#!/bin/sh ##=====================================================================## ## Copyright (c) 2001-2002 Stephen Zarkos. All rights reserved. ## Obsid@Sentry.net ## ## Please see file: COPYRIGHT for further copyright information and ## disclaimer. Or online at http://www.SentryFirewall.com/files/COPYRIGHT ##=====================================================================## ## File: mkrootdsk-RH.sh ## Script to Build a rootdisk for Red Hat host(kinda hacky). ## Read the script first, see what it does, and use with caution. ## Please see file: http://www.SentryFirewall.com/files/COPYRIGHT for ## important copyright and disclaimer information. ##=====================================================================## ## INTRO ## Please alter the variables below to match your environment. In short, ## the script does the following things: ## It first zeros out a file($base_dir/$rootdsk), formats that file, and ## then mounts it on $mnt_dir, via a loopback device. It then precedes to ## copy the necessary files to the newly created rootdisk. By default, the ## script pulls the files from the Sentry Firewall CD-ROM, assumed to be ## mounted on /cdrom. The script assumes several things; /cdrom is mounted, ## and your kernel has loopback device support. ## IMPORTANT NOTES ## When the script finishes building the rootdisk it will prompt you to ## umount and gzip the disk image. If you would like to view or modify the ## rootdisk before copying it to the proper directory (/isolinux) then you ## can answer 'n' at that point. You will then need to umount and gzip the ## rootdisk($base_dir/$rootdsk) manually. ## As long as the environment is normal and all the directories are in ## the right place, this script should be able to pull all the files it ## needs to rebuild the rootdisk from the Sentry CD-ROM. ##=====================================================================## ## Variables ## Directory to put the rootdisk image that will be created. base_dir="/root/rootdisk" ## Place to mount rootdisk image once created/formatted. mnt_dir="/root/rootdisk/mnt" ## File name of the rootdisk image. rootdsk="initrd.img" ## Temp dir to use temp="/tmp" ## Directory to get /bin binaries from(to put on rootdisk) bin_dir="/cdrom/bin" ## Directory to get /sbin binaries from(to put on rootdisk) sbin_dir="/cdrom/sbin" ## Directory to get /etc stuff from(to put on rootdisk) etc_dir="/cdrom/etc" ## Directory to get /lib stuff from(to put on rootdisk) lib_dir="/cdrom/lib" ## Directory to get /var stuff from(to put on rootdisk) var_dir="/cdrom/var" ## Not always used ## Directory to get /dev stuff from(to put on rootdisk) dev_stuff="/cdrom/etc/dev_files" ## Directory to get startup scripts from ## Usually leave this alone, these have been heavily modified. start_scripts="/cdrom/etc/rc_stuff" ## Directory to get certain modified /etc files from(to put on rootdisk) ## Usually leave this alone as well sys_files="/cdrom/etc/sys_files" ## Where we mounted Sentry Firewall CD-ROM cdrom="/cdrom" ## UID/GID variables, used for chowning files/dir with users ## that may not exist on the development system, but do on a ## default Sentry Firewall system. snort_uid="104" snort_gid="104" squid_uid="108" squid_gid="108" lp_uid="4" lp_gid="7" mysql_uid="103" mysql_gid="103" nobody_uid="99" nobody_gid="98" mail_uid="8" mail_gid="12" named_uid="106" named_gid="106" sentry_uid="1000" sentry_gid="1000" wheel_gid="10" ## Kernel versions. Used to bundle ethernet drivers on the rootdisk ## for network configuration support. kern_22="2.2.22-ow2" kern_24="2.4.19GENERIC" ## Done with variables ##=====================================================================## ##=====================================================================## ## Init stuff PATH=/sbin:/bin:/usr/sbin:/usr/bin umask 022 echo echo "Sentry Firewall CD-ROM: mkrootdsk-RH.sh" echo "Copyright (C) Stephen Zarkos, Obsid@Sentry.net" echo "Ok, let's get to it." echo if [ ! -x $base_dir ]; then if [ ! -f $base_dir ]; then echo -n "[+] Creating $base_dir... " mkdir $base_dir if [ -x $base_dir ]; then echo "Done." else echo echo "[-] Creation of $base_dir failed, please check your variables. Exiting." echo exit fi else echo "[-] $base_dir exists, but is not