Diff for "BuildBeWitched" - Personal Telco Project

Differences between revisions 21 and 37 (spanning 16 versions)
Install debian: 
        Requires a system with a network connection and an internet connection. 
 
Partition Hard Disk 
        hda1    200MB   /       Bootable 
        hda2    128mb   swap 
        hda3    16MB    /altvar 
        hda6    -       /u 

do not initialize /altvar and /u
 
Install Kernal and Driver Modules 
 
Configure Device Driver Modules (network interface) 
 
Configure Network 
        use the appropriate values for the local situation 
 
if installing via serial port Edit Kernel Boot Parameters 
        "console=tty0 console=ttyS0,9600n8" 
 
Install Base System 
        network 
 
Make System Bootable 
        Install LILO in the MBR 
        Put All In Menu 
 
Reboot System 
 
Configure the System 
 
        set hardware clock to GMT 
        Select System V Style time zones 
                PST8PDT 
        MD5 Passwords-yes 
        Shadow Passwords-yes 
        Set Password for root 
## conflicts with adam's login  Add User ptp, PTP Admin Account 
        do not remove pcmcia packages 
        do not use PPP to install system 
        chose apt method-http 
        Use non-US software-yes 
        Use non-free software-no 
        Select a country-US 
        choose debian mirror-whatever 
                proxy information per local requirements 
         
wait.... 
 
        Another apt source-no 
        Use security updates-yes 
        Run tasksel-no 
        Run dselect-no 
 
        exim config-5 
 
login Prompt...login as root (I hope you remember the password you set) 
 
cd /root 

dpkg --purge ppp pppconfig pppoe pppoeconf telnet tasksel manpages fdutils groff-base info man-db  
rm -rf /etc/chatscripts /etc/ppp 
 
apt-get install wget wireless-tools snmpd ssh iproute dhcp dnsmasq grub ssmtp perl-modules devfsd ntp-simple netsaint-plugins sudo 
        all defaults except: 
        select time server - 
                timeservers time.personaltelco.net time.easystreet.com 
        Overwrite /etc/ntp.conf - yes 
        Who gets mail for userids < 1000? "nodes" 
        name of mail hub? "mail.personaltelco.net" 
        What domain to masquerade as? "personaltelco.net" 
 
wget http://www.beattie-home.net/beattie/PersonalTelcoProject/hostap-modules-2.4.20-ptp-0.1_2002.09.12-2+2.4.20-ptp-0.1+ptp.0.1_i386.deb 
wget http://www.beattie-home.net/beattie/PersonalTelcoProject/kernel-image-2.4.20-ptp-0.1_ptp.0.1_i386.deb 
wget http://www.beattie-home.net/beattie/PersonalTelcoProject/ptp-nocat.deb 
wget http://www.beattie-home.net/beattie/PersonalTelcoProject/hostap_cs.conf 
 
update-rc.d -f inet remove 
 
dpkg --install kernel-image-2.4.20-ptp-0.1_ptp.0.1_i386.deb 
        depmod errors (unresolved sysbols etc...) 
            "There was a problem running depmod.  This may be benign,  
              (You may have versioned symbol names, for instance). 
              Or this could be an error. 
                      depmod exited with return value 1 
              In any case, since depmod is run at install time,  
              we could just defer running depmod 
              Would you like to abort now? [Yes]" 
         answer n 
              "Would you like to create a boot floppy now? [No]"
         answer n 
              "Install a boot block using the existing /etc/lilo.conf? [Yes]"
         answer n 
              "Wipe out your old LILO configuration and make a new one? [No]"
         answer n
 
dpkg --install hostap-modules-2.4.20-ptp-0.1_2002.09.12-2+2.4.20-ptp-0.1+ptp.0.1_i386.deb 
dpkg --install ptp-nocat.deb 
addfile /etc/logrotate.d/nocat 
        compress 
        /var/log/nocat.log { 
            rotate 5 
            weekly 
            postrotate 
                /sbin/killall -HUP syslogd 
            endscript 
        } 
 
cd /usr/local/nocat/bin/iptables 
wget http://www.beattie-home.net/beattie/PersonalTelcoProject/throttle-cbqsfq.fw 
wget http://www.beattie-home.net/beattie/PersonalTelcoProject/throttle-htbsfq.fw 
cd .. 
rm throttle.fw 
ln -s iptables/throttle-cbqsfq.fw throttle.fw 
chmod +x iptables/throttle-cbqsfq.fw 
cd 
 
rm -rf /lib/modules/2.2.20 /boot/*2.2.20* 
 
edit /etc/default/dnsmasq 
        add line 'DNSMASQ_INTERFACE="wlan0"' 
 
rm /etc/rc[0-6].d/*dhcp /etc/rc[0-6].d/*dnsmasq 
 
edit /etc/inittab 
        at the end of the file, add: 
                dh:2345:respawn:/usr/sbin/dhcpd -d -q wlan0 
                dn:2345:respawn:/usr/sbin/dnsmasq -d -i wlan0 
                nc:2345:respawn:/usr/local/nocat/bin/gateway -d 
edit /usr/local/nocat/nocat.conf 
        set the LocalNetwork address 
 
cp hostap_cs.conf /etc/pcmcia/hostap_cs.conf 
 
edit /etc/hosts.deny 
        the one uncommented line should be 
        ALL: ALL@ALL 
 
edit /etc/hosts.allow 
        should have the line 
        sshd: ALL@ALL 
 
configure hostap
if you are using hostap_plx add to /etc/modules

if you need module options, such as "ignore_cis_vcc=1" : 
edit /etc/pcmcia/hostap_cs.conf add the following line to the end of the file: 
module "hostap_cs" opts "ignore_cis_vcc=1" 
 
put whatever options are required with in the quotes following opts. 
 
