ADDED Examples/fedora-live-base.ks Index: Examples/fedora-live-base.ks ================================================================== --- /dev/null +++ Examples/fedora-live-base.ks @@ -0,0 +1,336 @@ +# fedora-live-base.ks +# +# Defines the basics for all kickstarts in the fedora-live branch +# Does not include package selection (other then mandatory) +# Does not include localization packages or configuration +# +# Does includes "default" language configuration (kickstarts including +# this template can override these settings) + +lang en_US.UTF-8 +keyboard us +timezone US/Eastern +auth --useshadow --enablemd5 +selinux --enforcing +firewall --enabled --service=mdns +xconfig --startxonboot +part / --size 3072 --fstype ext4 +services --enabled=NetworkManager --disabled=network,sshd + +#repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch +repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-14&arch=$basearch +repo --name=updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f14&arch=$basearch +#repo --name=updates-testing --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f14&arch=$basearch + +%packages +@base-x +@base +@core +@fonts +@input-methods +# use a small pinyin db for live +-ibus-pinyin-db-open-phrase +ibus-pinyin-db-android +@admin-tools +@dial-up +@hardware-support +@printing + +# Explicitly specified here: +# walters: because otherwise dependency loops cause yum issues. +kernel + +# This was added a while ago, I think it falls into the category of +# "Diagnosis/recovery tool useful from a Live OS image". Leaving this untouched +# for now. +memtest86+ + +# The point of a live image is to install +anaconda +isomd5sum + +%end + +%post +# FIXME: it'd be better to get this installed from a package +cat > /etc/rc.d/init.d/livesys << EOF +#!/bin/bash +# +# live: Init script for live image +# +# chkconfig: 345 00 99 +# description: Init script for live image. + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ]; then + exit 0 +fi + +if [ -e /.liveimg-configured ] ; then + configdone=1 +fi + +exists() { + which \$1 >/dev/null 2>&1 || return + \$* +} + +touch /.liveimg-configured + +# mount live image +if [ -b \`readlink -f /dev/live\` ]; then + mkdir -p /mnt/live + mount -o ro /dev/live /mnt/live 2>/dev/null || mount /dev/live /mnt/live +fi + +livedir="LiveOS" +for arg in \`cat /proc/cmdline\` ; do + if [ "\${arg##live_dir=}" != "\${arg}" ]; then + livedir=\${arg##live_dir=} + return + fi +done + +# enable swaps unless requested otherwise +swaps=\`blkid -t TYPE=swap -o device\` +if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then + for s in \$swaps ; do + action "Enabling swap partition \$s" swapon \$s + done +fi +if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /mnt/live/\${livedir}/swap.img ] ; then + action "Enabling swap file" swapon /mnt/live/\${livedir}/swap.img +fi + +mountPersistentHome() { + # support label/uuid + if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then + homedev=\`/sbin/blkid -o device -t "\$homedev"\` + fi + + # if we're given a file rather than a blockdev, loopback it + if [ "\${homedev##mtd}" != "\${homedev}" ]; then + # mtd devs don't have a block device but get magic-mounted with -t jffs2 + mountopts="-t jffs2" + elif [ ! -b "\$homedev" ]; then + loopdev=\`losetup -f\` + if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then + action "Remounting live store r/w" mount -o remount,rw /mnt/live + fi + losetup \$loopdev \$homedev + homedev=\$loopdev + fi + + # if it's encrypted, we need to unlock it + if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then + echo + echo "Setting up encrypted /home device" + plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome" + homedev=/dev/mapper/EncHome + fi + + # and finally do the mount + mount \$mountopts \$homedev /home + # if we have /home under what's passed for persistent home, then + # we should make that the real /home. useful for mtd device on olpc + if [ -d /home/home ]; then mount --bind /home/home /home ; fi + [ -x /sbin/restorecon ] && /sbin/restorecon /home + if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi +} + +findPersistentHome() { + for arg in \`cat /proc/cmdline\` ; do + if [ "\${arg##persistenthome=}" != "\${arg}" ]; then + homedev=\${arg##persistenthome=} + return + fi + done +} + +if strstr "\`cat /proc/cmdline\`" persistenthome= ; then + findPersistentHome +elif [ -e /mnt/live/\${livedir}/home.img ]; then + homedev=/mnt/live/\${livedir}/home.img +fi + +# if we have a persistent /home, then we want to go ahead and mount it +if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then + action "Mounting persistent /home" mountPersistentHome +fi + +# make it so that we don't do writing to the overlay for things which +# are just tmpdirs/caches +mount -t tmpfs -o mode=0755 varcacheyum /var/cache/yum +mount -t tmpfs tmp /tmp +mount -t tmpfs vartmp /var/tmp +[ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp >/dev/null 2>&1 + +if [ -n "\$configdone" ]; then + exit 0 +fi + +# add fedora user with no passwd +action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser +passwd -d liveuser > /dev/null + +# turn off firstboot for livecd boots +chkconfig --level 345 firstboot off 2>/dev/null +# We made firstboot a native systemd service, so it can no longer be turned +# off with chkconfig. It should be possible to turn it off with systemctl, but +# that doesn't work right either. For now, this is good enough: the firstboot +# service will start up, but this tells it not to run firstboot. I suspect the +# other services 'disabled' below are not actually getting disabled properly, +# with systemd, but we can look into that later. - AdamW 2010/08 F14Alpha +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +# don't start yum-updatesd for livecd boots +chkconfig --level 345 yum-updatesd off 