#!/bin/sh ##=====================================================================## ## Copyright (c) 2001-2002 Stephen Zarkos. All rights reserved. ## Obsid@Sentry.net ## ## Please see file: COPYRIGHT for further copyright information and ## disclaimer. Or online at http://www.SentryFirewall.com/files/COPYRIGHT ##=====================================================================## ## File: mkrootdsk.sh ## Script to Build a rootdisk (kinda hacky) ## Read the script first, see what it does, and use with caution. ## Please see file: http://www.SentryFirewall.com/files/COPYRIGHT for ## important copyright and disclaimer information. ##=====================================================================## ## INTRO ## Please alter the variables below to match your environment. In short, ## the script does the following things: ## It first zeros out a file($base_dir/$rootdsk), formats that file, and ## then mounts it on $mnt_dir, via a loopback device. It then precedes to ## copy the necessary files to the newly created rootdisk. By default, the ## script pulls the files from the Sentry Firewall CD-ROM, assumed to be ## mounted on /cdrom. The script assumes several things; /cdrom is mounted, ## and your kernel has loopback device support. ## IMPORTANT NOTES ## When the script finishes building the rootdisk it will prompt you to ## umount and gzip the disk image. If you would like to view or modify the ## rootdisk before copying it to the proper directory (/isolinux) then you ## can answer 'n' at that point. You will then need to umount and gzip the ## rootdisk($base_dir/$rootdsk) manually. ## In any case, as long as the environment is normal and all the directories ## are in the right place, this script should be able to pull all the files it ## needs to rebuild the rootdisk from the Sentry CD-ROM. ##=====================================================================## ## Variables ## Directory to put the rootdisk image that will be created. base_dir="/root/rootdisk" ## Place to mount rootdisk image once created/formatted. mnt_dir="/root/rootdisk/mnt" ## File name of the rootdisk image. rootdsk="initrd.img" ## Temp dir to use temp="/tmp" ## Directory to get /bin binaries from(to put on rootdisk) bin_dir="/cdrom/bin" ## Directory to get /sbin binaries from(to put on rootdisk) sbin_dir="/cdrom/sbin" ## Directory to get /etc stuff from(to put on rootdisk) etc_dir="/cdrom/etc" ## Directory to get /lib stuff from(to put on rootdisk) lib_dir="/cdrom/lib" ## Directory to get /var stuff from(to put on rootdisk) var_dir="/cdrom/var" ## Not always used ## Directory to get /dev stuff from(to put on rootdisk) dev_stuff="/cdrom/etc/dev_stuff" ## Directory to get startup scripts from ## Usually leave this alone, these have been heavily modified. start_scripts="/cdrom/etc/rc.d" ## Directory to get certain modified /etc files from(to put on rootdisk) ## Usually leave this alone as well sys_files="/cdrom/etc/sys_files" ## Where we mounted Sentry Firewall CD-ROM cdrom="/cdrom" ## UID/GID variables, used for chowning files/dir with users ## that may not exist on the development system, but do on a ## default Sentry Firewall system. snort_uid="104" snort_gid="104" squid_uid="108" squid_gid="108" lp_uid="4" lp_gid="7" nobody_uid="99" nobody_gid="98" mail_uid="8" mail_gid="12" named_uid="106" named_gid="106" sentry_uid="1000" sentry_gid="1000" wheel_gid="10" ## Kernel