version 0.2

Install debian:
        Requires a system with a network connection and an internet connection.

Partition Hard Disk
        hda1    200MB   /       Bootable
        hda2    128mb   swap
        hda3    16MB    /altvar
        hda6    -       /u

do not initialize /altvar and /u

Install Kernal and Driver Modules

Configure Device Driver Modules (network interface)

Configure Network
        use the appropriate values for the local situation

if installing via serial port Edit Kernel Boot Paramet ers
        "console=tty0 console=ttyS0,9600n8"

Install Base System
        network

Make System Bootable
        Install LILO in the MBR
        Put All In Menu

Reboot System

Configure the System

        set hardware clock to GMT
        Select System V Style time zones
                PST8PDT
        MD5 Passwords-yes
        Shadow Passwords-yes
        Set Password for root
## conflicts with adam's login  Add User ptp, PTP Admin Account
        do not remove pcmcia packages
        do not use PPP to install system
        chose apt method-http
        Use non-US software-yes
        Use non-free software-no
        Select a country-US
        choose debian mirror-whatever
                proxy information per local requirements

wait....

        Another apt source-no
        Use security updates-yes
        Run tasksel-no
        Run dselect-no

        exim config-5

login Prompt...login as root (I hope you remember the password you set)

cd /root

dpkg --purge ppp pppconfig pppoe pppoeconf telnet tasksel manpages fdutils groff-base info man-db
rm -rf /etc/chatscripts /etc/ppp

apt-get install wget wireless-tools snmpd ssh iproute dhcp dnsmasq grub ssmtp perl-modules devfsd ntp-simple netsaint-plugins sudo
        all defaults except:
        select time server -
                timeservers time.personaltelco.net time.easystreet.com
        Overwrite /etc/ntp.conf - yes
        Who gets mail for userids < 1000? "nodes"
        name of mail hub? "mail.personaltelco.net"
        What domain to masquerade as? "personaltelco.net"

wget http://www.personaltelco.net/download/bewitched/hostap-modules-2.4.20-bewitched_2002.10.12-2+2.4.20-bewitched+0.2_all.deb
wget http://www.personaltelco.net/download/bewitched/kernel-image-2.4.20-bewitched_0.2_i386.deb
wget http://www.personaltelco.net/download/bewitched/nocatauth_0.81-4_i386.deb
wget http://www.personaltelco.net/download/bewitched/hostap_cs.conf
wget http://www.personaltelco.net/download/bewitched/throttle-cbqsfq.fw
wget http://www.personaltelco.net/download/bewitched/throttle-htbsfq.fw
wget http://www.personaltelco.net/download/bewitched/splash.tgz

update-rc.d -f inet remove

dpkg --install kernel-image-2.4.20-bewitched_0.2_i386.deb
        depmod errors (unresolved sysbols etc...)
            "There was a problem running depmod.  This may be benign,
              (You may have versioned symbol names, for instance).
              Or this could be an error.
                      depmod exited with return value 1
              In any case, since depmod is run at install time,
              we could just defer running depmod
              Would you like to abort now? [Yes]"
         answer n
              "Would you like to create a boot floppy now? [No]"
         answer n
              "Install a boot block using the existing /etc/lilo.conf? [Yes]"
         answer n
              "Wipe out your old LILO configuration and make a new one? [No]"
         answer n

dpkg --install hostap-modules-2.4.20-bewitched_2002.10.12-2+2.4.20-bewitched+0.2_all.deb

addfile /etc/logrotate.d/nocat
        /var/log/nocat.log {
            rotate 2
            daily
            copytruncate
            missingok
            compress
            size 1500k
        }

edit /etc/logrotate.conf
    change line "weekly" to daily
    change line "# keep 4 weeks worth of backlogs"
    to "# keep 2 days worth of backlogs"
    change line "rotate 4" to "rotate 2"
    following this line, add a blank line and the two lines
        # limit the size of any log file to 200k bytes
        size 200k

mkdir /etc/cron.hourly
mv /etc/cron.daily/logrotate /etc/cron.hourly

edit /etc/crontab
    to the end of the file, add the line
        13 * * * *   root     test -e /usr/sbin/anacron || run-parts --report /etc/cron.hourly

rm -rf /lib/modules/2.2.20 /boot/*2.2.20*

edit /etc/default/dnsmasq
        add line 'DNSMASQ_INTERFACE="wlan0"'

rm /etc/rc[0-6].d/*dhcp /etc/rc[0-6].d/*dnsmasq

cp hostap_cs.conf /etc/pcmcia/hostap_cs.conf

edit /etc/hosts.deny
        the one uncommented line should be
        ALL: ALL@ALL

edit /etc/hosts.allow
        should have the line
        sshd: ALL@ALL

configure hostap
if you are using hostap_plx add to /etc/modules

if you need module options, such as "ignore_cis_vcc=1" :
edit /etc/pcmcia/hostap_cs.conf add the following line to the end of the file:
module "hostap_cs" opts "ignore_cis_vcc=1"

put whatever options are required with in the quotes following opts.

edit /etc/network/interfaces
to the end of the file add (substituting the correct address etc..):
        iface wlan0 inet static
                address 10.11.0.1
                netmask 255.255.255.0
                network 10.11.0.0
                broadcast 10.11.0.255
                pre-up iwconfig wlan0 mode master
                pre-up iwconfig wlan0 channel 1
                pre-up iwconfig wlan0 essid www.personaltelco.net

configure dhcp
edit /etc/default/dhcp
change 'INTERFACES=""' to 'INTERFACES="wlan0"'

replace /etc/dhcpd.conf with following with the correct addresses:
option domain-name "personaltelco.net";
option domain-name-servers 10.11.0.1;

option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;

subnet 10.11.0.0 netmask 255.255.255.0 {
  range 10.11.0.100 10.11.0.249;
  option routers 10.11.0.1;
}


grub-install /dev/hda
update-grub
        "Could not find /boot/grub/menu.lst file.
         Would you like one generated for you? (y/N)" - yes

edit /boot/grub/menu.lst
        (if serial)
                following the line: "default         0"
                add:
                        ## serial console
                        serial --unit=0 --speed=9600 --parity=no
                        terminal --timeout=10 serial console