2>/dev/null + +# turn off mdmonitor by default +chkconfig --level 345 mdmonitor off 2>/dev/null + +# turn off setroubleshoot on the live image to preserve resources +chkconfig --level 345 setroubleshoot off 2>/dev/null + +# don't do packagekit checking by default +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_updates never >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_upgrades never >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_refresh_cache never >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_available false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_distro_upgrades false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_firmware false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_hardware false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_codec_helper false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_font_helper false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_mime_type_helper false >/dev/null + + +# don't start cron/at as they tend to spawn things which are +# disk intensive that are painful on a live image +chkconfig --level 345 crond off 2>/dev/null +chkconfig --level 345 atd off 2>/dev/null +chkconfig --level 345 anacron off 2>/dev/null +chkconfig --level 345 readahead_early off 2>/dev/null +chkconfig --level 345 readahead_later off 2>/dev/null + +# Stopgap fix for RH #217966; should be fixed in HAL instead +touch /media/.hal-mtab + +# workaround clock syncing on shutdown that we don't want (#297421) +sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt + +# and hack so that we eject the cd on shutdown if we're using a CD... +if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then + cat >> /sbin/halt.local << FOE +#!/bin/bash +# XXX: This often gets stuck during shutdown because /etc/init.d/halt +# (or something else still running) wants to read files from the block\ +# device that was ejected. Disable for now. Bug #531924 +# we want to eject the cd on halt, but let's also try to avoid +# io errors due to not being able to get files... +#cat /sbin/halt > /dev/null +#cat /sbin/reboot > /dev/null +#/usr/sbin/eject -p -m \$(readlink -f /dev/live) >/dev/null 2>&1 +#echo "Please remove the CD from your drive and press Enter to finish restarting" +#read -t 30 < /dev/console +FOE +chmod +x /sbin/halt.local +fi + +EOF + +# bah, hal starts way too late +cat > /etc/rc.d/init.d/livesys-late << EOF +#!/bin/bash +# +# live: Late init script for live image +# +# chkconfig: 345 99 01 +# description: Late init script for live image. + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then + exit 0 +fi + +exists() { + which \$1 >/dev/null 2>&1 || return + \$* +} + +touch /.liveimg-late-configured + +# read some variables out of /proc/cmdline +for o in \`cat /proc/cmdline\` ; do + case \$o in + ks=*) + ks="--kickstart=\${o#ks=}" + ;; + xdriver=*) + xdriver="\${o#xdriver=}" + ;; + esac +done + +# if liveinst or textinst is given, start anaconda +if strstr "\`cat /proc/cmdline\`" liveinst ; then + plymouth --quit + /usr/sbin/liveinst \$ks +fi +if strstr "\`cat /proc/cmdline\`" textinst ; then + plymouth --quit + /usr/sbin/liveinst --text \$ks +fi + +# configure X, allowing user to override xdriver +if [ -n "\$xdriver" ]; then + cat > /etc/X11/xorg.conf.d/00-xdriver.conf <> /etc/rc.d/init.d/livesys << EOF +# disable screensaver locking +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /desktop/gnome/lockdown/disable_lock_screen true >/dev/null + +# set up timed auto-login for after 60 seconds +cat >> /etc/gdm/custom.conf << FOE +[daemon] +TimedLoginEnable=true +TimedLogin=liveuser +TimedLoginDelay=60 +FOE + +# Show harddisk install on the desktop +sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop +mkdir /home/liveuser/Desktop +cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop +chown -R liveuser.liveuser /home/liveuser/Desktop +chmod a+x /home/liveuser/Desktop/liveinst.desktop + +# But not trash and home +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/trash_icon_visible false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/home_icon_visible false >/dev/null + +# Turn off PackageKit-command-not-found while uninstalled +sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf + +# Use the animated laughlin background by default +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -t str -s /desktop/gnome/background/picture_filename /usr/share/backgrounds/laughlin/default-tod/laughlin.xml + +EOF + +%end ADDED Examples/fedora-live-minimization.ks Index: Examples/fedora-live-minimization.ks ================================================================== --- /dev/null +++ Examples/fedora-live-minimization.ks @@ -0,0 +1,31 @@ +# Common packages removed from comps +# For F14, these removals should be moved to comps itself + +%packages + +# save some space +-samba-client +-mpage +-sox +-hplip +-hpijs +-numactl +-isdn4k-utils +-autofs +# smartcards won't really work on the livecd. +-coolkey +-ccid +-wget + +# qlogic firmwares +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware + +# scanning takes quite a bit of space :/ +-xsane +-xsane-gimp +-sane-backends + +%end ADDED Examples/fedora-livecd-lxde.ks Index: Examples/fedora-livecd-lxde.ks ================================================================== --- /dev/null +++ Examples/fedora-livecd-lxde.ks @@ -0,0 +1,155 @@ +# fedora-livecd-lxde.ks +# +# Description: +# - Fedora Live Spin with the light-weight LXDE Desktop Environment +# +# Maintainer(s): +# - Christoph Wickert + +%include fedora-live-base.ks +%include fedora-live-minimization.ks + +%packages +# LXDE desktop +@lxde-desktop +lxlauncher +obconf +lxdm + +# internet +firefox +sylpheed +lostirc +transmission + +# office +abiword +gnumeric +osmo +#glista + +# graphics +epdfview +mtpaint + +# audio & video +gmixer +lxmusic +asunder +gxine +gxine-mozplugin + +# I'm looking for something smaller than +gnomebaker + +# utils +galculator +parcellite +xpad + +# system +gigolo + +# more Desktop stuff +hal-storage-addon +alsa-plugins-pulseaudio +NetworkManager-gnome +java-1.6.0-openjdk-plugin +xcompmgr +xdg-user-dirs-gtk +# needed for xdg-open to support LXDE +perl-File-MimeInfo +# pam-fprint causes a segfault in LXDM when enabled +-fprintd-pam +# needed for automatic unlocking of keyring (#643435) +gnome-keyring-pam + +# make sure kpackagekit doesn't end up the LXDE live images +gnome-packagekit* +-kpackagekit + +# LXDE has lxpolkit. Make sure no other authentication agents end up in the spin. +-polkit-gnome +-polkit-kde + +# make sure xfce4-notifyd is not pulled in +notification-daemon +-xfce4-notifyd + +# use yumex instead of gnome-packagekit +#-gnome-packagekit +#yumex + +# Command line +powertop +wget +yum-utils +yum-presto + +# dictionaries are big +-aspell-* +-hunspell-* +-man-pages-* +-words + +# save some space +-nss_db +-sendmail +ssmtp +-acpid + +# drop some system-config things +-system-config-boot +#-system-config-language +-system-config-lvm +-system-config-network +-system-config-rootpassword +#-system-config-services +-policycoreutils-gui + +%end + +%post +# LXDE and LXDM configuration + +# create /etc/sysconfig/desktop (needed for installation) +cat > /etc/sysconfig/desktop <> /etc/rc.d/init.d/livesys << EOF +# disable screensaver locking and make sure gamin gets started +cat > /etc/xdg/lxsession/LXDE/autostart << FOE +/usr/libexec/gam_server +@lxpanel --profile LXDE +@pcmanfm --desktop --profile lxde +@pulseaudio -D +FOE + +# set up preferred apps +cat > /etc/xdg/libfm/pref-apps.conf << FOE +[Preferred Applications] +WebBrowser=mozilla-firefox.desktop +MailClient=redhat-sylpheed.desktop +FOE + +# set up auto-login for liveuser +sed -i 's|# autologin=dgod|autologin=liveuser|g' /etc/lxdm/lxdm.conf + +# Show harddisk install on the desktop +sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop +mkdir /home/liveuser/Desktop +cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop + +# Add autostart for parcellite +cp /usr/share/applications/fedora-parcellite.desktop /etc/xdg/autostart + +# this goes at the end after all other changes. +chown -R liveuser:liveuser /home/liveuser +restorecon -R /home/liveuser + +EOF + +%end + ADDED README.txt Index: README.txt ================================================================== --- /dev/null +++ README.txt @@ -0,0 +1,71 @@ + d8888 .d88888b. .d8888b. + d88888 d88P" "Y88b d88P Y88b + d88P888 888 888 Y88b. + d88P 888 88888b. .d88b. 88888b. 888 888 "Y888b. + d88P 888 888 "88b d88""88b 888 "88b 888 888 "Y88b. + d88P 888 888 888 888 888 888 888 888 888 "888 + d8888888888 888 888 Y88..88P 888 888 Y88b. .d88P Y88b d88P + d88P 888 888 888 "Y88P" 888 888 "Y88888P" "Y8888P" + +----------------------------------------------------------------------------- +The AnonOS project is a plan to build a Linux distribution with all the software and packages needed to conduct raids and stay anonymous. + +To build our releases, we use Kickstart and livecd-creator on Fedora. The enclosed files are the very files we use to make liveCDs. + +If you just want the release, go back to the github and click download. Otherwise, keep reading. + +To help develop, or even make your own custom builds, you need to understand how to use kickstarts and make linux scripts. + +Using kickstarts: +http://fedoraproject.org/wiki/Anaconda/Kickstart + +----------------------------------------------------------------------------- +* Building a LiveCD * +----------------------------------------------------------------------------- +In this archive are the files needed to create a LiveCD of Annonaceae or Cherimoya from source. + +This allows you to customize the LiveCD before it is made by editing the kickstart files. + +----------------------------- +* What you need: * +----------------------------- +A Fedora installation (Either on disk or on a 4gb-or-larger persistent USB drive) +livecd-tools +Basic knowledge of using the Linux command-line + +First, open up a terminal and become root. + $ su + +Then, install livecd-tools. + # yum install livecd-tools + +Now set SELinux to permissive. + # setenforce 0 + +Change to the directory that you’ve downloaded this archive to, and then change to the “anonos” directory. + # cd anonos + +Make a cache directory (/var/cache/live writes to RAM and swap, so the space will be used up quick.) + # mkdir ~/cache + +Copy and paste one of the below to start making your chosen liveCD. +Make sure you have enough space for twice the liveCD’s size. (usually 2GBs) + +--------------------- +* For Annonaceae: * +--------------------- + +livecd-creator \ +--config=annonaceae.ks \ +--fslabel=Annonaceae V.0.0.6 --cache=~/cache + +--------------------- +* For Cherimoya: * +--------------------- + +livecd-creator \ +--config=cherimoya.ks \ +--fslabel=Cherimoya V.0.0.6 --cache=~/cache + +Once you are done, free up space by deleting ~/cache. + # rm -r ~/cache ADDED annonaceae.ks Index: annonaceae.ks ================================================================== --- /dev/null +++ annonaceae.ks @@ -0,0 +1,197 @@ +# The AnonOS Project presents: +# ,---. +# |---|,---.,---.,---.,---.,---.,---.,---.,---.,---. +# | || || || || |,---|| |---',---||---' +# ` '` '` '`---'` '`---^`---'`---'`---^`---' +# , +# ,-. _,---._ __ / \ < where did my salmon go? +# / ) .-' `./ / \ +# ( ( ,' `/ /| +# \ `-" \'\ / | +# `. , \ \ / | +# /`. ,'-`----Y | +# ( ; | ' +# | ,-. ,-' | / +# | | ( | | / +# ) | \ `.