versions. Used to bundle ethernet drivers on the rootdisk ## for network configuration support. kern_22="2.2.21-ow1" kern_24="2.4.18GENERIC" ## Done with variables ##=====================================================================## ##=====================================================================## ## Init stuff PATH=/sbin:/bin:/usr/sbin:/usr/bin umask 022 echo echo "Sentry Firewall CD-ROM: mkrootdsk.sh" echo "Copyright (C) Stephen Zarkos, Obsid@Sentry.net" echo "Ok, let's get to it." echo if [ ! -x $base_dir ]; then if [ ! -f $base_dir ]; then echo -n "[+] Creating $base_dir... " mkdir $base_dir if [ -x $base_dir ]; then echo "Done." else echo echo "[-] Creation of $base_dir failed, please check your variables. Exiting." echo exit fi else echo "[-] $base_dir exists, but is not executable. Exiting." echo exit fi fi if [ ! -x $mnt_dir ]; then if [ ! -f $mnt_dir ]; then echo -n "Creating $mnt_dir... " mkdir $mnt_dir if [ -x $mnt_dir ]; then echo "Done." else echo echo "[-] Creation of $mnt_dir failed, please check your variables. Exiting." exit echo fi else echo "[-] $base_dir exists, but is not executable. Exiting." echo exit fi fi ##===============================================================## ## Zero out a file to use echo -n "[+] Zeroing out file: $base_dir/$rootdsk... " dd if=/dev/zero of=$base_dir/$rootdsk bs=512 count=31250 1>/dev/null 2>/dev/null if [ ! -f $base_dir/$rootdsk ]; then echo echo "[-] Oops, tried to create file $base_dir/$rootdsk," echo " but file does not exist. Exiting." exit else echo "Done." fi ##===============================================================## ## Make an ext2 file system on file echo -n "[+] Creating ext2 file system on $base_dir/$rootdsk... " mke2fs -Fq -c -m 0 -i 1024 $base_dir/$rootdsk 1>/dev/null 2>/dev/null echo "Done." ##===============================================================## ## Mount this new rootdisk on the loopback device echo -n "[+] Mounting $rootdsk on $mnt_dir... " /bin/mount | grep "on $mnt_dir " 1>/dev/null 2>/dev/null if [ "$?" = "0" ]; then echo echo "[-] Oops, $mnt_dir already mounted. Exiting." exit else mount -o loop -t ext2 $base_dir/$rootdsk $mnt_dir if [ $? -gt 0 ] ; then echo echo "[-] Uh oh, something went wrong trying to mount" echo " $base_dir/$rootdsk on $mnt_dir. Exiting." exit else echo "Done." fi fi ##===============================================================## ## Now, assume all that went well. Lets start copying stuff to ## the new root disk. echo "[+] Ok, starting to copy stuff to the rootdisk" dir_array="root dev proc etc sbin bin lib mnt mnt1 mnt2 mnt3 mnt4 \ cdrom floppy tmp tmp/drivers var" echo -n "[+] Making directories:" for dir in $dir_array; do echo -n " $dir" mkdir $mnt_dir/$dir done echo "... Done." ## Copy all the dev stuff we need echo -n "[+] Copying /dev files... " cp -Rdp $dev_stuff/* $mnt_dir/dev echo "Done." ## Basic symlinks ln -s /cdrom/boot $mnt_dir/boot ln -s /cdrom/usr $mnt_dir/usr ##===============================================================## ## Deal with /var echo -n "[+] Working in /var... " ## Make directories var_dirs="cache db lock log man named pid run spool state tmp yp \ cache/proxy lock/subsys state/dhcp \ log/mount log/ftpd log/routed log/SNORT log/apache log/setup \ log/setup/tmp log/setup/apache \ spool/atjobs spool/atspool \ spool/cron spool/cron/crontabs \ spool/locate spool/lpd spool/mail