executable. Exiting." echo exit fi fi if [ ! -x $mnt_dir ]; then if [ ! -f $mnt_dir ]; then echo -n "Creating $mnt_dir... " mkdir $mnt_dir if [ -x $mnt_dir ]; then echo "Done." else echo echo "[-] Creation of $mnt_dir failed, please check your variables. Exiting." exit echo fi else echo "[-] $base_dir exists, but is not executable. Exiting." echo exit fi fi ##===============================================================## ## Zero out a file to use($base_dir/$rootdsk) echo -n "[+] Zeroing out file: $base_dir/$rootdsk... " dd if=/dev/zero of=$base_dir/$rootdsk bs=512 count=46876 1>/dev/null 2>/dev/null if [ ! -f $base_dir/$rootdsk ]; then echo echo "[-] Oops, tried to create file $base_dir/$rootdsk," echo " but file does not exist. Exiting." exit else echo "Done." fi ##===============================================================## ## Make an ext2 file system on $base_dir/$rootdsk echo -n "[+] Creating ext2 file system on $base_dir/$rootdsk... " mke2fs -Fq -c -m 0 -i 1024 $base_dir/$rootdsk 1>/dev/null 2>/dev/null echo "Done." ##===============================================================## ## Mount this new rootdisk on the loopback device echo -n "[+] Mounting $rootdsk on $mnt_dir... " /bin/mount | grep "on $mnt_dir " 1>/dev/null 2>/dev/null if [ "$?" = "0" ]; then echo echo "[-] Oops, $mnt_dir already mounted. Exiting." exit else mount -o loop -t ext2 $base_dir/$rootdsk $mnt_dir if [ $? -gt 0 ] ; then echo echo "[-] Uh oh, something went wrong trying to mount" echo " $base_dir/$rootdsk on $mnt_dir. Exiting." exit else echo "Done." fi fi ##===============================================================## ## Now, assume all that went well. Lets start copying stuff to ## the new root disk. echo "[+] Ok, starting to copy stuff to the rootdisk" dir_array="root proc etc sbin bin lib mnt mnt1 mnt2 mnt3 mnt4 \ cdrom floppy tmp tmp/drivers var" echo -n "[+] Making directories:" for dir in $dir_array; do echo -n " $dir" mkdir $mnt_dir/$dir done echo "... Done." ## Copy all the dev stuff we need echo -n "[+] Copying /dev files... " cp -Rdp ${dev_stuff} ${mnt_dir}/dev echo "Done." ## Basic symlinks ln -s /cdrom/boot $mnt_dir/boot ln -s /cdrom/usr $mnt_dir/usr ##===============================================================## ## Deal with /var echo -n "[+] Working in /var... " ## Make directories var_dirs="arpwatch cache db lib local lock log mars_nwe nis opt preserve run spool tmp ucd-snmp www yp \ iptraf named \ cache/httpd cache/man cache/samba \ lib/dhcp lib/ext2ed lib/misc lib/mysql lib/news lib/news/tmp lib/nfs lib/slocate lib/ups \ lib/nfs/statd lib/nfs/statd/sm \ lock/subsys lock/uucp \ log/fax log/httpd log/iptraf log/news log/samba log/squid log/uucp log/zebra log/SNORT \ mars_nwe/bindery mars_nwe/sys mars_nwe/sys/login mars_nwe/sys/public mars_nwe/sys/system \ run/console run/mysqld run/netreport run/news run/radvd \ spool/anacron spool/at spool/at/spool spool/cron spool/fax spool/lpd spool/mail spool/mqueue \ spool/news spool/rwho spool/samba spool/squid spool/uucp spool/uucppublic \ spool/fax/incoming spool/fax/outgoing spool/fax/outgoing/locks \ spool/news/archive spool/news/articles spool/news/incoming spool/news/innfeed spool/news/outgoing \ spool/news/overview spool/news/incoming/bad \ yp/binding \ www/cgi-bin www/html www/html/snort www/html/mrtg \ empty" for dir in ${var_dirs}; do mkdir ${mnt_dir}/var/${dir} done ## Make some empty files(logs, etc) touch ${mnt_dir}/var/run/utmp touch ${mnt_dir}/var/lib/dhcp/dhcpd.leases files="cron debug lastlog messages secure cron spooler boot.log snmpd.log wtmp \ maillog log.smb log.nmb proftpd.log xferlog access.log cache.log store.log \ SENTRY_LOG pacct" for file in $files; do touch ${mnt_dir}/var/log/${file} done ## Fix Perms/Copy Files/etc ## Misc. chmod 700 ${mnt_dir}/var/iptraf chown .54 ${mnt_dir}/var/lock chmod 700 ${mnt_dir}/var/empty ## tmp chmod 1777 ${mnt_dir}/var/tmp ## var/log chmod 644 ${mnt_dir}/var/log/SENTRY_LOG chmod 644 ${mnt_dir}/var/log/lastlog chmod 644 ${mnt_dir}/var/log/{log.smb,log.nmb,wtmp} chmod 640 ${mnt_dir}/var/log/{cron,maillog,messages,secure,spooler} chmod 664 ${mnt_dir}/var/log/wtmp chmod 750 ${mnt_dir}/var/log/SNORT chown ${snort_uid}.