version 0.2 Install debian: Requires a system with a network connection and an internet connection. Partition Hard Disk hda1 200MB / Bootable hda2 128mb swap hda3 16MB /altvar hda6 - /u do not initialize /altvar and /u Install Kernal and Driver Modules Configure Device Driver Modules (network interface) Configure Network use the appropriate values for the local situation if installing via serial port Edit Kernel Boot Paramet ers "console=tty0 console=ttyS0,9600n8" Install Base System network Make System Bootable Install LILO in the MBR Put All In Menu Reboot System Configure the System set hardware clock to GMT Select System V Style time zones PST8PDT MD5 Passwords-yes Shadow Passwords-yes Set Password for root ## conflicts with adam's login Add User ptp, PTP Admin Account do not remove pcmcia packages do not use PPP to install system chose apt method-http Use non-US software-yes Use non-free software-no Select a country-US choose debian mirror-whatever proxy information per local requirements wait.... Another apt source-no Use security updates-yes Run tasksel-no Run dselect-no exim config-5 login Prompt...login as root (I hope you remember the password you set) cd /root dpkg --purge ppp pppconfig pppoe pppoeconf telnet tasksel manpages fdutils groff-base info man-db rm -rf /etc/chatscripts /etc/ppp apt-get install wget wireless-tools snmpd ssh iproute dhcp dnsmasq grub ssmtp perl-modules devfsd ntp-simple netsaint-plugins sudo all defaults except: select time server - timeservers time.personaltelco.net time.easystreet.com Overwrite /etc/ntp.conf - yes Who gets mail for userids < 1000? "nodes" name of mail hub? "mail.personaltelco.net" What domain to masquerade as? "personaltelco.net" wget http://www.personaltelco.net/download/bewitched/hostap-modules-2.4.20-bewitched_2002.10.12-2+2.4.20-bewitched+0.2_all.deb wget http://www.personaltelco.net/download/bewitched/kernel-image-2.4.20-bewitched_0.2_i386.deb wget http://www.personaltelco.net/download/bewitched/nocatauth_0.81-4_i386.deb wget http://www.personaltelco.net/download/bewitched/hostap_cs.conf wget http://www.personaltelco.net/download/bewitched/throttle-cbqsfq.fw wget http://www.personaltelco.net/download/bewitched/throttle-htbsfq.fw wget http://www.personaltelco.net/download/bewitched/splash.tgz update-rc.d -f inet remove dpkg --install kernel-image-2.4.20-bewitched_0.2_i386.deb depmod errors (unresolved sysbols etc...) "There was a problem running depmod. This may be benign, (You may have versioned symbol names, for instance). Or this could be an error. depmod exited with return value 1 In any case, since depmod is run at install time, we could just defer running depmod Would you like to abort now? [Yes]" answer n "Would you like to create a boot floppy now? [No]" answer n "Install a boot block using the existing /etc/lilo.conf? [Yes]" answer n "Wipe out your old LILO configuration and make a new one? [No]" answer n dpkg --install hostap-modules-2.4.20-bewitched_2002.10.12-2+2.4.20-bewitched+0.2_all.deb addfile /etc/logrotate.d/nocat /var/log/nocat.log { rotate 2 daily copytruncate missingok compress size 1500k } edit /etc/logrotate.conf change line "weekly" to daily change line "# keep 4 weeks worth of backlogs" to "# keep 2 days worth of backlogs" change line "rotate 4" to "rotate 2" following this line, add a blank line and the two lines # limit the size of any log file to 200k bytes size 200k mkdir /etc/cron.hourly mv /etc/cron.daily/logrotate /etc/cron.hourly edit /etc/crontab to the end of the file, add the line 13 * * * * root test -e /usr/sbin/anacron || run-parts --report /etc/cron.hourly rm -rf /lib/modules/2.2.20 /boot/*2.2.20* edit /etc/default/dnsmasq add line 'DNSMASQ_INTERFACE="wlan0"' rm /etc/rc[0-6].d/*dhcp /etc/rc[0-6].d/*dnsmasq cp hostap_cs.conf /etc/pcmcia/hostap_cs.conf edit /etc/hosts.deny the one uncommented line should be ALL: ALL@ALL edit /etc/hosts.allow should have the line sshd: ALL@ALL configure hostap if you are using hostap_plx add to /etc/modules if you need module options, such as "ignore_cis_vcc=1" : edit /etc/pcmcia/hostap_cs.conf add the following line to the end of the file: module "hostap_cs" opts "ignore_cis_vcc=1" put whatever options are required with in the quotes following opts. edit /etc/network/interfaces to the end of the file add (substituting the correct address etc..): iface wlan0 inet static address 10.11.0.1 netmask 255.255.255.0 network 10.11.0.0 broadcast 10.11.0.255 pre-up iwconfig wlan0 mode master pre-up iwconfig wlan0 channel 1 pre-up iwconfig wlan0 essid