spool/mqueue \ spool/pcnfs spool/rwho spool/samba \ www www/cgi-bin www/htdocs www/htdocs/snort empty" for dir in ${var_dirs}; do mkdir ${mnt_dir}/var/${dir} done ## Additional Directories mkdir ${mnt_dir}/var/man/cat{1,2,3,4,5,6,7,8,9,n} ## Make some empty files(logs, etc) touch ${mnt_dir}/var/run/utmp touch ${mnt_dir}/var/state/dhcp/dhcpd.leases touch ${mnt_dir}/var/log/{cron,debug} touch ${mnt_dir}/var/log/{messages,secure,maillog,firewall,syslog,wtmp} touch ${mnt_dir}/var/log/{log.smb,log.nmb} touch ${mnt_dir}/var/log/{proftpd.log,xferlog} touch ${mnt_dir}/var/log/{access.log,cache.log,store.log} ## Squid Logs touch ${mnt_dir}/var/log/SENTRY_LOG ## cd-config log file ## Fix perms ## Misc. chown 0.2 ${mnt_dir}/var/run chmod 775 ${mnt_dir}/var/run chmod 700 ${mnt_dir}/var/empty ## tmp chmod 1777 ${mnt_dir}/var/tmp ## var/log chmod 644 ${mnt_dir}/var/log/SENTRY_LOG chmod 644 ${mnt_dir}/var/log/cron chmod 644 ${mnt_dir}/var/log/{log.smb,log.nmb,wtmp} chmod 640 ${mnt_dir}/var/log/{debug,messages,syslog} chmod 750 ${mnt_dir}/var/log/SNORT chown ${snort_uid}.${snort_gid} ${mnt_dir}/var/log/SNORT chmod 640 ${mnt_dir}/var/log/{cache.log,access.log,store.log} chown ${squid_uid}.${squid_gid} ${mnt_dir}/var/log/{access.log,cache.log,store.log} ## var/spool chown 2.2 ${mnt_dir}/var/spool/{atjobs,atspool} chmod 700 ${mnt_dir}/var/spool/{atjobs,atspool} chown 0.${wheel_gid} ${mnt_dir}/var/spool/cron chmod 751 ${mnt_dir}/var/spool/cron chown 0.${wheel_gid} ${mnt_dir}/var/spool/cron/crontabs chmod 750 ${mnt_dir}/var/spool/cron/crontabs chown ${nobody_uid}.1 ${mnt_dir}/var/spool/locate chown 0.${lp_gid} ${mnt_dir}/var/spool/lpd chmod 775 ${mnt_dir}/var/spool/lpd chown 0.${mail_gid} $mnt_dir/var/spool/mail chmod 1777 ${mnt_dir}/var/spool/mail chown 0.${mail_gid} ${mnt_dir}/var/spool/mqueue ## var/cache chown ${squid_uid}.${squid_gid} ${mnt_dir}/var/cache ## Make symlinks ln -s log ${mnt_dir}/var/adm ln -s db ${mnt_dir}/var/dhcpd ln -s spool/mail ${mnt_dir}/var/mail ln -s /var/spool/rwho ${mnt_dir}/var/rwho ln -s /usr/libexec ${mnt_dir}/var/www/libexec ln -s /var/log/apache ${mnt_dir}/var/www/logs ln -s /cdrom/var/www/icons ${mnt_dir}/var/www/icons ln -s /cdrom/var/www/htdocs ${mnt_dir}/var/www/htdocs/default ln -s /etc/apache ${mnt_dir}/var/www/conf ln -s /var/log/SNORT ${mnt_dir}/var/log/snort ln -s /var/log/SENTRY_LOG ${mnt_dir}/var/log/config_log ## cd-config log files ## Other cp -p ${var_dir}/spool/cron/crontabs/* ${mnt_dir}/var/spool/cron/crontabs/ cp -p ${var_dir}/named/named.hints ${mnt_dir}/var/named/ cp -p ${var_dir}/log/lastlog ${mnt_dir}/var/log/lastlog #### ## Chrooted named #### chroot_dir="$mnt_dir/var/chroot" mkdir $chroot_dir dirs="dev etc etc/namedb usr usr/sbin var var/run var/named var/log" for i in $dirs; do mkdir $chroot_dir/$i done if [ -f $sys_files/named.conf ]; then cp -p $sys_files/named.conf $chroot_dir/etc/named.conf fi if [ -f $etc_dir/localtime ]; then cp -p $etc_dir/localtime $chroot_dir/etc/localtime fi if [ -f $var_dir/named/named.hints ]; then cp -p $var_dir/named/named.hints $chroot_dir/var/named/named.hints fi touch ${chroot_dir}/var/log/named.security chown ${named_uid}.${named_gid} ${chroot_dir}/var/log/named.security chown 0.${named_gid} ${chroot_dir}/var/{run,named} chmod 775 ${chroot_dir}/var/{run,named} chown 0.