${snort_gid} ${mnt_dir}/var/log/SNORT chmod 640 ${mnt_dir}/var/log/{cache.log,access.log,store.log} chown ${squid_uid}.${squid_gid} ${mnt_dir}/var/log/{access.log,cache.log,store.log} chown .22 ${mnt_dir}/var/log/wtmp chown 10.14 ${mnt_dir}/var/log/uucp chmod 600 ${mnt_dir}/var/log/pacct ## var/spool chown 2.2 ${mnt_dir}/var/spool/{at,at/spool} chmod 700 ${mnt_dir}/var/spool/{at,at/spool} chmod 700 ${mnt_dir}/var/spool/cron chown ${squid_uid}.${squid_gid} ${mnt_dir}/var/spool/squid chown 10.14 ${mnt_dir}/var/spool/{uucp,uucppublic} chown 9.13 ${mnt_dir}/var/spool/news chmod 775 ${mnt_dir}/var/spool/mail chown .12 ${mnt_dir}/var/spool/{mail,mqueue} chmod 1777 ${mnt_dir}/var/spool/samba chmod 1777 ${mnt_dir}/var/spool/fax/outgoing ## var/cache chown 105 ${mnt_dir}/var/cache/httpd mkdir ${mnt_dir}/var/cache/man/cat{1,2,3,4,5,6,7,8,9,n} chmod 775 ${mnt_dir}/var/cache/man/cat{1,2,3,4,5,6,7,8,9,n} chown .15 ${mnt_dir}/var/cache/man/cat{1,2,3,4,5,6,7,8,9,n} ## var/run chown ${mysql_uid}.${mysql_gid} ${mnt_dir}/var/run/mysqld chown 9.13 ${mnt_dir}/var/run/news chown 75.75 ${mnt_dir}/var/run/radvd ## var/lock chown 10.14 ${mnt_dir}/var/lock/uucp ## var/lib chown 29.29 ${mnt_dir}/var/lib/nfs/statd/sm chown ${mysql_uid}.${mysql_gid} ${mnt_dir}/var/lib/mysql chown .21 ${mnt_dir}/var/lib/slocate chown 99.99 ${mnt_dir}/var/lib/ups cp -p ${var_dir}/lib/news/{active,active.times,distributions,history,newsgroups,subscriptions} ${mnt_dir}/var/lib/news/ touch ${mnt_dir}/var/lib/nfs/{etab,rmtab,statd,xtab} ## var/yp cp ${var_dir}/yp/{Makefile,nicknames,securenets} ${mnt_dir}/var/yp ## Make symlinks ln -s log ${mnt_dir}/var/adm ln -s spool/mail ${mnt_dir}/var/mail ln -s /cdrom/var/lib/ext2ed/ext2.descriptors ${mnt_dir}/var/lib/ext2ed/ext2.descriptors ln -s /cdrom/var/lib/ext2ed/ext2ed.conf ${mnt_dir}/var/lib/ext2ed/ext2ed.conf ln -s /var/log/httpd ${mnt_dir}/var/log/apache ln -s /cdrom/var/www/icons ${mnt_dir}/var/www/icons ln -s /cdrom/var/www/html/default ${mnt_dir}/var/www/html/default ln -s /etc/httpd/conf ${mnt_dir}/var/www/conf ln -s html ${mnt_dir}/var/www/htdocs ln -s /var/log/SNORT ${mnt_dir}/var/log/snort ln -s /var/log/SENTRY_LOG ${mnt_dir}/var/log/config_log ## cd-config log files ln -s /etc/snmp/snmpd.conf ${mnt_dir}/var/ucd-snmp/snmpd.conf ## Other cp -p ${var_dir}/named/named.hints ${mnt_dir}/var/named/ #### ## Chrooted named #### chroot_dir="${mnt_dir}/var/chroot" mkdir ${chroot_dir} dirs="dev etc etc/namedb usr usr/sbin var var/run var/named var/log" for i in ${dirs}; do mkdir ${chroot_dir}/${i} done if [ -f $sys_files/named.conf ]; then cp -p $sys_files/named.conf $chroot_dir/etc/named.conf fi if [ -f $etc_dir/localtime ]; then cp -p $etc_dir/localtime $chroot_dir/etc/localtime fi if [ -f $var_dir/named/named.hints ]; then cp -p $var_dir/named/named.hints $chroot_dir/var/named/named.hints fi touch ${chroot_dir}/var/log/named.security chown ${named_uid}.${named_gid} ${chroot_dir}/var/log/named.security chown 0.${named_gid} ${chroot_dir}/var/{run,named} chmod 775 ${chroot_dir}/var/{run,named} chown 0.${named_gid} ${chroot_dir}/etc/namedb chmod 775 ${chroot_dir}/etc/namedb grep 'named' $sys_files/group > $chroot_dir/etc/group mknod $chroot_dir/dev/null c 1 3 chmod 666 $chroot_dir/dev/null ln -s /cdrom/var/chroot/usr/sbin/named $chroot_dir/usr/sbin/named ln -s /cdrom/var/chroot/usr/sbin/named-xfer $chroot_dir/usr/sbin/named-xfer #### ## Done with named chroot stuff #### echo "Done." ## Done with var ##================================================================## ##================================================================## ## /home stuff echo -n "[+] Working in /home and /root... " mkdir ${mnt_dir}/home ## /home/sentry mkdir ${mnt_dir}/home/sentry chmod 755 ${mnt_dir}/home chmod 711 ${mnt_dir}/home/sentry chown ${sentry_uid}.${sentry_gid} ${mnt_dir}/home/sentry touch ${mnt_dir}/home/sentry/.bash_history chown ${sentry_uid}.${sentry_gid} ${mnt_dir}/home/sentry/.bash_history chmod 600 ${mnt_dir}/home/sentry/.bash_history files=".bash_logout .bash_profile .bashrc .screenrc" for file in $files; do cp -p ${etc_dir}/skel/${file} ${mnt_dir}/home/sentry/${file} chown ${sentry_uid}.