___________|/ +# `--' `--' +# +# This kickstart creates an Annonaceae LiveCD based on LXDE. Annonaceae +# is a liveCD that maintains anonymity. +# +%include base.ks + +#---------------------------------------------------------------------------- +# Packages to install +#---------------------------------------------------------------------------- +%packages +# LXDE desktop +@lxde-desktop +lxlauncher +obconf +lxdm + +# internet +firefox +transmission + +# office +abiword +gnumeric +#glista + +# graphics +epdfview +mtpaint + +# audio & video +gmixer +lxmusic +asunder + +# I'm looking for something smaller than +gnomebaker + +# utils +galculator +parcellite +xpad +gnome-packagekit* +# Uncomment to use yumex instead of gnome-packagekit +#-gnome-packagekit +#yumex + +# system +notification-daemon + +# Command line +powertop +yum-utils +yum-presto + +# more Desktop stuff +hal-storage-addon +alsa-plugins-pulseaudio +# If possible, replace NetworkManager with Wicd. May not work though, as Anaconda may require it... +NetworkManager-gnome + +# Java is too big, and no one uses it anyway, so screw it. +#java-1.6.0-openjdk-plugin + +xcompmgr +xdg-user-dirs-gtk +# needed for xdg-open to support LXDE +perl-File-MimeInfo +# pam-fprint causes a segfault in LXDM when enabled +-fprintd-pam +# needed for automatic unlocking of keyring (#643435) +gnome-keyring-pam + +#---------------------------------------------------------------------------- +# Stuff to Remove +#---------------------------------------------------------------------------- + +# make sure kpackagekit doesn't end up the LXDE live images +-kpackagekit + +# LXDE has lxpolkit. Make sure no other authentication agents end up in the spin. +-polkit-gnome +-polkit-kde + +# make sure xfce4-notifyd is not pulled in +-xfce4-notifyd + +# dictionaries are big +-aspell-* +-hunspell-* +-man-pages-* +-words + +# save some space +-nss_db +-sendmail +ssmtp +-acpid + +# drop some system-config things +-system-config-boot +#-system-config-language +-system-config-lvm +-system-config-network +-system-config-rootpassword +#-system-config-services +-policycoreutils-gui + +# save some space +-samba-client +-mpage +-sox +-hplip +-hpijs +-numactl +-isdn4k-utils +-autofs +# smartcards won't really work on the livecd. +-coolkey +-ccid +-wget + +# qlogic firmwares +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware + +# scanning takes quite a bit of space :/ +-xsane +-xsane-gimp +-sane-backends + +%end + +%post +# LXDE and LXDM configuration + +# create /etc/sysconfig/desktop (needed for installation) +cat > /etc/sysconfig/desktop <> /etc/rc.d/init.d/livesys << EOF +# disable screensaver locking and make sure gamin gets started +cat > /etc/xdg/lxsession/LXDE/autostart << FOE +/usr/libexec/gam_server +@lxpanel --profile LXDE +@pcmanfm --desktop --profile lxde +@pulseaudio -D +FOE + +# set up preferred apps +cat > /etc/xdg/libfm/pref-apps.conf << FOE +[Preferred Applications] +WebBrowser=mozilla-firefox.desktop +MailClient=fedora-claws-mail.desktop +FOE + +# set up auto-login for liveuser +sed -i 's|# autologin=dgod|autologin=liveuser|g' /etc/lxdm/lxdm.conf + +# Show harddisk install on the desktop +sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop +mkdir /home/liveuser/Desktop +cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop + +# Add autostart for parcellite +cp /usr/share/applications/fedora-parcellite.desktop /etc/xdg/autostart + +# this goes at the end after all other changes. +chown -R liveuser:liveuser /home/liveuser +restorecon -R /home/liveuser + +EOF + +%end + + + ADDED base.ks Index: base.ks ================================================================== --- /dev/null +++ base.ks @@ -0,0 +1,461 @@ +# d8888 .d88888b. .d8888b. +# d88888 d88P" "Y88b d88P Y88b +# d88P888 888 888 Y88b. +# d88P 888 88888b. .d88b. 88888b. 888 888 "Y888b. +# d88P 888 888 "88b d88""88b 888 "88b 888 888 "Y88b. +# d88P 888 888 888 888 888 888 888 888 888 "888 +# d8888888888 888 888 Y88..88P 888 888 Y88b. .d88P Y88b d88P +# d88P 888 888 888 "Y88P" 888 888 "Y88888P" "Y8888P" +#------------------------------------------------------------------ +# Check out the full project at http://typewith.me/AnonOS +# +# Filename: base.ks +# +# This is the base kickstart file for all AnonOS builds. It will not make a functional LiveCD by itself. However, packages and scripts put here will be included in all builds, although they can be removed as needed. +# +# Most of the work here is credited to the Fedora Developers who created the original liveCD kickstarts. +#------------------------------------------------------------------------- +# Developers: +#------------------------------------------------------------------------ +# Sephiroth - Compiled this kickstart. I'm not at all knowledgeable with programming or scripting, so you're going to have to help me here. Scripts are needed to rebrand this system from Fedora, add I2p and bitcoin, install Firefox add-ons, and other awesome stuff. +# +#------------------------------------------------------------------------- +# General Settings +#------------------------------------------------------------------------- +# Localization +# You could override these settings to add localization suites for specific countries. Just import this base, and add the required packages. Here's an example for German: http://typewith.me/german-localization http://preview.tinyurl.com/4wf3ml7 +# +lang en_US.UTF-8 +keyboard us +timezone US/Eastern + +auth --useshadow --enablemd5 +selinux --enforcing +firewall --enabled --service=mdns +xconfig --startxonboot +part / --size 3072 --fstype ext4 +services --enabled=NetworkManager --disabled=network,sshd + +#------------------------------------------------------------------------- +# Package Repositories +#------------------------------------------------------------------------- +# We need to make our own repos for our own RPM packages. If you have a server, please help us! + +# Fedora repos. +#repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch +repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-14&arch=$basearch +repo --name=updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f14&arch=$basearch +#repo --name=updates-testing --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f14&arch=$basearch + +#RPMFusion. It gives you more apps. +repo --name=rpmfusion-free --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-14&arch=i386 +repo --name=rpmfusion-free-updates --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-14&arch=i386 +repo --name=rpmfusion-nonfree --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-14&arch=i386 +repo --name=rpmfusion-nonfree-updates --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-14&arch=i386 + +#Adobe flash repos. Look, Gnash sucks. +#We may want flashblock on firefox... although, a linux script needs to be made to do it. +repo --name=adobe-linux-i386 --baseurl=http://linuxdownload.adobe.com/linux/i386/ + +#Tor repos. +repo --name=tor --baseurl=http://deb.torproject.org/torproject.org/rpm/fc14/ + +#------------------------------------------------------------------------- +# Base Packages. +#------------------------------------------------------------------------- +%packages + +@base-x +@base +@core +#@fonts # better to get only what's needed than include all of them +@input-methods +# use a small pinyin db for live +-ibus-pinyin-db-open-phrase +ibus-pinyin-db-android +@admin-tools +@dial-up +@hardware-support +@printing + +# Explicitly specified here: +# walters: because otherwise dependency loops cause yum issues. +kernel + +# This was added a while ago, I think it falls into the category of "Diagnosis/recovery tool useful from a Live OS image". Leaving this untouched for now. +memtest86+ + +# The point of a live image is to install +anaconda +isomd5sum + +#---------------------------- +# Fonts. If localizing, remember to add your own fonts if "Droid Sans" doesn't support that language. (Like, Hindi or Tibetian...) +#---------------------------- +liberation-mono-fonts +liberation-sans-fonts +liberation-serif-fonts +google-droid-sans-fonts # Droid Sans is the best. +google-droid-sans-mono-fonts +google-droid-serif-fonts +dejavu-sans-fonts +dejavu-sans-mono-fonts +dejavu-serif-fonts + +#------------------------------------------------------------------------- +# Standard packages for all Kickstarts. You can edit this. +#------------------------------------------------------------------------- +# Security +macchanger # FIXME: In order for macchanger to + #-work, we need to set it to start on + #-each boot. I have no idea how to do that. +wipe + +#realcrypt # Sadly, screw realcrypt. The GUI + #-doesn't work, and truecrypt files + #-can't be mounted if they weren't made + #-using realcrypt. Stay away. +# Actually, mounting will work if you do this: http://fedoraforum.org/leigh123linux/badday_Screenshot.png + +#We need to install actual Truecrypt somehow, like through a script. + +steghide # Steghide allows you to encrypt info +SteGUI # -in a picture or a wav. + +# Internet Security +tor # FIXME: for vidalia to work, the Tor +privoxy # -and Privoxy Daemons need to be turned off. +vidalia + # Someone help add an I2P RPM here... + +# internet browsers +midori # It's runs as fast as Google Chrome, but #-with less of the, you know, creepy tracking. +links # links is a light, initutive CLI browser. + +# I want SRWare Iron here, To do that, we need to install chromium, extract the contents of Iron's linux archive to "/usr/lib/", then make a link to it in "/usr/bin". + +# Other internetz +claws-mail # I put claws-mail because it is safer than + # -thunderbird, as it has support for tor. +twinkle # SIP/VOIP Phone. It was put in polippix, + #-so it's gotta be good. +aircrack-ng + +# IRC +irssi +epic +lostirc + +# office +abiword # Lighter than Libre/OpenOffice. +gnumeric + +# audio & video +vlc # VLC or GXine? You choose. (Default is VLC) +mozilla-vlc +#gxine +#gxine-mozplugin + +# system + +# Command line +#wget # Is wget needed? Commented out. +terminator # MOAR TERMINALZ, MOAR FUN. + +# Metadata wipers, to remove identifying info from created data. +jhead #FIXME: We need one for PDF. + +%end +#------------------------------------------------------------------------- +# Scripts to run after install +#------------------------------------------------------------------------- +# Most of the below relate to making a livecd, so there probably isn't any need to edit this. Still, read them for a good example. +# +%post +# This creates a script in /etc/rc.d/init.d/ to implement liveCD hacks. +# FIXME: it'd be better to get this installed from a package +cat > /etc/rc.d/init.d/livesys << EOF +#!/bin/bash +# +# live: Init script for live image +# +# chkconfig: 345 00 99 +# description: Init script for live image. + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ]; then + exit 0 +fi + +if [ -e /.liveimg-configured ] ; then + configdone=1 +fi + +exists() { + which \$1 >/dev/null 2>&1 || return + \$* +} + +touch /.liveimg-configured + +# mount live image +if [ -b \`readlink -f /dev/live\` ]; then + mkdir -p /mnt/live + mount -o ro /dev/live /mnt/live 2>/dev/null || mount /dev/live /mnt/live +fi + +livedir="LiveOS" +for arg in \`cat /proc/cmdline\` ; do + if [ "\${arg##live_dir=}" != "\${arg}" ]; then + livedir=\${arg##live_dir=} + return + fi +done + +# enable swaps unless requested otherwise +swaps=\`blkid -t TYPE=swap -o device\` +if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then + for s in \$swaps ; do + action "Enabling swap partition \$s" swapon \$s + done +fi +if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /mnt/live/\${livedir}/swap.img ] ; then + action "Enabling swap file" swapon /mnt/live/\${livedir}/swap.img +fi + +mountPersistentHome() { + # support label/uuid + if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then + homedev=\`/sbin/blkid -o device -t "\$homedev"\` + fi + + # if we're