• BuildBeWitched

Install debian:

• Requires a system with a network connection and an internet connection.

Partition Hard Disk

• hda1 200MB / Bootable hda2 128mb swap hda3 16MB /altvar hda6 - /u

Install Kernal and Driver Modules

Configure Device Driver Modules (network interface)

Configure Network

• use the appropriate values for the local situation

if installing via serial port Edit Kernel Boot Parameters

• "console=tty0 console=ttyS0,9600n8"

Install Base System

• network

Make System Bootable

• Install LILO in the MBR Put All In Menu

Reboot System

Configure the System

• set hardware clock to GMT Select System V Style time zones
  • PST8PDT
  MD5 Passwords-yes Shadow Passwords-yes Set Password for root Add User ptp, PTP Admin Account do not remove pcmcia packages do not use PPP to install system chose apt method-http Use non-US software-yes Use non-free software-no Select a country-US choose debian mirror-whatever
  • proxy information per local requirements

wait....

• Another apt source-no Use security updates-yes Run tasksel-no Run dselect-no exim config-5

login Prompt...login as root (I hope you remember the password you set)

dpkg --purge ppp pppconfig pppoe pppoeconf telnet tasksel manpages fdutils groff-base info man-db rm -rf /etc/chatscripts /etc/ppp

#rm -rf /usr/share/locale /usr/share/doc /usr/share/man

apt-get install wget wireless-tools snmpd ssh iproute dhcp dnsmasq grub ssmtp perl-modules devfsd ntp netsaint-plugins

• all defaults except:

  Who gets mail for userids < 1000? "nodes" name of mail hub? "mail.personaltelco.net" What domain to masquerade as? "personaltelco.net" select time server - Overwrite /etc/ntp.conf - yes

edit /etc/default/dnsmasq

• add line 'DNSMASQ_INTERFACE="wlan0"'

rm /etc/rc[0-6].d/*dhcp /etc/rc[0-6].d/*dnsmasq

edit /etc/inittab

• at the end of the file, add:
  • dh:2345:respawn:/usr/sbin/dhcpd -d -q wlan0 dn:2345:respawn:/usr/sbin/dnsmasq -d -i wlan0 nc:2345:respawn:/usr/local/nocat/bin/gateway -d

cd /root wget http://www.beattie-home.net/beattie/PersonalTelcoProject/hostap-modules-2.4.20-ptp-0.1_2002.09.12-2+2.4.20-ptp-0.1+ptp.0.1_i386.deb wget http://www.beattie-home.net/beattie/PersonalTelcoProject/kernel-image-2.4.20-ptp-0.1_ptp.0.1_i386.deb wget http://www.beattie-home.net/beattie/PersonalTelcoProject/ptp-nocat.deb wget http://www.beattie-home.net/beattie/PersonalTelcoProject/hostap_cs.conf

dpkg --install kernel-image-2.4.20-ptp-0.1_ptp.0.1_i386.deb dpkg --install hostap-modules-2.4.20-ptp-0.1_2002.09.12-2+2.4.20-ptp-0.1+ptp.0.1_i386.deb dpkg --install ptp-nocat.deb

edit /usr/local/nocat/nocat.conf

• set the LocalNetworkAddress

cp hostap_cs.conf /etc/pcmcia/hostap_cs.conf

(see hostap.txt) (see dhcp.txt)

grub-install /dev/hda update-grub

• "Could not find /boot/grub/menu.lst file. Would you like one generated for you? (y/N)" - yes

<edit /boot/grub/menu.lst>

• (if serial)
  • following the line: "default 0" add:
    • ## serial console serial --unit=0 --speed=9600 --parity=no terminal --timeout=10 serial console
  (if building for a disk based system)
  • change: "default 0" to "default saved"
  to the line "# kopt=root=/dev/hda1 ro" (if serial)
  • add " console=tty0 console=ttyS0,9600n8"

update-grub #again

reboot

# now we try to make root read-only

edit /root/.profile

• to the PATH line add ":/root/bin"

create file /root/bin/remountrw

start

#! /bin/sh # The following is to track the actions of admins, not catch crackers (echo root filesystem remounted RW;who)|/usr/bin/mail -s "Security Notice remountrw" root /bin/mount -o remount,rw,noatime /

end

create file /root/bin/remountro

start

#! /bin/sh /bin/mount -o remount,ro /

end

chmod 755 /root/bin/remountro /root/bin/remountrw

rm /etc/mtab ln -s /proc/mounts /etc/mtab

edit /etc/init.d/modutils

• comment out 4 lines starting with "[ -e /sbin/depmod ] || exit 0"

#mkdir /var/lib/modules/2.4.2 #cd /lib/modules/2.4.20 #mv modules.dep /var/lib/modules/2.4.2 #ln -s /var/lib/modules/2.4.2.modules.dep . #mv modules.generic_string /var/lib/modules/2.4.2 #ln -s /var/lib/modules/2.4.2.modules.generic_string . #mv modules.ieee1394map /var/lib/modules/2.4.2 #ln -s /var/lib/modules/2.4.2.modules.ieee1394map . #mv modules.isapnpmap /var/lib/modules/2.4.2 #ln -s /var/lib/modules/2.4.2.modules.isapnpmap . #mv modules.parportmap /var/lib/modules/2.4.2 #ln -s /var/lib/modules/2.4.2.modules.parportmap . #mv modules.pcimap /var/lib/modules/2.4.2 #ln -s /var/lib/modules/2.4.2.modules.pcimap . #mv modules.pnpbiosmap /var/lib/modules/2.4.2 #ln -s /var/lib/modules/2.4.2.modules.pnpbiosmap . #mv modules.usbmap /var/lib/modules/2.4.2 #ln -s /var/lib/modules/2.4.2.modules.usbmap . # #cd /

rm -rf /tmp ln -s /var/tmp /tmp

mkdir -p /altvar/local/etc/network mv /etc/network/ifstate /altvar/local/etc/network ln -s /var/local/etc/network/ifstate /etc/network/ifstate

mv /etc/resolv.conf /altvar/local/etc/resolv.conf ln -s /var/local/etc/resolv.conf /etc/resolv.conf

# make package info persistent mkdir -p /etc/var/lib cp -a /var/lib/dpkg /etc/var/lib/dpkg rm -rf /var/lib/dpkg ln -s /etc/var/lib/dpkg /var/lib/dpkg cp -a /var/lib/apt /etc/var/lib/apt rm -rf /var/lib/apt ln -s /etc/var/lib/apt /var/lib/apt

# create /var template cd / rm var/cache/debconf/* var/cache/apt/* var/cache/apt/archives/*.deb rm -rf var/spool/exim var/log/exim mkdir foo tar czf - var | ( cd foo; tar xzvf - ) rm /foo/var/run/* /foo/var/run/sshd/* /foo/var/log/* /foo/var/log/ksymoops/* /foo/var/log/news/* rm /foo/var/log/ntpstats/* mkdir -p /foo/var/local/etc/network cp /dev/null /foo/var/local/etc/resolv.conf tar czvf /etc/var.tgz var rm -rf foo

edit /etc/fstab

• in the line for "/", change "errors=remount-ro" to "ro" add the lines:
  • "/dev/hda3 /var ext2 defaults 0 0" "/dev/hda4 /u ext3 defaults,noauto 0 0"

edit /etc/init.d/mountall.sh

• following the line "mount -avt nonfs,nosmbfs,noncpfs,noproc" add the
  • line:
  tar -xz -C / -f /etc/var.tgz

reboot into single user

/root/bin/remountrw rm -rf /var mkdir /var

reboot