${sentry_gid} ${mnt_dir}/home/sentry/${file} done ln -s /cdrom/SENTRY ${mnt_dir}/home/sentry/SENTRY ## /root touch ${mnt_dir}/root/.bash_history chown 0.0 ${mnt_dir}/root/.bash_history chmod 600 ${mnt_dir}/root/.bash_history files=".bash_logout .bash_profile .bashrc .screenrc" for file in $files; do cp -p ${etc_dir}/skel/${file} ${mnt_dir}/root/${file} chown 0.0 ${mnt_dir}/root/${file} done ln -s /cdrom/SENTRY ${mnt_dir}/root/SENTRY echo "Done." ## Done with /home stuff ##================================================================## ##================================================================## ## /bin /sbin stuff echo -n "[+] Working in /bin... " ##----------------------------------------------------------------## ## /bin Stuff bin_binaries="busybox hostname login sed stty cut mount \ chmod cp grep gzip ls mv rm umount bash tar uname" for binary in ${bin_binaries}; do cp -p ${bin_dir}/${binary} ${temp} strip ${temp}/${binary} cp -p ${temp}/${binary} ${mnt_dir}/bin rm -f ${temp}/${binary} done ## Special cases ## Stuff we want in /bin but are normally in /usr/bin bin_binaries="tail setterm killall" dir="`echo "$bin_dir" | sed "s/\/bin//"`/usr/bin" for binary in ${bin_binaries}; do cp -p ${dir}/${binary} ${temp} strip ${temp}/${binary} cp -p ${temp}/${binary} ${mnt_dir}/bin/${binary} rm -f ${temp}/${binary} done ## Special special cases. ## Modified ssh binary to use with scp/sftp network config support, removed ## after configuration. files="ssh scp sftp wget" for file in $files; do cp ${etc_dir}/tmp_bins/${file}.tmp ${mnt_dir}/bin/${file} chmod 700 ${mnt_dir}/bin/${file} done ## Symlink stuff, this should be fun ## There are two types here, symlinks that point to another ## binary in the same directory, and those that point to ## /cdrom/{bin,sbin} ## busybox symlinks bbox_bin_array="basename chgrp chown chvt clear cat \ date dd df dirname dmesg du echo env free \ false head kill ln logger mkdir mknod more pwd \ reset rmdir sort sync touch true tty \ uniq uptime wc which whoami" bbox_sbin_array="mkswap" for link in ${bbox_bin_array}; do ln -s busybox ${mnt_dir}/bin/${link} done for link in $bbox_sbin_array; do ln -s /bin/busybox ${mnt_dir}/sbin/${link} done ## Copying Symlinks pwd=`pwd` cd $bin_dir for i in *; do if [ -h "${bin_dir}/${i}" ]; then if [ ! -e "${mnt_dir}/bin/${i}" ]; then cp -dp ${bin_dir}/${i} ${mnt_dir}/bin/${i} fi fi done cd $pwd ## Take an ls -la of /bin ## only want binaries, not symlinks bin_list=`ls -la $bin_dir|perl -e ' my @in = <>; foreach (@in) { if($_ =~ /^-/) { chomp($_); $_=~ s/^\s+//; $_=~ s/\s+$//; $_=~ s/[-rwxs]+\s+\d{1}\s+\w+\s+\w+\s+\d+\s\w+\s+\d+\s+[\d:]+\s//; $_ =~ s/\*$//; print "$_ "; } }'` ## heh... I love this stuff. ## Let's Recap: ## $bin_binaries == List if binaries actually going to be copied to $mnt_dir/bin ## $bbox_array == List of symlinks in $mnt_dir/bin to be made to busybox ## $bin_list == actual list of binaries in /bin, the we want symlinks made to ## from $mnt_dir/bin to /cdrom/bin. NEW=`echo "$bbox_array : $bin_list : $bin_binaries"|perl -e ' my $in = <>; my($bbox_array,$bin_list,$bin_binaries) = split(/:/,$in); @bbox_array = split(/\s+/,$bbox_array); @bin_list = split(/\s+/,$bin_list); @bin_binaries = split(/\s+/,$bin_binaries); ## Ok, we now have three arrays. Since we will be making ## symlinks from /bin to /cdrom/bin for every binary in ## $bin_list, we want to make sure those binaries in ## $bin_list do not appear in $bin_binaries or $bbox_array. foreach $bin (@bbox_array) { foreach (@bin_list) { ($_ = "") if ($_ eq "$bin"); } } foreach $bin (@bin_binaries) { foreach (@bin_list) { ($_ = "") if ($_ eq "$bin"); } } foreach (@bin_list) { if(($_) && ($_ ne "")) { print "$_ "; } } '` for binary in $NEW; do if [ "${binary}" != "TRANS.TBL" ]; then if [ ! -e "${mnt_dir}/bin/${binary}" ]; then if [ ! -h "${mnt_dir}/bin/${binary}" ]; then ln -s /cdrom/bin/${binary} ${mnt_dir}/bin/${binary} fi fi fi done echo "Done." ## Done with /bin ##----------------------------------------------------------------## ##----------------------------------------------------------------## ## /sbin Stuff echo -n "[+] Working in /sbin... " sbin_binaries="mingetty badblocks dhcpcd hwclock depmod ifconfig init \ insmod initlog ldconfig route shutdown update halt ip swapon \ consoletype" for binary in ${sbin_binaries}; do cp -p ${sbin_dir}/${binary} ${temp} strip ${temp}/${binary} cp -p ${temp}/${binary} ${mnt_dir}/sbin rm -f ${temp}/${binary} done ## Special cases ## Stuff we want in /sbin but are normally in /usr/sbin sbin_binaries="rdev" dir="`echo "$sbin_dir" | sed "s/\/sbin//"`/usr/sbin" for binary in ${sbin_binaries}; do cp -p ${dir}/${binary} ${temp} strip ${temp}/${binary} cp -p ${temp}/${binary} ${mnt_dir}/sbin/${binary} rm -f ${temp}/${binary} done ## Other non-binary stuff(iproute2 scripts, etc) files="routef routel rtpr ifcfg ssnarf.sh" for binary in $files; do cp -p ${sbin_dir}/${binary} ${mnt_dir}/sbin done ## Copying Symlinks pwd=`pwd` cd $sbin_dir for i in *; do if [ -h "${sbin_dir}/${i}" ]; then if [ ! -e "${mnt_dir}/sbin/${i}" ]; then cp -dp ${sbin_dir}/${i} ${mnt_dir}/sbin/${i} fi fi done cd $pwd ## Take an ls -la of /sbin ## only want binaries, not symlinks bin_list=`ls -la $sbin_dir|perl -e ' @in = <>; foreach (@in) { if($_ =~ /^-/) { chomp($_); $_=~ s/^\s+//; $_=~ s/\s+$//; $_=~ s/[-rwxs]+\s+\d{1}\s+\w+\s+\w+\s+\d+\s\w+\s+\d+\s+[\d:]+\s//; $_ =~ s/\*$//; print "$_ "; } }'` NEW=`echo "$bin_list : $sbin_binaries"|perl -e ' my $in = <>; my($bin_list,$sbin_binaries) = split(/:/,$in); @bin_list = split(/\s+/,$bin_list); @sbin_binaries = split(/\s+/,$sbin_binaries); foreach $bin (@sbin_binaries) { foreach (@bin_list) { ($_ = "") if ($_ eq "$bin"); } } foreach (@bin_list) { if(($_) && ($_ ne "")) { print "$_ "; } } '` for binary in $NEW; do if [ "${binary}" != "TRANS.TBL" ]; then if [ ! -e "${mnt_dir}/sbin/${binary}" ]; then if [ ! -h "${mnt_dir}/sbin/${binary}" ]; then ln -s /cdrom/sbin/${binary} ${mnt_dir}/sbin/${binary} fi fi fi done ## Copy mkconfig to $mnt_dir/sbin #cp -p $cdrom/SENTRY/scripts/MK-CONFIG/mkconfig $mnt_dir/sbin/ echo "Done." ## Done with /sbin stuff ##================================================================## ##================================================================## ## /lib stuff echo -n "[+] Working in /lib... " ## Copy files and symlinks from /lib to $mnt_dir/lib ## NOTE: It's extremely important that the ld.so.cache we copy(see below) ## matches these libs, otherwise the basic things like /bin/ash won't run. libs="libc-2.2.4.so \ ld-2.2.4.so \ libcrypt-2.2.4.so \ libm-2.2.4.so \ libnsl-2.2.4.so \ libext2fs.so.2.4 \ libproc.so.2.0.7 \ libdl-2.2.4.so \ libutil-2.2.4.so \ libtermcap.so.2.0.8 \ libnss_files-2.2.4.so \ libnss_dns-2.2.4.so \ libresolv-2.2.4.so" #libdb2.so.3 (/usr/lib) for file in $libs; do objcopy --strip-debug $lib_dir/$file $temp/$file chmod 755 $temp/$file cp -p $temp/$file $mnt_dir/lib rm -f $temp/$file done tmp=`pwd` cd $lib_dir for i in *; do if [ -L $i ]; then ## Look in $lib_dir and copy the symbolic links ## to the rootdisk cp -dp $lib_dir/$i $mnt_dir/lib/$i else ## Otherwise, they must be real files, so just make ## symlinks to the cdrom. if [ ! "$i" = "modules" ]; then if [ ! -e $mnt_dir/lib/$i ]; then ln -s /cdrom/lib/$i $mnt_dir/lib/$i fi fi fi done cd $tmp mkdir $mnt_dir/lib/modules echo "Done." ## Done with /lib stuff ##================================================================## ##================================================================## ## /etc stuff echo -n "[+] Working in /etc... " ## Make a directory called "default" in ${mnt_dir}/etc ## This is where the default /etc files will go mkdir ${mnt_dir}/etc/default ## Make a a bunch of required directories. dir_array="alchemist cipe cron.d cron.daily cron.hourly cron.monthly cron.weekly \ dhcpc hotplug snort mrtg \ httpd httpd/conf httpd/conf/ssl.crl httpd/conf/ssl.crt httpd/conf/ssl.csr \ httpd/conf/ssl.key httpd/conf/ssl.prm \ isdn logrotate.d mail mgetty+sendfax news ntp \ openldap pam.d ppp ppp/peers ppp/peers/isdn ppp/plugins profile.d \ rc.d rc.d/init.d \ samba security security/console.apps \ skel slip snmp squid ssh ssl ssl/certs ssl/private ssl/misc \ sysconfig sysconfig/network-scripts sysconfig/apm-scripts sysconfig/cbq sysconfig/console \ sysconfig/networking sysconfig/networking/devices sysconfig/networking/profiles \ sysconfig/networking/profiles/default \ ups uucp zebra xinetd.d" for dir in ${dir_array}; do mkdir ${mnt_dir}/etc/${dir} mkdir ${mnt_dir}/etc/default/${dir} done ## Copy default files to $mnt_dir/etc/default files="adjtime \ anacrontab \ at.deny \ bashrc \ crontab \ csh.cshrc csh.login \ diskcheck.conf \ exports \ fdprm \ filesystems \ host.conf hosts.allow hosts.deny \ identd.conf \ inputrc \ isapnp.gone \ iscsi.conf initiatorname.iscsi \ krb5.conf krb.conf krb.realms \ ld.so.conf \ login.defs \ logrotate.conf \ lpd.conf \ lpd.perms \ ldap.conf \ lynx.cfg \ ltrace.conf \ mail.rc \ man.config \ mime.types \ minicom.users \ modules.conf \ mtools.conf \ my.cnf \ nscd.conf \ nsswitch.conf \ ntp.conf \ nwserv.conf \ pam_smb.conf \ protocols \ pwdb.conf \ printcap.local printconf.local printcap \ radvd.conf \ rpc \ securetty \ sensors.conf \ services \ sysctl.conf \ updatedb.conf \ warnquota.conf \ yp.conf ypserv.conf" for file in $files; do cp -p $etc_dir/$file $mnt_dir/etc/default/$file done ## Copy other files to /etc ## Most of these would not need to be modified. files="DIR_COLORS \ inittab \ initlog.conf ioctl.save \ ld.so.cache \ redhat-release \ termcap \ CDversion" for file in $files; do cp -p $etc_dir/$file $mnt_dir/etc/$file done ## Create some empty files touch ${mnt_dir}/etc/default/{issue,issue.net,motd} touch ${mnt_dir}/etc/mtab ## More config files files="fstab group passwd shadow profile xinetd.conf snort.conf \ proftpd.conf shells hosts resolv.conf named.conf ftpusers syslog.conf" for file in $files; do cp -p ${sys_files}/${file} ${mnt_dir}/etc/default/${file} done ## Temporary files required to use ftp:// with wget for configuration. ## passwd/shadow/group files with just a single root account(disabled). files="passwd shadow group" for file in ${files}; do cp -p ${etc_dir}/${file}.tmp ${mnt_dir}/etc/${file} done ## Symlinks in /etc ln -s /cdrom/etc/locale ${mnt_dir}/etc/locale ln -s /cdrom/etc/log.d ${mnt_dir}/etc/log.d ln -s dhcpc ${mnt_dir}/etc/dhcpcd ##### ## Now take care of files in subdirectories ## ##### ## /etc/{xinetd.d,xinetd.d.none} mkdir ${mnt_dir}/etc/default/xinetd.d.none cp -p ${etc_dir}/sys_files/xinetd.d/* ${mnt_dir}/etc/default/xinetd.d/ cp -Rdp ${etc_dir}/sys_files/xinetd.d.none/* ${mnt_dir}/etc/default/xinetd.d.none/ ## /etc/httpd files="magic httpd.conf access.conf srm.conf" for file in ${files}; do cp -p ${etc_dir}/httpd/conf/${file} ${mnt_dir}/etc/default/httpd/conf/${file} done files="ssl.crl ssl.crt ssl.csr ssl.key ssl.prm" pwd="`pwd`" for file in ${files}; do cd ${etc_dir}/httpd/conf/${file} for i in *; do if [ -f "$i" ]; then cp -p $i ${mnt_dir}/etc/default/httpd/conf/${file}/ fi done done cd $pwd ln -s ../../../usr/share/ssl/certs/Makefile ${mnt_dir}/etc/httpd/conf/Makefile ln -s ../../usr/lib/apache ${mnt_dir}/etc/httpd/modules ln -s ../../var/log/httpd ${mnt_dir}/etc/httpd/logs ## /etc/mail files="access aliases.db helpfile mailertable.db sendmail.mc virtusertable \ access.db domaintable local-host-names Makefile statistics virtusertable.db \ aliases domaintable.db mailertable sendmail.cf trusted-users" for file in ${files}; do cp -p ${etc_dir}/mail/${file} ${mnt_dir}/etc/default/mail/${file} done ln -s mail/sendmail.cf ${mnt_dir}/etc/sendmail.cf ## /etc/ppp files="chap-secrets pap-secrets \ firewall-standalone firewall-masq \ pppoe-server-options pppoe.conf \ ip-down ip-up ip-down.ipv6to4 ip-up.ipv6to4 \ options ioptions peers/wvdial" for file in ${files}; do cp -p ${etc_dir}/ppp/${file} ${mnt_dir}/etc/default/ppp/${file} done files="arcor avm avm-ml leased otelo talkline" for file in ${files}; do cp -p ${etc_dir}/ppp/peers/isdn/${file} ${mnt_dir}/etc/default/ppp/peers/isdn/${file} done ln -s /cdrom/etc/ppp/plugins/capiplugin.so ${mnt_dir}/etc/ppp/plugins/capiplugin.so ln -s /cdrom/etc/ppp/plugins/userpass.so ${mnt_dir}/etc/ppp/plugins/userpass.so ## /etc/slip files="slip.hosts slip.login slip.passwd slip.route slip.tty" for file in $files; do cp -p ${etc_dir}/slip/${file} ${mnt_dir}/etc/default/slip/${file} done ln -s slip.login ${mnt_dir}/etc/default/slip/slip.logout ## /etc/ssh files="primes ssh_config sshd_config sshd_config.local moduli" for file in ${files}; do cp -p ${etc_dir}/ssh/${file} ${mnt_dir}/etc/default/ssh/${file} done touch ${mnt_dir}/etc/default/ssh/ssh_known_hosts touch ${mnt_dir}/etc/default/ssh/ssh_known_hosts2 ## /etc/ssl files="openssl.cnf" for file in ${files}; do cp -p ${etc_dir}/ssl/${file} ${mnt_dir}/etc/default/ssl/${file} done files="CA CA.pl CA.sh c_hash c_info c_issuer c_name der_chop der_chop.pl" for