www.personaltelco.net configure dhcp edit /etc/default/dhcp change 'INTERFACES=""' to 'INTERFACES="wlan0"' replace /etc/dhcpd.conf with following with the correct addresses: option domain-name "personaltelco.net"; option domain-name-servers 10.11.0.1; option subnet-mask 255.255.255.0; default-lease-time 600; max-lease-time 7200; subnet 10.11.0.0 netmask 255.255.255.0 { range 10.11.0.100 10.11.0.249; option routers 10.11.0.1; } grub-install /dev/hda update-grub "Could not find /boot/grub/menu.lst file. Would you like one generated for you? (y/N)" - yes edit /boot/grub/menu.lst (if serial) following the line: "default 0" add: ## serial console serial --unit=0 --speed=9600 --parity=no terminal --timeout=10 serial console (if building for a disk based system) change: "default 0" to "default saved" to the line "# kopt=root=/dev/hda1 ro" (if serial) add " console=tty0 console=ttyS0,9600n8" update-grub #again edit /boot/grub/menu.lst remove lines "savedefault" edit /root/.profile to the PATH line add ":/root/bin" mkdir /root/bin create file /root/bin/remountrw ---------- start ------------ #! /bin/sh # The following is to track the actions of admins, not catch crackers (echo root filesystem remounted RW;hostname;who -Hurbt)| \ /usr/bin/mail -s "Security Notice remountrw" nodes@personaltelco.net /bin/mount -o remount,rw,noatime / ---------- end ------------ create file /root/bin/remountro ---------- start ------------ #! /bin/sh /bin/mount -o remount,ro / ---------- end ------------ create file /root/bin/mountu ---------- start ------------ #! /bin/sh mount /u && exit # mount failed, rebuild the filesystem mkfs.ext3 /dev/hda4 mount /u && (cd / ; tar xzf /etc/u.tgz) && exit logger -p user.alert "rebuild of /u failed" ---------- end ------------ replace file /etc/issue.net with ---------- start ------------ ********************************* * R E S T R I C T E D * * H O S T * ********************************* Authorized Access Only ---------- end ------------ edit /etc/ssh/sshd_config remove the leading comment from the line: "#Banner /etc/issue.net" change "Port 22" to "Port 2222" chmod 755 /root/bin/remountro /root/bin/remountrw /root/bin/mountu rm /etc/mtab ln -s /proc/mounts /etc/mtab # now we try to make root read-only edit /etc/modules add the following lines to the end of the file: sch_sfq sch_cbq sch_red sch_htb sch_tbf sch_ingress sch_prio rm -rf /tmp ln -s /var/tmp /tmp mkdir -p /var/local/etc/network mv /etc/network/ifstate /var/local/etc/network ln -s /var/local/etc/network/ifstate /etc/network/ifstate mv /etc/resolv.conf /etc/resolv.conf.default ln -s /var/local/etc/resolv.conf /etc/resolv.conf # make package info persistent mkdir -p /etc/var/lib cp -a /var/lib/dpkg /etc/var/lib/dpkg rm -rf /var/lib/dpkg ln -s /etc/var/lib/dpkg /var/lib/dpkg cp -a /var/lib/apt /etc/var/lib/apt rm -rf /var/lib/apt ln -s /etc/var/lib/apt /var/lib/apt # create /var template cd / rm var/cache/debconf/* var/cache/apt/* var/cache/apt/archives/*.deb rm -rf var/spool/exim var/log/exim mkdir foo tar czf - var | ( cd foo; tar xzvf - ) rm /foo/var/run/* /foo/var/run/sshd/* /foo/var/log/* /foo/var/log/ksymoops/* /foo/var/log/news/* rm /foo/var/log/ntpstats/* tar czvf /etc/var.tgz var rm -rf foo reboot # edit /etc/inittab at the end of the file, add: dh:2345:respawn:/usr/sbin/dhcpd -d -q wlan0 dn:2345:respawn:/usr/sbin/dnsmasq -d -i wlan0 nc:2345:respawn:/usr/nocat/bin/gateway -d edit /etc/init.d/modutils comment out 4 lines starting with "[ -e /sbin/depmod ] || exit 0" dpkg --install nocatauth_0.81-4_i386.deb Take defaults except: Gateway Name "PersonalTelcoNet" GatewayMode - Open Login Timeout - 7200 Internal Device - wlan0 cd /usr/nocat/bin/iptables cp ~/throttle-cbqsfq.fw . cp ~/throttle-htbsfq.fw . cd .. ln -s iptables/throttle-cbqsfq.fw throttle.fw chmod +x iptables/throttle-cbqsfq.fw cd ../htdocs tar xzvf ~/splash.tgz edit /etc/fstab in the line for "/", change "errors=remount-ro" to "ro" add the lines: "/dev/hda3 /var ext2 defaults 0 0" "/dev/hda4 /u ext3 defaults,noauto 0 0" edit /etc/init.d/mountall.sh before the line "mount -avt nonfs,nosmbfs,noncpfs,noproc" add the line: mkfs.ext2 /dev/hda3 and following that same line add the 2 line2: tar -xz -C / -f /etc/var.tgz cp /etc/resolv.conf.default /var/local/etc/resolv.conf mv /var /foo mkdir /var cd /root rm * reboot remountrw rm -rf /foo # if building compactflash cd / tar czvf - bin etc home lib mnt sbin usr vmlinuz boot initrd opt root | ssh bone.personaltelco.net dd of=/var/www/www.personaltelco.net/download/bewitched/stage1-0.2.tgz
--- BrianBeattie