fedora-kickstarts/fedora-livecd-security.ks

156 lines
3.7 KiB
Plaintext
Raw Normal View History

# Filename:
# fedora-livecd-security.ks
# Description:
2012-09-16 11:32:25 +00:00
# A fully functional live OS based on Fedora for use in security auditing,
# forensics research, and penetration testing.
# Maintainers:
2013-08-13 11:51:50 +00:00
# Fabian Affolter <fab [AT] fedoraproject <dot> org>
# Joerg Simon <jsimon [AT] fedoraproject <dot> org>
# Christoph Wickert <cwickert [AT] fedoraproject <dot> org>
# Acknowledgements:
2013-08-13 11:51:50 +00:00
# Fedora LiveCD Xfce Spin team - some work here was and will be inherited,
# many thanks!
# Fedora LXDE Spin - Copied over stuff to make LXDE Default
2013-08-13 11:51:50 +00:00
# Luke Macken and Adam Miller for the original OpenBox Security ks and all
2012-09-16 11:32:25 +00:00
# the Security Applications!
2011-02-28 13:45:40 +00:00
# Hiemanshu Sharma <hiemanshu [AT] fedoraproject <dot> org>
%include fedora-live-base.ks
%include fedora-live-minimization.ks
2013-10-01 21:33:46 +00:00
# spin was failing to compose due to lack of space, so bumping the size.
part / --size 10240
%packages
2013-08-13 11:51:50 +00:00
@xfce-desktop
@xfce-apps
#@xfce-extra-plugins
#@xfce-media
#@xfce-office
#@firefox
# Security tools (not ready at the moment)
@security-lab
security-menus
# save some space
2013-08-13 11:51:50 +00:00
-autofs
-acpid
2013-08-13 11:51:50 +00:00
-gimp-help
-desktop-backgrounds-basic
-realmd # only seems to be used in GNOME
-PackageKit* # we switched to yumex, so we don't need this
-aspell-* # dictionaries are big
-man-pages-*
2011-05-07 12:02:42 +00:00
# drop some system-config things
2010-10-27 13:43:07 +00:00
-system-config-boot
2013-08-13 11:51:50 +00:00
#-system-config-network
2010-10-27 13:43:07 +00:00
-system-config-rootpassword
2011-05-07 12:02:42 +00:00
#-system-config-services
2010-10-27 13:43:07 +00:00
-policycoreutils-gui
2013-08-13 11:51:50 +00:00
# exclude some packages to save some space
# use './fsl-maintenance.py -l' in your security spin git folder to build
-ArpON
2013-10-01 21:30:58 +00:00
-aide
-binwalk
-bkhive
2013-08-13 11:51:50 +00:00
-bonesi
2013-09-16 20:19:29 +00:00
-bro
2013-08-13 11:51:50 +00:00
-cmospwd
-dnstop
2013-10-01 21:30:58 +00:00
-etherape
2013-08-13 11:51:50 +00:00
-hfsutils
2013-10-01 21:30:58 +00:00
-httpie
2013-09-16 20:19:29 +00:00
-httrack
-hydra
2013-08-13 11:51:50 +00:00
-kismon
2013-10-01 21:30:58 +00:00
-labrea
2013-09-16 20:19:29 +00:00
-nebula
2013-08-13 11:51:50 +00:00
-netsed
-onesixtyone
2013-09-16 20:19:29 +00:00
-packETH
-pads
2013-08-13 11:51:50 +00:00
-pdfcrack
-picviz-gui
-prelude-lml
-prelude-manager
-prewikka
-proxychains
-pyrit
-raddump
2013-10-01 21:30:58 +00:00
-rkhunter
2013-08-13 11:51:50 +00:00
-safecopy
2013-10-01 21:30:58 +00:00
-samdump2
2013-08-13 11:51:50 +00:00
-scalpel
2013-09-16 20:19:29 +00:00
-sshscan
2013-08-13 11:51:50 +00:00
-sslstrip
-tcpreen
-tcpreplay
-tripwire
-wipe
%end
%post
2013-08-13 11:51:50 +00:00
# xfce configuration
# This is a huge file and things work ok without it
rm -f /usr/share/icons/HighContrast/icon-theme.cache
# create /etc/sysconfig/desktop (needed for installation)
2013-08-13 11:51:50 +00:00
cat > /etc/sysconfig/desktop <<EOF
2013-08-13 11:51:50 +00:00
PREFERRED=/usr/bin/startxfce4
DISPLAYMANAGER=/usr/sbin/lightdm
EOF
cat >> /etc/rc.d/init.d/livesys << EOF
2013-08-13 11:51:50 +00:00
mkdir -p /home/liveuser/.config/xfce4
cat > /home/liveuser/.config/xfce4/helpers.rc << FOE
MailReader=sylpheed-claws
FileManager=Thunar
WebBrowser=midori
FOE
2013-08-13 11:51:50 +00:00
# disable screensaver locking (#674410)
cat >> /home/liveuser/.xscreensaver << FOE
mode: off
lock: False
dpmsEnabled: False
2010-04-22 09:03:47 +00:00
FOE
2013-08-13 11:51:50 +00:00
# deactivate xfconf-migration (#683161)
rm -f /etc/xdg/autostart/xfconf-migration-4.6.desktop || :
# deactivate xfce4-panel first-run dialog (#693569)
mkdir -p /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml
cp /etc/xdg/xfce4/panel/default.xml /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
# set up lightdm autologin
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
#sed -i 's/^#show-language-selector=.*/show-language-selector=true/' /etc/lightdm/lightdm-gtk-greeter.conf
# set Xfce as default session, otherwise login will fail
sed -i 's/^#user-session=.*/user-session=xfce/' /etc/lightdm/lightdm.conf
# Show harddisk install on the desktop
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
mkdir /home/liveuser/Desktop
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop
2013-08-13 11:51:50 +00:00
# and mark it as executable (new Xfce security feature)
chmod +x /home/liveuser/Desktop/liveinst.desktop
2013-08-13 11:51:50 +00:00
# this goes at the end after all other changes.
chown -R liveuser:liveuser /home/liveuser
restorecon -R /home/liveuser
EOF
%end