file in ${files}; do ln -s /cdrom/etc/ssl/misc/${file} ${mnt_dir}/etc/ssl/misc/${file} done files="make-dummy-cert Makefile ca-bundle.crt" for file in ${files}; do ln -s /cdrom/etc/ssl/certs/${file} ${mnt_dir}/etc/ssl/certs/${file} done ln -s certs/ca-bundle.crt ${mnt_dir}/etc/ssl/cert.pem ## /etc/rc.d files="amd bcm5820 functions innd kdcrotate mysqld ntpd rarpd rusersd squid yppasswdd \ anacron bgpd gated ipchains keytable netfs ospf6d rawdevices rwhod sshd ypserv \ apmd bootparamd gpm iptables killall network ospfd ripd sendmail syslog ypxfrd \ arpwatch halt irda kudzu nfs portmap ripngd single ups zebra \ atd crond httpd iscsi lpd nfslock radvd routed smb xinetd \ autofs dhcpd identd isdn mars-nwe nscd random rstatd snmpd ypbind named snortd" for file in $files; do cp -p ${start_scripts}/rc.d/init.d/${file} ${mnt_dir}/etc/default/rc.d/init.d/${file} done ## Make rc directories. rc1..6 only needed in /etc, not /etc/default. files="rc.d/rc0.d rc.d/rc1.d rc.d/rc2.d rc.d/rc3.d rc.d/rc4.d rc.d/rc5.d rc.d/rc6.d" for file in ${files}; do mkdir ${mnt_dir}/etc/${file} done ## rc files that won't be replaced. files="rc rc.sysinit rc.cdrom" for file in $files; do cp -p ${start_scripts}/rc.d/${file} ${mnt_dir}/etc/rc.d/ done ## Other rc files. cp -p ${start_scripts}/rc.d/rc.local ${mnt_dir}/etc/default/rc.d/rc.local cp -p ${start_scripts}/rc.news ${mnt_dir}/etc/default/rc.d/ ln -s rc.d/rc.news ${mnt_dir}/etc/rc.news ## Make symlinks in ${mnt_dir}/etc/ for the different runlevels. files="rc0.d rc1.d rc2.d rc3.d rc4.d rc5.d rc6.d init.d rc rc.local rc.sysinit" for file in ${files}; do ln -s rc.d/${file} ${mnt_dir}/etc/${file} done ## Symlinks in /etc/rc.d/rc{0..6}.d/, except for rc3.d(created by config scripts). files="rc0.d rc1.d rc2.d rc4.d rc5.d rc6.d" for file in ${files}; do cp -dp ${start_scripts}/rc.d/${file}/* ${mnt_dir}/etc/rc.d/${file}/ done ## Make /etc/rc.d/SENTRY/ directory to keep the perl configuration scripts. mkdir ${mnt_dir}/etc/rc.d/SENTRY ## /etc/sysconfig files="sysconfig sysconfig/network-scripts sysconfig/apm-scripts \ sysconfig/cbq sysconfig/console sysconfig/networking sysconfig/networking/devices \ sysconfig/networking/profiles sysconfig/networking/profiles/default" for file in $files; do for i in ${sys_files}/${file}/*; do if [ -e "$i" -o -L "$i" ]; then if [ ! -d "$i" ]; then cp -dp ${i} ${mnt_dir}/etc/default/${file}/ fi fi done done ## /etc/syslog-ng cp -p ${etc_dir}/syslog-ng/syslog-ng.conf ${mnt_dir}/etc/default/syslog-ng ## /etc/squid files="mib.txt mime.conf mime.conf.default squid.conf" for file in ${files}; do cp -p ${etc_dir}/squid/${file} ${mnt_dir}/etc/default/squid/ done ln -s /usr/lib/squid/errors/English ${mnt_dir}/etc/squid/errors ln -s /cdrom/etc/squid/icons ${mnt_dir}/etc/squid/icons ## /etc/samba files="lmhosts smb.conf smbusers" for file in ${files}; do cp -p ${etc_dir}/samba/${file} ${mnt_dir}/etc/default/samba/ done chmod 640 ${mnt_dir}/etc/default/samba/smb.conf ## /etc/zebra cp -p ${etc_dir}/zebra/{zebra.conf,ripd.conf,ospfd.conf,bgpd.conf} ${mnt_dir}/etc/default/zebra/ chmod 600 ${mnt_dir}/etc/default/zebra/* chmod 750 ${mnt_dir}/etc/{default/zebra/,zebra/} ## /etc/cron* files="cron.d cron.daily cron.monthly cron.hourly cron.weekly" for file in ${files}; do cp -Rdp ${etc_dir}/${file}/* ${mnt_dir}/etc/default/${file}/ done ## /etc/hotplug cp -Rdp ${etc_dir}/hotplug/* ${mnt_dir}/etc/default/hotplug/ ## /etc/isdn files="callerid.conf ibod.cf isdn.conf isdnlog.isdnctrl0.options isdnlog.users \ rate.conf vboxd.conf vboxgetty.conf" for file in ${files}; do cp -p ${etc_dir}/isdn/${file} ${mnt_dir}/etc/default/isdn/ done ## /etc/logrotate.d files="apache mars-nwe.log mgetty mysqld psacct samba sendfax squid syslog uucp \ vgetty vm zebra" for file in ${files}; do cp -p ${etc_dir}/logrotate.d/${file} ${mnt_dir}/etc/default/logrotate.d/ done ## /etc/skel files=".bash_logout .bash_profile .bashrc .screenrc" for file in ${files}; do cp -p ${etc_dir}/skel/${file} ${mnt_dir}/etc/default/skel/${file} done ## /etc/snmp cp -p ${etc_dir}/snmp/snmpd.conf ${mnt_dir}/etc/default/snmp/ ln -s snmp ${mnt_dir}/etc/ucd-snmp ## /etc/snort cp -Rp ${etc_dir}/snort/* ${mnt_dir}/etc/default/snort/ chmod 710 ${mnt_dir}/etc/{snort,default/snort} chmod 640 ${mnt_dir}/etc/default/snort/* chown .