given a file rather than a blockdev, loopback it + if [ "\${homedev##mtd}" != "\${homedev}" ]; then + # mtd devs don't have a block device but get magic-mounted with -t jffs2 + mountopts="-t jffs2" + elif [ ! -b "\$homedev" ]; then + loopdev=\`losetup -f\` + if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then + action "Remounting live store r/w" mount -o remount,rw /mnt/live + fi + losetup \$loopdev \$homedev + homedev=\$loopdev + fi + + # if it's encrypted, we need to unlock it + if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then + echo + echo "Setting up encrypted /home device" + plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome" + homedev=/dev/mapper/EncHome + fi + + # and finally do the mount + mount \$mountopts \$homedev /home + # if we have /home under what's passed for persistent home, then + # we should make that the real /home. useful for mtd device on olpc + if [ -d /home/home ]; then mount --bind /home/home /home ; fi + [ -x /sbin/restorecon ] && /sbin/restorecon /home + if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi +} + +findPersistentHome() { + for arg in \`cat /proc/cmdline\` ; do + if [ "\${arg##persistenthome=}" != "\${arg}" ]; then + homedev=\${arg##persistenthome=} + return + fi + done +} + +if strstr "\`cat /proc/cmdline\`" persistenthome= ; then + findPersistentHome +elif [ -e /mnt/live/\${livedir}/home.img ]; then + homedev=/mnt/live/\${livedir}/home.img +fi + +# if we have a persistent /home, then we want to go ahead and mount it +if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then + action "Mounting persistent /home" mountPersistentHome +fi + +# make it so that we don't do writing to the overlay for things which +# are just tmpdirs/caches +mount -t tmpfs -o mode=0755 varcacheyum /var/cache/yum +mount -t tmpfs tmp /tmp +mount -t tmpfs vartmp /var/tmp +[ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp >/dev/null 2>&1 + +if [ -n "\$configdone" ]; then + exit 0 +fi + +# add fedora user with no passwd +action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser +passwd -d liveuser > /dev/null + +# turn off firstboot for livecd boots +chkconfig --level 345 firstboot off 2>/dev/null +# We made firstboot a native systemd service, so it can no longer be turned +# off with chkconfig. It should be possible to turn it off with systemctl, but +# that doesn't work right either. For now, this is good enough: the firstboot +# service will start up, but this tells it not to run firstboot. I suspect the +# other services 'disabled' below are not actually getting disabled properly, +# with systemd, but we can look into that later. - AdamW 2010/08 F14Alpha +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +# don't start yum-updatesd for livecd boots +chkconfig --level 345 yum-updatesd off 2>/dev/null + +# turn off mdmonitor by default +chkconfig --level 345 mdmonitor off 2>/dev/null + +# turn off setroubleshoot on the live image to preserve resources +chkconfig --level 345 setroubleshoot off 2>/dev/null + +# don't do packagekit checking by default +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_updates never >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_upgrades never >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_refresh_cache never >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_available false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_distro_upgrades false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_firmware false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_hardware false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_codec_helper false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_font_helper false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_mime_type_helper false >/dev/null + + +# don't start cron/at as they tend to spawn things which are +# disk intensive that are painful on a live image +chkconfig --level 345 crond off 2>/dev/null +chkconfig --level 345 atd off 2>/dev/null +chkconfig --level 345 anacron off 2>/dev/null +chkconfig --level 345 readahead_early off 2>/dev/null +chkconfig --level 345 readahead_later off 2>/dev/null + +# Stopgap fix for RH #217966; should be fixed in HAL instead +touch /media/.hal-mtab + +# workaround clock syncing on shutdown that we don't want (#297421) +sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt + +# and hack so that we eject the cd on shutdown if we're using a CD... +if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then + cat >> /sbin/halt.local << FOE +#!/bin/bash +# XXX: This often gets stuck during shutdown because /etc/init.d/halt +# (or something else still running) wants to read files from the block\ +# device that was ejected. Disable for now. Bug #531924 +# we want to eject the cd on halt, but let's also try to avoid +# io errors due to not being able to get files... +#cat /sbin/halt > /dev/null +#cat /sbin/reboot > /dev/null +#/usr/sbin/eject -p -m \$(readlink -f /dev/live) >/dev/null 2>&1 +#echo "Please remove the CD from your drive and press Enter to finish restarting" +#read -t 30 < /dev/console +FOE +chmod +x /sbin/halt.local +fi + +EOF + +# bah, hal starts way too late +# This script runs after the above one +cat > /etc/rc.d/init.d/livesys-late << EOF +#!/bin/bash +# +# live: Late init script for live image +# +# chkconfig: 345 99 01 +# description: Late init script for live image. + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then + exit 0 +fi + +exists() { + which \$1 >/dev/null 2>&1 || return + \$* +} + +touch /.liveimg-late-configured + +# read some variables out of /proc/cmdline +for o in \`cat /proc/cmdline\` ; do + case \$o in + ks=*) + ks="--kickstart=\${o#ks=}" + ;; + xdriver=*) + xdriver="\${o#xdriver=}" + ;; + esac +done + +# if liveinst or textinst is given, start anaconda +if strstr "\`cat /proc/cmdline\`" liveinst ; then + plymouth --quit + /usr/sbin/liveinst \$ks +fi +if strstr "\`cat /proc/cmdline\`" textinst ; then + plymouth --quit + /usr/sbin/liveinst --text \$ks +fi + +# configure X, allowing user to override xdriver +if [ -n "\$xdriver" ]; then + cat > /etc/X11/xorg.conf.d/00-xdriver.conf <| |_ ___ _ _ <_>._ _ _ ___ _ _ ___ +# | <__| . |/ ._>| '_>| || ' ' |/ . \| | |<_> | +# `___/|_|_|\___.