edit /etc/network/interfaces 
to the end of the file add (substituting the correct address etc..): 
        iface wlan0 inet static 
                address <AP ipaddress> 
                netmask 255.255.255.0 
                network <AP network> 
                broadcast <AP broadcast>
                pre-up iwconfig wlan0 mode master 
                pre-up iwconfig wlan0 channel 1 
                pre-up iwconfig wlan0 essid www.personaltelco.net 
 
configure dhcp 
edit /etc/default/dhcp 
change 'INTERFACES=""' to 'INTERFACES="wlan0"' 
 
replace /etc/dhcpd.conf with following with the correct addresses: 
option domain-name "personaltelco.net"; 
option domain-name-servers 10.11.71.1; 
 
option subnet-mask 255.255.255.0; 
default-lease-time 600; 
max-lease-time 7200; 
 
subnet 10.11.71.0 netmask 255.255.255.0 { 
  range 10.11.71.100 10.11.71.249; 
  option routers 10.11.71.1; 
} 
 
 
grub-install /dev/hda 
update-grub 
        "Could not find /boot/grub/menu.lst file. 
         Would you like one generated for you? (y/N)" - yes 
 
edit /boot/grub/menu.lst
        (if serial) 
                following the line: "default         0" 
                add: 
                        ## serial console 
                        serial --unit=0 --speed=9600 --parity=no 
                        terminal --timeout=10 serial console 
 
        (if building for a disk based system) 
                change: "default         0" to "default         saved" 
 
        to the line "# kopt=root=/dev/hda1 ro" 
        (if serial) 
                add " console=tty0 console=ttyS0,9600n8" 
 
update-grub     #again 
 

edit /root/.profile 
        to the PATH line add ":/root/bin"

mkdir /root/bin
 
create file /root/bin/remountrw 
---------- start ------------ 
#! /bin/sh 
# The following is to track the actions of admins, not catch crackers 
(echo root filesystem remounted RW;hostname;who -Hurbt)| \ 
        /usr/bin/mail -s "Security Notice remountrw" nodes@personaltelco.net 
/bin/mount -o remount,rw,noatime / 
---------- end ------------ 
 
create file /root/bin/remountro 
---------- start ------------ 
#! /bin/sh 
/bin/mount -o remount,ro / 
---------- end ------------ 
 
create file /root/bin/mountu 
---------- start ------------ 
#! /bin/sh 
mount /u && exit 
# mount failed, rebuild the filesystem 
mkfs.ext3 /dev/hda4 
mount /u && (cd / ; tar xzf /etc/u.tgz) && exit 
logger -p user.alert "rebuild of /u failed" 
---------- end ------------ 
 
chmod 755 /root/bin/remountro /root/bin/remountrw /root/bin/mountu 
 
rm /etc/mtab 
ln -s /proc/mounts /etc/mtab 

# now we try to make root read-only 
  
edit /etc/init.d/modutils 
        comment out 4 lines starting with "[ -e /sbin/depmod ] || exit 0" 
 
edit /etc/modules 
        add the following lines to the end of the file: 
        sch_sfq 
        sch_cbq 
        sch_red 
        sch_htb 
        sch_tbf 
        sch_ingress 
        sch_prio 
 
rm -rf /tmp 
ln -s /var/tmp /tmp

mkfs.ext2 /dev/hda3
mkdir /altvar
mount /dev/hda3 /altvar
 
mkdir -p /altvar/local/etc/network 
mv /etc/network/ifstate /altvar/local/etc/network 
ln -s /var/local/etc/network/ifstate /etc/network/ifstate 
 
mv /etc/resolv.conf /altvar/local/etc/resolv.conf 
ln -s /var/local/etc/resolv.conf /etc/resolv.conf 
 
# make package info persistent 
mkdir -p /etc/var/lib 
cp -a /var/lib/dpkg /etc/var/lib/dpkg 
rm -rf /var/lib/dpkg 
ln -s /etc/var/lib/dpkg /var/lib/dpkg 
cp -a /var/lib/apt /etc/var/lib/apt 
rm -rf /var/lib/apt 
ln -s /etc/var/lib/apt /var/lib/apt 
 
# create /var template 
cd / 
rm var/cache/debconf/* var/cache/apt/* var/cache/apt/archives/*.deb 
rm -rf var/spool/exim var/log/exim 
mkdir foo 
tar czf - var | ( cd foo; tar xzvf - ) 
rm /foo/var/run/* /foo/var/run/sshd/* /foo/var/log/* /foo/var/log/ksymoops/* /foo/var/log/news/* 
rm /foo/var/log/ntpstats/* 
mkdir -p /foo/var/local/etc/network 
cp /dev/null /foo/var/local/etc/resolv.conf 
tar czvf /etc/var.tgz var 
rm -rf foo 

reboot into single user 
 
/bin/mount -o remount,rw,noatime / 
rm -rf /var 
mkdir /var /var/tmp 
 
edit /etc/fstab 
        in the line for "/", change "errors=remount-ro" to "ro" 
        add the lines: 
                "/dev/hda3       /var            ext2    defaults                0       0" 
                "/dev/hda4       /u              ext3    defaults,noauto         0       0" 
 
 
edit /etc/init.d/mountall.sh 
        before the line "mount -avt nonfs,nosmbfs,noncpfs,noproc" add the 
                line:
        mkfs.ext2 /dev/hda4
        and following that same line add the line: 
                tar -xz -C / -f /etc/var.tgz
 
reboot
--- BrianBeattie
[CategoryBeWitched]