${named_gid} ${chroot_dir}/etc/namedb chmod 775 ${chroot_dir}/etc/namedb grep 'named' $sys_files/group > $chroot_dir/etc/group mknod $chroot_dir/dev/null c 1 3 chmod 666 $chroot_dir/dev/null ln -s /cdrom/var/chroot/usr/sbin/named $chroot_dir/usr/sbin/named ln -s /cdrom/var/chroot/usr/sbin/named-xfer $chroot_dir/usr/sbin/named-xfer #### ## Done with named chroot stuff #### echo "Done." ## Done with var ##================================================================## ##================================================================## ## /home stuff echo -n "[+] Working in /home... " ## /home/sentry mkdir ${mnt_dir}/home mkdir ${mnt_dir}/home/sentry chown ${sentry_uid}.${sentry_gid} ${mnt_dir}/home/sentry chmod 755 ${mnt_dir}/home chmod 711 ${mnt_dir}/home/sentry touch ${mnt_dir}/home/sentry/.bash_history chown ${sentry_uid}.${sentry_gid} ${mnt_dir}/home/sentry/.bash_history chmod 600 ${mnt_dir}/home/sentry/.bash_history ln -s /cdrom/SENTRY ${mnt_dir}/home/sentry/SENTRY ln -s /cdrom/SENTRY/docs ${mnt_dir}/home/sentry/docs files=".less .lessrc .screenrc" for file in ${files}; do cp -p ${etc_dir}/skel/${file} ${mnt_dir}/home/sentry/ done ## /root touch ${mnt_dir}/root/.bash_history chown 0.0 ${mnt_dir}/root/.bash_history chmod 600 ${mnt_dir}/root/.bash_history ln -s /cdrom/SENTRY ${mnt_dir}/root/SENTRY ln -s /cdrom/SENTRY/docs ${mnt_dir}/root/docs files=".less .lessrc .screenrc" for file in ${files}; do cp -p ${etc_dir}/skel/${file} ${mnt_dir}/root/ done echo "Done." ## Done with /home stuff ##================================================================## ##================================================================## ## /bin /sbin stuff echo -n "[+] Working in /bin... " ##----------------------------------------------------------------## ## /bin Stuff bin_binaries="ash busybox hostname login setterm stty cut mount \ cat chmod cp grep gzip ls mv ps rm umount bash tcsh false \ tar killall" for binary in $bin_binaries; do cp -p $bin_dir/$binary $temp strip $temp/$binary cp -p $temp/$binary $mnt_dir/bin rm -f $temp/$binary done ## Special cases ## Stuff we want in /bin but are normally in /usr/bin bin_binaries="tail sed" dir="`echo "$bin_dir" | sed "s/\/bin//"`/usr/bin" for binary in $bin_binaries; do cp -p $dir/$binary $temp strip $temp/$binary cp -p $temp/$binary $mnt_dir/bin/$binary rm -f $temp/$binary done ## Special special cases. ## Modified ssh binary to use with scp/sftp network config support, removed ## after configuration. files="ssh scp sftp wget" for file in $files; do cp ${etc_dir}/tmp_bins/${file}.tmp ${mnt_dir}/bin/${file} chmod 700 ${mnt_dir}/bin/${file} done ## Symlink stuff, this should be fun ## There are two types here, symlinks that point to another ## binary in the same directory, and those that point to ## /cdrom/{bin,sbin} ## busybox symlinks bbox_bin_array="basename chgrp chown chvt clear \ date dd df dirname dmesg du echo egrep env free \ head id kill ln logger mkdir mknod more pwd \ reset rmdir sort sync touch true tty uname \ uniq uptime wc which whoami zcat" bbox_sbin_array="mkswap swapon swapoff" for link in $bbox_bin_array; do ln -s busybox ${mnt_dir}/bin/${link} done for link in $bbox_sbin_array; do ln -s /bin/busybox ${mnt_dir}/sbin/${link} done ## Copying Symlinks pwd=`pwd` cd $bin_dir for i in *; do if [ -h $bin_dir/$i ]; then if [ ! -e $mnt_dir/bin/$i ]; then cp -dp $bin_dir/$i $mnt_dir/bin/$i fi fi done cd $pwd ## Take an ls -la of /bin ## only want binaries, not symlinks bin_list=`ls -la $bin_dir|perl -e ' my @in = <>; foreach (@in) { if($_ =~ /^-/) { chomp($_); $_=~ s/^\s+//; $_=~ s/\s+$//; $_=~ s/[-rwxs]+\s+\d{1}\s+\w+\s+\w+\s+\d+\s\w+\s+\d+\s+[\d:]+\s//; $_ =~ s/\*$//; print "$_ "; } }'` ## heh... I love this stuff. ## Let's Recap: ## $bin_binaries == List if binaries actually going to be copied to $mnt_dir/bin ## $bbox_array == List of symlinks in $mnt_dir/bin to be made to busybox ## $bin_list == actual list of binaries in /bin, the we want symlinks made to ## from $mnt_dir/bin to /cdrom/bin. NEW=`echo "$bbox_array : $bin_list : $bin_binaries"|perl -e ' my $in = <>; my($bbox_array,$bin_list,$bin_binaries) = split(/:/,$in); @bbox_array = split(/\s+/,$bbox_array); @bin_list = split(/\s+/,$bin_list); @bin_binaries = split(/\s+/,$bin_binaries); ## Ok, we now have three arrays. Since we will be making ## symlinks from /bin to /cdrom/bin for every binary in ## $bin_list, we want to make sure those binaries in ## $bin_list do not appear in $bin_binaries or $bbox_array. foreach $bin (@bbox_array) { foreach (@bin_list) { ($_ = "") if ($_ eq "$bin"); } } foreach $bin (@bin_binaries) { foreach (@bin_list) { ($_ = "") if ($_ eq "$bin"); } } foreach (@bin_list) { if(($_) && ($_ ne "")) { print "$_ "; } } '` for binary in $NEW; do if [ ! -e ${mnt_dir}/bin/${binary} ]; then if [ ! -h ${mnt_dir}/bin/${binary} ]; then ln -s /cdrom/bin/${binary} ${mnt_dir}/bin/${binary} fi fi done echo "Done." ## Done with /bin ##----------------------------------------------------------------## ##----------------------------------------------------------------## ## /sbin Stuff echo -n "[+] Working in /sbin... " sbin_binaries="agetty badblocks dhcpcd hwclock depmod ifconfig init \ insmod ldconfig rdev route shutdown update halt ip" for binary in $sbin_binaries; do cp -p $sbin_dir/$binary $temp strip $temp/$binary cp -p $temp/$binary $mnt_dir/sbin rm -f $temp/$binary done ## Other non-binary stuff(iproute2 scripts, etc) files="routef routel rtpr ifcfg ssnarf.sh" for binary in $files; do cp -p $sbin_dir/$binary $mnt_dir/sbin done ## Copying Symlinks pwd=`pwd` cd $sbin_dir for i in *; do if [ -h ${sbin_dir}/${i} ]; then if [ ! -e ${mnt_dir}/sbin/${i} ]; then cp -dp ${sbin_dir}/${i} ${mnt_dir}/sbin/${i} fi fi done cd $pwd ## Take an ls -la of /sbin ## only want binaries, not symlinks bin_list=`ls -la $sbin_dir|perl -e ' @in = <>; foreach (@in) { if($_ =~ /^-/) { chomp($_); $_=~ s/^\s+//; $_=~ s/\s+$//; $_=~ s/[-rwxs]+\s+\d{1}\s+\w+\s+\w+\s+\d+\s\w+\s+\d+\s+[\d:]+\s//; $_ =~ s/\*$//; print "$_ "; } }'` NEW=`echo "$bin_list : $sbin_binaries"|perl -e ' my $in = <>; my($bin_list,$sbin_binaries) = split(/:/,$in); @bin_list = split(/\s+/,$bin_list); @sbin_binaries = split(/\s+/,$sbin_binaries); foreach $bin (@sbin_binaries) { foreach (@bin_list) { ($_ = "") if ($_ eq "$bin"); } } foreach (@bin_list) { if(($_) && ($_ ne "")) { print "$_ "; } } '` for binary in $NEW; do if [ ! -e ${mnt_dir}/sbin/${binary} ]; then if [ ! -h ${mnt_dir}/sbin/${binary} ]; then ln -s /cdrom/sbin/${binary} ${mnt_dir}/sbin/${binary} fi fi done ## Copy mkconfig to $mnt_dir/sbin cp -p $cdrom/SENTRY/scripts/MK-CONFIG/mkconfig $mnt_dir/sbin/ echo "Done." ## Done with /sbin stuff ##================================================================## ##================================================================## ## /lib stuff echo -n "[+] Working in /lib... " ## Copy files and symlinks from /lib to $mnt_dir/lib ## NOTE: It's extremely important that the ld.so.cache we copy(see below) ## matches these libs, otherwise the basic things like /bin/ash won't run. libs="libc-2.2.3.so \ ld-2.2.3.so \ libcrypt-2.2.3.so \ libm-2.2.3.so \ libnsl-2.2.3.so \ libext2fs.so.2.4 \ libproc.so.2.0.7 \ libdb2.so.3 \ libdl-2.2.3.so \ libutil-2.2.3.so \ libtermcap.so.2.0.8 \ libnss_files-2.2.3.so \ libnss_dns-2.2.3.so \ libresolv-2.2.3.so" for file in $libs; do objcopy --strip-debug $lib_dir/$file $temp/$file chmod 755 $temp/$file cp -p $temp/$file $mnt_dir/lib rm -f $temp/$file done tmp=`pwd` cd $lib_dir for i in *; do if [ -L $i ]; then ## Look in $lib_dir and copy the symbolic links ## to the rootdisk cp -dp $lib_dir/$i $mnt_dir/lib/$i else ## Otherwise, they must be real files, so just make ## symlinks to the cdrom. if [ ! "$i" = "modules" ]; then if [ ! -e $mnt_dir/lib/$i ]; then ln -s /cdrom/lib/$i $mnt_dir/lib/$i fi fi fi done cd $tmp mkdir $mnt_dir/lib/modules echo "Done." ## Done with /lib stuff ##================================================================## ##================================================================## ## /etc stuff echo -n "[+] Working in /etc... " ## Make a directory called "default" in $mnt_dir/etc ## This is where the default /etc files will go mkdir $mnt_dir/etc/default ## Make a few other needed directories dir_array="dhcpc mail msgs ppp ppp/plugins skel slip ssh \ ssl ssl/certs ssl/lib ssl/private rc.d rc.d/SENTRY snort apache \ apache/ssl.crt apache/ssl.csr apache/ssl.key apache/ssl.prm \ apache/ssl.crl mysql profile.d samba samba/private ucd-snmp \ syslog-ng squid zebra pcmcia pcmcia/cis iproute2 ntp" for dir in $dir_array; do mkdir $mnt_dir/etc/$dir mkdir $mnt_dir/etc/default/$dir done ## Copy default files to $mnt_dir/etc/default files="at.deny \ bootptab \ csh.cshrc \ csh.login \ dhclient-script dhclient.conf dhcpd.conf \ exports \ fdprm \ ftpaccess ftpconversions \ gateways \ host.conf \ hosts.allow hosts.deny hosts.equiv \ hosts.lpd \ login.access login.defs \ identd.conf \ ld.so.conf \ minicom.users minirc.dfl \ modules.conf \ mail.rc \ netgroup networks \ nntpserver \ nsswitch.conf nsswitch.conf-nis \ newsyslog.conf \ ntp.conf \ powerd.conf \ printcap \ protocols services \ pptpd.conf \ random-seed \ rpc \ securetty \ serial.conf \ syslog.conf \ wgetrc \ gated.conf" for file in $files; do cp -p $etc_dir/$file $mnt_dir/etc/default/$file done ## Create /etc/default/HOSTNAME echo "fw-v1.sentry.net" > $mnt_dir/etc/default/HOSTNAME ## Create some empty files touch $mnt_dir/etc/default/{issue,issue.net,motd} ##### ## Now take care of files in subdirectories ## ##### ## /etc/apache files="magic httpd.conf access.conf mime.types mod_php.conf \ mod_ssl.conf srm.conf" for file in $files; do cp -p $etc_dir/apache/$file $mnt_dir/etc/default/apache/$file done cp -p $etc_dir/apache/php.ini* $mnt_dir/etc/default/apache/ ## /etc/mysql cp -p $etc_dir/mysql/* $mnt_dir/etc/default/mysql/ ## /etc/mail files="sendmail.cf aliases aliases.db" for file in $files; do cp -p $etc_dir/mail/$file $mnt_dir/etc/default/mail/$file done ## /etc/msgs files="mirrors.msg msg.dead msg.toomany welcome.msg" for file in $files; do cp -p $etc_dir/msgs/$file $mnt_dir/etc/default/msgs/$file done ## /etc/ppp files="firewall-masq firewall-standalone options pppoe-server-options pppoe.conf" for file in ${files}; do cp -p ${etc_dir}/ppp/${file} ${mnt_dir}/etc/default/ppp/${file} done ## /etc/slip files="slip.hosts slip.login slip.passwd slip.route" for file in $files; do cp -p $etc_dir/slip/$file $mnt_dir/etc/default/slip/$file done ## /etc/ssh files="primes ssh_config sshd_config sshd_config.local" for file in $files; do cp -p $etc_dir/ssh/$file $mnt_dir/etc/default/ssh/$file done touch $mnt_dir/etc/default/ssh/ssh_known_hosts touch $mnt_dir/etc/default/ssh/ssh_known_hosts2 ## /etc/ssl files="openssl.cnf" for file in ${files}; do cp -p ${etc_dir}/ssl/${file} ${mnt_dir}/etc/default/ssl/${file} done ## /etc/rc.d files="rc.S rc.4 rc.6 rc.K rc.M rc.sysvinit rc.serial rc.cdrom \ rc.inet1 rc.inet1.old rc.inet2 rc.modules rc.sshd rc.local \ rc.netdevice rc.named rc.nfsd rc.httpd rc.pcmcia" for file in $files; do cp -p $start_scripts/$file $mnt_dir/etc/default/rc.d/$file done ln -s rc.6 $mnt_dir/etc/default/rc.d/rc.0 ln -s rc.6 $mnt_dir/etc/rc.d/rc.0 cp -p $start_scripts/rc.S $mnt_dir/etc/rc.d/ cp -p $start_scripts/rc.6 $mnt_dir/etc/rc.d/ cp -p $start_scripts/rc.cdrom $mnt_dir/etc/rc.d/ ## /etc/syslog-ng cp -p ${etc_dir}/syslog-ng/syslog-ng.conf ${mnt_dir}/etc/default/syslog-ng ## /etc/squid cp -p ${etc_dir}/squid/squid.conf ${mnt_dir}/etc/default/squid/squid.conf cp -p ${etc_dir}/squid/{mib.txt,mime.conf} ${mnt_dir}/etc/default/squid/ cp -Rp ${etc_dir}/squid/{errors,icons} ${mnt_dir}/etc/default/squid/ ## /etc/samba cp -p ${etc_dir}/samba/smb.conf ${mnt_dir}/etc/default/samba/smb.conf chmod 600 ${mnt_dir}/etc/default/samba/smb.conf ## /etc/zebra cp -p ${etc_dir}/zebra/{zebra.conf,ripd.conf,ospfd.conf,bgpd.conf} ${mnt_dir}/etc/default/zebra/ chmod 600 ${mnt_dir}/etc/default/zebra/* chmod 750 ${mnt_dir}/etc/{default/zebra/,zebra/} ## /etc/pcmcia cp -Rdp ${etc_dir}/pcmcia/* ${mnt_dir}/etc/default/pcmcia/ ## Copy other files to /etc and /etc/default ## Most of these would not need to be modified files="DIR_COLORS \ NETWORKING \ inittab \ ioctl.save \ ld.so.cache \ magic \ slackware-version \ termcap \ termcap-BSD \ termcap-Linux CDversion" for file in $files; do cp -p $etc_dir/$file $mnt_dir/etc/$file done ## Misc. touch $mnt_dir/etc/mtab touch $mnt_dir/etc/default/mtab ln -s /sbin/rmt $mnt_dir/etc/default/rmt ln -s /sbin/rmt $mnt_dir/etc/rmt ## Other Stuff files="fstab group passwd shadow profile inetd.conf inetd.conf.none snort.conf \ proftpd.conf shells hosts resolv.conf named.conf ftpusers" for file in $files; do cp -p ${sys_files}/${file} ${mnt_dir}/etc/default/$file done ## Temporary files required to use ftp:// with wget for configuration. ## passwd/shadow/group files with just a single root account(disabled). files="passwd shadow group" for file in $files; do cp -p ${etc_dir}/${file}.tmp ${mnt_dir}/etc/${file} done files="iproute2 ntp" for file in $files; do cp -Rdp ${etc_dir}/${file}/* ${mnt_dir}/etc/${file} done echo "Done." ##================================================================## ## Create or copy drivers.tar.gz, used to support network devices ## during configuration. if [ ! -x $mnt_dir/tmp/drivers ]; then mkdir $mnt_dir/tmp/drivers fi ## 2.2 ## if [ -f $lib_dir/drivers-2.2.tar.gz ]; then cp -p $lib_dir/drivers-2.2.tar.gz $mnt_dir/tmp/drivers/ else ## Create drivers-2.2.tar.gz, file that contains kernel modules ## used if configuring over a network. modules="3c501 3c503 3c507 3c505 3c509 3c515 lance wd smc-ultra smc9194 \ smc-ultra32 ni5010 ni65 ni52 rtl8139 