${snort_gid} ${mnt_dir}/etc/{snort,default/snort} chown .${snort_gid} ${mnt_dir}/etc/default/snort/* ## /etc/profile.d CD="`pwd`" cd ${etc_dir}/profile.d for i in *; do ln -s /cdrom/etc/profile.d/${i} ${mnt_dir}/etc/profile.d/${i} done cd $CD ## Other directories we just need to copy files to... files="mgetty+sendfax news security ups uucp pam.d openldap ntp mrtg alchemist" for file in ${files}; do cp -Rdp ${etc_dir}/${file}/* ${mnt_dir}/etc/default/${file}/ done echo "Done." ##================================================================## ## Create or copy drivers.tar.gz, used to support network devices ## during configuration. if [ ! -x $mnt_dir/tmp/drivers ]; then mkdir $mnt_dir/tmp/drivers fi ## 2.2 ## if [ -f $lib_dir/drivers-2.2.tar.gz ]; then cp -p $lib_dir/drivers-2.2.tar.gz $mnt_dir/tmp/drivers/ else ## Create drivers-2.2.tar.gz, file that contains kernel modules ## used if configuring over a network. modules="3c501 3c503 3c507 3c505 3c509 3c515 lance wd smc-ultra smc9194 \ smc-ultra32 ni5010 ni65 ni52 rtl8139 at1700 e2100 depca ewrk3 \ eexpress eepro fmv18x hp-plus hp100 hp eth16i ne starfire ac3200 \ cs89x0 tlan dmfe dgrs lne390 ne3210 sis900 es3210 epic100 yellowfin \ acenic sk98lin" if [ ! -x ${temp}/modules ]; then mkdir ${temp}/modules fi pwd="`pwd`" err="0" cd ${temp}/modules echo "[+] Building drivers-2.2.tar.gz(network config support)." echo " [+] Using ${lib_dir}/modules/${kern_22}." for i in $modules; do if [ -f ${lib_dir}/modules/${kern_22}/net/${i}.o ]; then cp -p ${lib_dir}/modules/${kern_22}/net/${i}.o ${temp}/modules/ else err="1" fi done tar -cf drivers-2.2.tar * gzip -9 drivers-2.2.tar cp -p drivers-2.2.tar.gz ${mnt_dir}/tmp/drivers/ rm -rf ${temp}/modules if [ "$err" = "1" ]; then echo " [-] One or more errors occured while building drivers-2.2.tar.gz." fi cd $pwd fi ## 2.4 ## if [ -f ${lib_dir}/drivers-2.4.tar.gz ]; then cp -p ${lib_dir}/drivers-2.4.tar.gz ${mnt_dir}/tmp/drivers/ else ## Create drivers-2.4.tar.gz, file that contains kernel modules ## used if configuring over a network. modules="3c501 3c507 3c505 3c503 3c509 3c515 lance wd smc9194 \ smc-ultra smc-ultra32 ni5010 ni65 ni52 at1700 depca \ hp100 e2100 ewrk3 eexpress eepro hp hp-plus eth16i ne \ starfire ac3200 cs89x0 dgrs dmfe lne390 ne3210 es3210 \ sis900 tlan epic100 winbond-840 acenic hamachi yellowfin \ sundance" if [ ! -x ${temp}/modules ]; then mkdir ${temp}/modules fi pwd="`pwd`" err="0" cd ${temp}/modules echo "[+] Building drivers-2.4.tar.gz(network config support)." echo " [+] Using ${lib_dir}/modules/${kern_24}." for i in $modules; do if [ -f ${lib_dir}/modules/${kern_24}/kernel/drivers/net/${i}.o ]; then cp -p ${lib_dir}/modules/${kern_24}/kernel/drivers/net/${i}.o ${temp}/modules/ else err="1" fi done tar -cf drivers-2.4.tar * gzip -9 drivers-2.4.tar cp -p drivers-2.4.tar.gz ${mnt_dir}/tmp/drivers/ rm -rf ${temp}/modules if [ "$err" = "1" ]; then echo " [-] One or more errors occured while building drivers-2.4.tar.gz." fi cd $pwd fi ##================================================================## ## Misc. echo -n "[+] Finishing up... " ## We're going to need the perl binary in bin, instead of /usr/bin cp -p ${bin_dir}/../usr/bin/perl ${mnt_dir}/bin/perl ## Copy the perl config scripts to /etc/rc.d cp -p $cdrom/SENTRY/scripts/cd-config/* $mnt_dir/etc/rc.d/SENTRY/ ## Copy default sentry.conf config file to /etc/default cp -p $cdrom/SENTRY/scripts/cd-config/sentry.conf $mnt_dir/etc/default/ echo "Done!" ##================================================================## echo echo "[+] $base_dir/$rootdsk is still mounted, do you want me" echo -n " to unmount it? (y/n) " read -n 1 blah if [ "$blah" = "y" ]; then echo echo -n " [+] Unmounting $mnt_dir... " umount $mnt_dir 1>/dev/null 2>/dev/null if [ $? -gt 0 ] ; then echo echo " [-] Uh oh, something went wrong while unmounting $mnt_dir. Exiting." echo exit else sleep 1 echo "Done." echo -n " [+] Gzipping $base_dir/$rootdsk... " gzip -9 $base_dir/$rootdsk mv ${base_dir}/${rootdsk}.gz ${base_dir}/${rootdsk} echo "Done." echo echo "Location of new rootdisk --> $base_dir/$rootdsk" fi else echo echo "[-] Ok, $base_dir/$rootdsk still mounted on $mnt_dir. Exiting." echo exit fi echo exit ## _EOF_ ##