|_| |_||_|_|_|\___/`_. |<___| +# <___' +#            ∧_∧ +#     ∧_∧   (´<_`  ) So what do we do with it? +#    ( ´_ゝ`) /   ⌒i   +#    /    \ /   | | +#   /    _,,..,,,,,_| | +# __(__ニつ ,' 3  `ヽーっ .| .|____ +#      l   ⊃ ⌒_つ(u ⊃ +#      `'ー---‐'''''" +# NOTE: Are you an experienced anon? If you are an expert in internet security "auditing" we invite you to add the tools that you depend on here, and package a basic guide to using them. +# +# Cherimoya is a high-anonymity Live Linux Distro designed +# to be a complete kit for Anonymous. It's goals are a high degree of anonymity, security "auditing" programs, tools for making flyers and videos, and should be easy to use. +# Having a package with everything an anon needs to stay anonymous and conduct raids is becoming all the more important, especially in light of recent events. +# Also, Windows and Mac are dreadfully inadequate for what we do, and may contain government backdoors. +# +# Credits to the Fedora Security team, because we used their kickstart to get all our security auditing packages. +# +#------------------------------------------------------------------------- +# Developers: +#------------------------------------------------------------------------- +# Sephiroth - Made this kickstart. I have no knowledge of +# programming or scripting, or security auditing of any kind, +# so you're going to have to help me here. +# +# Image size increase: (remember to have enough size!) +part / --size 20000 --fstype ext4 +#------------------------------------------------------------------------- +# Included scripts +#------------------------------------------------------------------------- +# Base script dependency, as it has tools for anonymity +# Edit it here: http://typewith.me/kickstart +%include base.ks + +# Security auditing packages (Nessus, nmap, aircrack) are included, but placed outside this kickstart for greater clarity. +# Click on the link to see what we've added: http://typewith.me/security +%include security.ks + +#------------------------------------------------------------------------- +# Yum Repos +#------------------------------------------------------------------------- +# Need to find one for SRWare Iron. I know there's a yum somewhere... +#------------------------------------------------------------------------- +# Packages. Remember to add it's yum repo. +#------------------------------------------------------------------------- +%packages +# Collections +@fonts +@graphical-internet +@sound-and-video +@gnome-desktop +# Get animated wallpaper added pending comps change +laughlin-backgrounds-animated-gnome +@office + +# Apache +httpd + +# SRWare Iron +#iron # This is for SRWare Iron. It is Google #-Chrome, but without the tracking. +# For SRWare Iron to work, this command must be run as root: +# ln -s libbz2.so.1.0.6 libbz2.so.1.0 +# We need to script that in. + +#------------------------# +# Programming # +#------------------------# +# *Libraries +@perl +java-1.6.0-openjdk +java-1.6.0-openjdk-devel +java-1.6.0-openjdk-plugin + +# *IDEs +geany +python-tools # Includes IDLE and other helpful stuff. + +# *Compilers +gcc +make +#gcj + +# *Version Control +git + +#------------------------------------------------------------------------- +# Image and video creators +#------------------------------------------------------------------------- +gimp # General image editor. +inkscape # SVG image editor. +audacity # Sound editor. +pitivi # Simple video editor. +asciio # Awesome ascii art creator. + +#------------------------------------------------------------------------- +# Offensive suite +#------------------------------------------------------------------------- +# NOTE: Most of the stuff that might be useful for internet security auditing is included with the Fedora Security kickstart. (security.ks) Here, you can add some more. + +gocr # GOCR breaks captchas. + + +# FIXME; apparently the glibc maintainers dislike this, but it got put into the desktop image at some point. We won't touch this one for now. +nss-mdns + +#------------------------------------------------------------------------- +# Packages to Remove +#------------------------------------------------------------------------- +smartmontools # This one needs to be kicked out of @base + +# VLC or GXine is already included in Base. +-rhythmbox +-totem +-totem-mozplugin +-totem-nautilus +-gimp-help # No one really reads this, anyway. + +%end +#------------------------------------------------------------------------- +# Scripts to run after install +#------------------------------------------------------------------------- +#%post --nochroot +# +## Copies "wallpaper.jpg" from $INSTALL_ROOT to "$INSTALL_ROOT/usr/share/extrastuff". (untested, so commented out for now...) +#mkdir $INSTALL_ROOT/usr/share/extrastuff +#cp $INSTALL_ROOT/wallpaper.jpg $INSTALL_ROOT/usr/share/extrastuff/ +#cp /root/Desktop/mount.sh $INSTALL_ROOT/usr/share/extrastuff/ +# +#%end + +%post + +cat >> /etc/rc.d/init.d/livesys << EOF +# disable screensaver locking +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /desktop/gnome/lockdown/disable_lock_screen true >/dev/null + +# set up timed auto-login for after 60 seconds +cat >> /etc/gdm/custom.conf << FOE +[daemon] +TimedLoginEnable=true +TimedLogin=liveuser +TimedLoginDelay=60 +FOE + +# Show harddisk install on the desktop +sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop +mkdir /home/liveuser/Desktop +cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop +chown -R liveuser.liveuser /home/liveuser/Desktop +chmod a+x /home/liveuser/Desktop/liveinst.desktop + +# But not trash and home +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/trash_icon_visible false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/home_icon_visible false >/dev/null + +# Turn off PackageKit-command-not-found while uninstalled +sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf + +# Use the animated laughlin background by default (remove soon) +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -t str -s /desktop/gnome/background/picture_filename /usr/share/backgrounds/laughlin/default-tod/laughlin.xml + +# Sets wallpaper from above (commented out, uncomment to test) +#gconftool-2 --type string --set /desktop/gnome/background/picture_filename /usr/share/backgrounds/1280-wide.png > /dev/null + +EOF + +%end + + ADDED security.ks Index: security.ks ================================================================== --- /dev/null +++ security.ks @@ -0,0 +1,223 @@ +# Description: +# Fedora Security Spin is a fully functional live OS based on Fedora for use in security auditing, forensics research, and penetration testing. +# Maintainers: +# Christoph Wickert org> +# Hiemanshu Sharma org> +# Joerg Simon org> +# Acknowledgements: +# Fedora LiveCD Xfce Spin team - some work here was inherited, many thanks! +# Fedora LXDE Spin - Copied over stuff to make LXDE Default +# Luke Macken, Adam Miller for the original OpenBox Security ks and all the Security Applications! +# Important!!!! +# Beginning with Security Stuff - we use pattern to parse the kickstart-file for building the security menu - please use +# # Category: Categoryname <- for new Categories +# # Command: Commandname <- for the given Command +# # rCommand: Commandname <- for a command as root +# # Entry: Menu-Entry <- for the MenuEntry Name (optional) + + +%packages +###################### Security Stuffs ############################ +security-menus +################################################################## +# Category: Reconnaissance +# rCommand: dsniff -h +dsniff +# rCommand: hping -h +hping3 +nc6 +nc +# Command: ncrack -h +ncrack +ngrep +# rCommand: nmap -h +nmap +# Command: zenmap-root +nmap-frontend +# Command: p0f -h +p0f +# rCommand: sing -h +sing +# Command: scanssh -h +scanssh +# rCommand: scapy -h +scapy +# Command: socat +# Entry: Socket cat +socat +# rCommand: tcpdump -h +tcpdump +# rCommand: unicornscan -h +unicornscan +# rCommand: wireshark +# Entry: Wireshark +wireshark-gnome +# Command: xprobe2 +xprobe2 +# Command: nbtscan +nbtscan +# Command: tcpxtract +tcpxtract +# Command: firewalk +# Entry: Firewalk +firewalk +# Command: hunt +# Entry: Hunt +hunt +# Command: dnsenum -h +# Entry: DNS Enumeration +dnsenum +# rCommand: iftop +iftop +# Command: argus -h +argus +# rCommand: ettercap -C +# Entry: Ettercap +ettercap +ettercap-gtk +# rCommand: packETH +packETH +# rCommand: iptraf +iptraf +pcapdiff +# rCommand: etherape +etherape +# Command: lynis +lynis +# rCommand: netsniff-ng +netsniff-ng +# Command: tcpjunk -x +tcpjunk +# rCommand: ssldump -h +ssldump +# rCommand: yersinia -G +# Entry: Yersinia +yersinia +net-snmp +# Command: openvas-client +# Entry: OpenVAS Client +openvas-client +openvas-scanner + +################################################################# +# Category: Forensics +# Command: ddrescue -h +ddrescue +# Command: gparted +gparted +hexedit +# rCommand: testdisk -h +testdisk +# Command: foremost -h +# Entry: Foremost Filecarver +foremost +# Command: sectool-gui +# Entry: sectool +sectool-gui +scanmem +sleuthkit +# Command: unhide +unhide +# Command: examiner +# Entry: ELF Examiner +examiner +dc3dd +afftools +# Command: srm -h +# Entry: Securely Remove Files +srm +# Command: firstaidkit -g gtk +# Entry: First Aid Kit +firstaidkit-plugin-all +ntfs-3g +ntfsprogs + +##################################################################### +# Category: WebApplicationTesting +# Command: httping -h +httping +# Command: nikto -help +# Entry: Nikto Websecurity Scanner +nikto +# Command: ratproxy -h +ratproxy +# Command: lbd +# Entry: Load Balancing Detector +lbd +# Command: skipfish +skipfish + +####################################################################### +# Category: Wireless +# Command: aircrack-ng +aircrack-ng +# Command: airsnort +airsnort +# rCommand: kismet +kismet +# Command: weplab +# Entry: weplab - Wep Key Cracker +weplab +# Command: wavemon +wavemon + +####################################################################### +# Category: CodeAnalysis +# Command: splint +splint +# Command: pscan +pscan +# Command: flawfinder +# Entry: Flawfinder +flawfinder +# Command: rats +# Entry: Rough Auditing Tool for Security +rats + +###################################################################### +# Category: IntrusionDetection +# rCommand: chkrootkit +chkrootkit +# Command: aide -h +aide +labrea +# Command: honeyd -h +# Entry: Honeypot Daemon +honeyd +# Command: pads -h +# Entry: Passive Asset Detection System +pads +nebula +# Command: rkhunter +# Entry: RootKitHunter +rkhunter + +######################################################################## +# Category: PasswordTools +# Command: john +john +# Command: ophcrack +# Entry: Objectif Securite ophcrack +ophcrack +# Command: medusa -d +# Entry: Medusa Brute Force +medusa + + +# Useful tools +lsof +scrot +epdfview + +# Other necessary components +screen +desktop-backgrounds-basic +feh +vim-enhanced +gnome-menus +gnome-terminal +PolicyKit-gnome + +# make sure debuginfo doesn't end up on the live image +-*debug +%end ADDED wallpaper.jpg Index: wallpaper.jpg ================================================================== --- /dev/null +++ wallpaper.jpg cannot compute difference between binary files