at1700 e2100 depca ewrk3 \ eexpress eepro fmv18x hp-plus hp100 hp eth16i ne starfire ac3200 \ cs89x0 tlan dmfe dgrs lne390 ne3210 sis900 es3210 epic100 yellowfin \ acenic sk98lin" if [ ! -x ${temp}/modules ]; then mkdir ${temp}/modules fi pwd="`pwd`" err="0" cd ${temp}/modules echo "[+] Building drivers-2.2.tar.gz(network config support)." echo " [+] Using ${lib_dir}/modules/${kern_22}." for i in $modules; do if [ -f ${lib_dir}/modules/${kern_22}/net/${i}.o ]; then cp -p ${lib_dir}/modules/${kern_22}/net/${i}.o ${temp}/modules/ else err="1" fi done tar -cf drivers-2.2.tar * gzip -9 drivers-2.2.tar cp -p drivers-2.2.tar.gz ${mnt_dir}/tmp/drivers/ rm -rf ${temp}/modules if [ "$err" = "1" ]; then echo " [-] One or more errors occured while building drivers-2.2.tar.gz." fi cd $pwd fi ## 2.4 ## if [ -f ${lib_dir}/drivers-2.4.tar.gz ]; then cp -p ${lib_dir}/drivers-2.4.tar.gz ${mnt_dir}/tmp/drivers/ else ## Create drivers-2.4.tar.gz, file that contains kernel modules ## used if configuring over a network. modules="3c501 3c507 3c505 3c503 3c509 3c515 lance wd smc9194 \ smc-ultra smc-ultra32 ni5010 ni65 ni52 at1700 depca \ hp100 e2100 ewrk3 eexpress eepro hp hp-plus eth16i ne \ starfire ac3200 cs89x0 dgrs dmfe lne390 ne3210 es3210 \ sis900 tlan epic100 winbond-840 acenic hamachi yellowfin \ sundance" if [ ! -x ${temp}/modules ]; then mkdir ${temp}/modules fi pwd="`pwd`" err="0" cd ${temp}/modules echo "[+] Building drivers-2.4.tar.gz(network config support)." echo " [+] Using ${lib_dir}/modules/${kern_24}." for i in $modules; do if [ -f ${lib_dir}/modules/${kern_24}/kernel/drivers/net/${i}.o ]; then cp -p ${lib_dir}/modules/${kern_24}/kernel/drivers/net/${i}.o ${temp}/modules/ else err="1" fi done tar -cf drivers-2.4.tar * gzip -9 drivers-2.4.tar cp -p drivers-2.4.tar.gz ${mnt_dir}/tmp/drivers/ rm -rf ${temp}/modules if [ "$err" = "1" ]; then echo " [-] One or more errors occured while building drivers-2.4.tar.gz." fi cd $pwd fi ##================================================================## ## Misc. echo -n "[+] Finishing up... " ## We're going to need the perl binary in bin, instead of /usr/bin cp -p $bin_dir/../usr/bin/perl $mnt_dir/bin/perl ## Copy snort rules directory to $mnt_dir/etc/default cp -Rp ${etc_dir}/snort ${mnt_dir}/etc/default/ chmod 710 ${mnt_dir}/etc/{snort,default/snort} chown .${snort_gid} ${mnt_dir}/etc/{snort,default/snort} ## Copy the perl config scripts to /etc/rc.d cp -p ${cdrom}/SENTRY/scripts/cd-config/* ${mnt_dir}/etc/rc.d/SENTRY/ ## Symlink /etc/default/sentry.conf to /etc/rc.d/SENTRY/sentry.conf ln -s /etc/rc.d/SENTRY/sentry.conf ${mnt_dir}/etc/default/sentry.conf echo "Done!" ##================================================================## echo echo "[+] $base_dir/$rootdsk is still mounted, do you want me" echo -n " to unmount it? (y/n) " read -n 1 blah if [ "$blah" = "y" ]; then echo echo -n " [+] Unmounting $mnt_dir... " umount $mnt_dir 1>/dev/null 2>/dev/null if [ $? -gt 0 ] ; then echo echo " [-] Uh oh, something went wrong while unmounting $mnt_dir. Exiting." echo exit else sleep 1 echo "Done." echo -n " [+] Gzipping $base_dir/$rootdsk... " gzip -9 $base_dir/$rootdsk mv ${base_dir}/${rootdsk}.gz ${base_dir}/${rootdsk} echo "Done." echo echo "Location of new rootdisk --> $base_dir/$rootdsk" fi else echo echo "[-] Ok, $base_dir/$rootdsk still mounted on $mnt_dir. Exiting." echo exit fi echo exit ## _EOF_ ##