        (if building for a disk based system)
                change: "default         0" to "default         saved"

        to the line "# kopt=root=/dev/hda1 ro"
        (if serial)
                add " console=tty0 console=ttyS0,9600n8"

update-grub     #again

edit /boot/grub/menu.lst
        remove lines "savedefault"

edit /root/.profile
        to the PATH line add ":/root/bin"

mkdir /root/bin

create file /root/bin/remountrw
---------- start ------------
#! /bin/sh
# The following is to track the actions of admins, not catch crackers
(echo root filesystem remounted RW;hostname;who -Hurbt)| \
        /usr/bin/mail -s "Security Notice remountrw" nodes@personaltelco.net
/bin/mount -o remount,rw,noatime /
---------- end ------------

create file /root/bin/remountro
---------- start ------------
#! /bin/sh
/bin/mount -o remount,ro /
---------- end ------------

create file /root/bin/mountu
---------- start ------------
#! /bin/sh
mount /u && exit
# mount failed, rebuild the filesystem
mkfs.ext3 /dev/hda4
mount /u && (cd / ; tar xzf /etc/u.tgz) && exit
logger -p user.alert "rebuild of /u failed"
---------- end ------------

replace file /etc/issue.net with
---------- start ------------
*********************************
*       R E S T R I C T E D     *
*            H O S T            *
*********************************
     Authorized Access Only
---------- end ------------

edit /etc/ssh/sshd_config
        remove the leading comment from the line:
        "#Banner /etc/issue.net"
        change "Port 22" to "Port 2222"

chmod 755 /root/bin/remountro /root/bin/remountrw /root/bin/mountu

rm /etc/mtab
ln -s /proc/mounts /etc/mtab

# now we try to make root read-only

edit /etc/modules
        add the following lines to the end of the file:
        sch_sfq
        sch_cbq
        sch_red
        sch_htb
        sch_tbf
        sch_ingress
        sch_prio

rm -rf /tmp
ln -s /var/tmp /tmp

mkdir -p /var/local/etc/network
mv /etc/network/ifstate /var/local/etc/network
ln -s /var/local/etc/network/ifstate /etc/network/ifstate

mv /etc/resolv.conf /etc/resolv.conf.default
ln -s /var/local/etc/resolv.conf /etc/resolv.conf

# make package info persistent
mkdir -p /etc/var/lib
cp -a /var/lib/dpkg /etc/var/lib/dpkg
rm -rf /var/lib/dpkg
ln -s /etc/var/lib/dpkg /var/lib/dpkg
cp -a /var/lib/apt /etc/var/lib/apt
rm -rf /var/lib/apt
ln -s /etc/var/lib/apt /var/lib/apt

# create /var template
cd /
rm var/cache/debconf/* var/cache/apt/* var/cache/apt/archives/*.deb
rm -rf var/spool/exim var/log/exim
mkdir foo
tar czf - var | ( cd foo; tar xzvf - )
rm /foo/var/run/* /foo/var/run/sshd/* /foo/var/log/* /foo/var/log/ksymoops/* /foo/var/log/news/*
rm /foo/var/log/ntpstats/*
tar czvf /etc/var.tgz var
rm -rf foo

reboot #

edit /etc/inittab
        at the end of the file, add:
                dh:2345:respawn:/usr/sbin/dhcpd -d -q wlan0
                dn:2345:respawn:/usr/sbin/dnsmasq -d -i wlan0
                nc:2345:respawn:/usr/nocat/bin/gateway -d

edit /etc/init.d/modutils
        comment out 4 lines starting with "[ -e /sbin/depmod ] || exit 0"

dpkg --install nocatauth_0.81-4_i386.deb
    Take defaults except:
        Gateway Name "PersonalTelcoNet"
        GatewayMode - Open
        Login Timeout - 7200
        Internal Device - wlan0

cd /usr/nocat/bin/iptables
cp ~/throttle-cbqsfq.fw .
cp ~/throttle-htbsfq.fw .
cd ..

ln -s iptables/throttle-cbqsfq.fw throttle.fw
chmod +x iptables/throttle-cbqsfq.fw

cd ../htdocs
tar xzvf ~/splash.tgz

edit /etc/fstab
        in the line for "/", change "errors=remount-ro" to "ro"
        add the lines:
                "/dev/hda3       /var            ext2    defaults                0       0"
                "/dev/hda4       /u              ext3    defaults,noauto         0       0"


edit /etc/init.d/mountall.sh
        before the line "mount -avt nonfs,nosmbfs,noncpfs,noproc" add the
                line:
        mkfs.ext2 /dev/hda3
        and following that same line add the 2 line2:
                tar -xz -C / -f /etc/var.tgz
                cp /etc/resolv.conf.default /var/local/etc/resolv.conf
mv /var /foo

mkdir /var

cd /root
rm *

reboot

remountrw

rm -rf /foo

# if building compactflash
cd /
tar czvf - bin etc home lib mnt sbin usr vmlinuz boot initrd opt root | ssh bone.personaltelco.net dd of=/var/www/www.personaltelco.net/download/bewitched/stage1-0.2.tgz

--- BrianBeattie


[CategoryBeWitched]