheel fedora passwd -d fedora > /dev/null echo 'export PATH=$PATH:/sbin:/usr/sbin' >> /home/fedora/.bashrc # Hilight grep results - man dir_color for more colors echo "alias grep='grep --color'" >> /home/fedora/.bashrc echo "export GREP_COLOR='1;31'" >> /home/fedora/.bashrc ## ## openbox configuration ## echo "openbox-session" > /home/fedora/.xsession chmod a+x /home/fedora/.xsession chown fedora:fedora /home/fedora/.xsession mkdir -p /home/fedora/.config/openbox cat >> /home/fedora/.config/openbox/autostart.sh << OBDONE # Run the system-wide support stuff . /etc/xdg/openbox/autostart.sh OBDONE # rc.xml cp /etc/xdg/openbox/rc.xml /home/fedora/.config/openbox sed -i -e 's/Clearlooks/Onyx/' /home/fedora/.config/openbox/rc.xml # menu.xml cat >> /home/fedora/.config/openbox/menu.xml << OBDONE gnome-terminal -e "su -c ettercap-gtk" gnome-terminal -e "sh -c 'hping3; bash'" gnome-terminal -e "sh -c 'nc6 -h; bash'" gnome-terminal -e "sh -c 'nc; bash'" gnome-terminal -e "sh -c 'ngrep -h; bash'" gnome-terminal -e "sh -c 'nessus; bash'" gnome-terminal -e "sh -c 'nmap; bash'" gnome-terminal -e "sh -c 'p0f -h; bash'" gnome-terminal -e "sh -c 'scanssh; bash'" gnome-terminal -e "sh -c 'socat; bash'" gnome-terminal -e "sh -c 'tcpdump -h; bash'" gnome-terminal -e "sh -c 'tiger; bash'" gnome-terminal -e "sh -c 'wireshark; bash'" gnome-terminal -e "sh -c 'xprobe2; bash'" gnome-terminal -e "sh -c 'nbtscan; bash'" gnome-terminal -e "sh -c 'tcpxtract; bash'" gnome-terminal -e "sh -c 'firewalk; bash'" gnome-terminal -e "sh -c 'hunt; bash'" gnome-terminal -e "sh -c 'halberd; bash'" gnome-terminal -e "sh -c 'chkrootkit; bash'" gnome-terminal -e "sh -c 'clamscan; bash'" gnome-terminal -e "sh -c 'dd_rescue; bash'" gnome-terminal -e "sh -c 'gparted; bash'" gnome-terminal -e "sh -c 'hexedit; bash'" gnome-terminal -e "sh -c 'prelude; bash'" gnome-terminal -e "sh -c 'testdisk; bash'" gnome-terminal -e "sh -c 'foremost; bash'" gnome-terminal -e "sh -c 'aircrack-ng; bash'" airsnort kismet dsniff gnome-terminal -e "sh -c 'pscan; bash'" gnome-terminal -e "sh -c 'splint; bash'" gnome-terminal -e "sh -c 'flawfinder; bash'" gnome-terminal -e "sh -c 'aide; bash'" gnome-terminal -e "sh -c 'snort; bash'" gnome-terminal -e "sh -c 'tripwire --help; bash'" gnome-terminal -e "sh -c 'john; bash'" gnome-terminal firefox liveinst yesopenbox obconf OBDONE ## # turn off firstboot for livecd boots echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot # don't start yum-updatesd for livecd boots chkconfig --level 345 yum-updatesd off 2>/dev/null # don't start cron/at as they tend to spawn things which are # disk intensive that are painful on a live image chkconfig --level 345 crond off 2>/dev/null chkconfig --level 345 atd off 2>/dev/null chkconfig --level 345 anacron off 2>/dev/null chkconfig --level 345 readahead_early off 2>/dev/null chkconfig --level 345 readahead_later off 2>/dev/null chkconfig --level 345 exim off 2>/dev/null # Stopgap fix for RH #217966; should be fixed in HAL instead touch /media/.hal-mtab # workaround clock syncing on shutdown that we don't want (#297421) sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt # disable screensaver locking gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null # set up timed auto-login for after 60 seconds sed -i -e 's/\[daemon\]/[daemon]\nTimedLoginEnable=true\nTimedLogin=fedora\nTimedLoginDelay=60/' /etc/gdm/custom.conf if [ -e /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png ] ; then cp /usr/share/icons/hicolor/96x96/apps/fedora-logo-icon.png /home/fedora/.face chown fedora:fedora /home/fedora/.face # TODO: would be nice to get e-d-s to pick this one up too... but how? fi EOF chmod 755 /etc/rc.d/init.d/fedora-live /sbin/restorecon /etc/rc.d/init.d/fedora-live /sbin/chkconfig --add fedora-live # save a little bit of space at least... rm -f /boot/initrd* %end %post --nochroot cp $INSTALL_ROOT/usr/share/doc/*-release-*/GPL $LIVE_ROOT/GPL cp $INSTALL_ROOT/usr/share/doc/HTML/readme-live-image/en_US/readme-live-image-en_US.txt $LIVE_ROOT/README %end