#!/bin/bash LOGDIR="/var/tmp" VERSION=`cat /etc/Version` BACKTITLE="BlueSkyLinux Network Appliance [ build $VERSION ] installation " DIMENSIONS="24 80" #======================================================================================= Warning(){ /bin/dialog \ --backtitle "$BACKTITLE"\ --title "\Z1 !!WARNING!! \Zn "\ --no-collapse \ --colors \ --defaultno \ --yesno "\n\n\n\n\n \Z1 This will overwrite your computers hard drive.\Zn \n\n\n \ \Z1 ALL DATA WILL BE LOST!! \Zn\n \ \n\n\n\n\n\n\n\n \ \Zn Continue? \Zn \n" ${DIMENSIONS} if [ $? = 1 ]; then #reset exit fi } #======================================================================================= getlang(){ dialog \ --backtitle "$BACKTITLE"\ --title "Select Keyboard" --cr-wrap \ --menu "Please select your keyboard style:" ${DIMENSIONS} 4 \ "uk" "English (UK)" \ "us" "English (US)" 2>${LOGDIR}/lang if [ $? = 1 ]; then exit fi } #======================================================================================= taskselect(){ dialog \ --backtitle "$BACKTITLE"\ --title "Installation type" --cr-wrap \ --menu "Please select task:" ${DIMENSIONS} 4 \ "1" "Install to disk drive (IDE/SCSI)" \ "2" "Create USB installer" 2>${LOGDIR}/task if [ $? = 1 ]; then exit fi } #====================================================================================== usbselect(){ # # fun with bash arrays! # # Find USB drives and deduce their device nodes. # # Read /proc/scsi/scsi to get all known SCSI devices. # If a device is found in /proc/scsi/usb-storage* then it is USB else real SCSI. scsi_ids=(a b c d e f g h i j k l m n o p q r s t u v w x y z) # array of hosts (scsi0, scsi6, scsi19 etc): hosts=(`cat /proc/scsi/scsi|grep Host|cut -d " " -f2| sed 's/scsi//g'`) # array of manufacturer strings: makers=(`cat /proc/scsi/scsi| grep Vendor /proc/scsi/scsi|cut -d ":" -f2|cut -d " " -f2`) # array of model strings: models=(`cat /proc/scsi/scsi| grep Model /proc/scsi/scsi|cut -d ":" -f3|cut -d " " -f2`) # array of media types, "Direct-Access"=disk, "CD-ROM"=cdrom: media=(`cat /proc/scsi/scsi| grep Type /proc/scsi/scsi|cut -d ":" -f2|cut -d " " -f4`) found=0 for (( host = 0 ; host < ${#hosts[@]} ; host++ )); do if [ ${media[$host]} = "Direct-Access" ]; then grep "Attached: Yes" /proc/scsi/usb-storage*/${hosts[$host]} >/dev/null 2>&1 if [ $? = 0 ]; then found=$(($found+1)) disksize=`sfdisk -s /dev/sd${scsi_ids[$host]}` if [ $? = 0 ]; then disksize=$(( $disksize/1024 ))MB else disksize="Unknown" fi devinfo=( "${devinfo[@]}" "/dev/sd${scsi_ids[$host]}" "\"${makers[$host]}/${models[$host]}:($disksize)\"" ) fi fi done echo $found if [ $found != 0 ]; then dialog\ --backtitle "$BACKTITLE"\ --title "USB Installer creation" --cr-wrap\ --menu " The following USB storage devices appear to be present\n\n Please select which one to populate:\n" ${DIMENSIONS} ${found} ${devinfo[@]} 2>${LOGDIR}/diskdev else echo "bar" dialog\ --backtitle "$BACKTITLE"\ --title "USB Installer creation" --cr-wrap\ --msgbox "\n\n There are no detectable USB storage devices!! \n\n Please check your hardware setup.\n\n" ${DIMENSIONS} exit 1 fi } #====================================================================================== diskselect(){ DISKCOUNT=0 DTMSG="${LOGDIR}/dtmsg"; >$DTMSG types="hd sd" disks="a b c d" for type in $types ; do for disk in $disks ; do device=/dev/${type}${disk} DISKSIZE=`/sbin/sfdisk -s ${device} 2>>/dev/null ` if [ -n "$DISKSIZE" ]; then DISKSIZE=$(($DISKSIZE/1024)) if [ $type = "hd" ] && [ -e /proc/ide/${type}${disk} ]; then media=`cat /proc/ide/${type}${disk}/media` # try not to install *to* a cdrom, eh? if [ $media != "cdrom" ] ; then echo "$device (${DISKSIZE}MB)" >>$DTMSG fi fi if [ $type = "sd" ]; then echo "$device (${DISKSIZE}MB)" >>$DTMSG fi fi done done if [ -s $DTMSG ]; then count=`wc -l $DTMSG | awk '{print $1}'` dialog\ --backtitle "$BACKTITLE"\ --title "Installation target drive" --cr-wrap\ --menu "The following disks appear to be present\n Please select which one to install the system to:\n" ${DIMENSIONS} ${count} `cat $DTMSG` 2>${LOGDIR}/diskdev else dialog\ --backtitle "$BACKTITLE"\ --title "Installation target drive" --cr-wrap\ --msgbox "\n\n There are no detectable disks - please check your hardware setup\n\n" ${DIMENSIONS} exit fi if [ $? = 1 ]; then exit fi } #======================================================================================= checkdisksize(){ ROOT=$1 DISKDEV=`cat ${LOGDIR}/diskdev` DISKSIZE=`/sbin/sfdisk -s $DISKDEV 2>>/dev/null ` DISKSIZE=$(($DISKSIZE/1024)) if [ $DISKSIZE -lt $ROOT ]; then dialog\ --backtitle "$BACKTITLE"\ --title "Installation target drive" --cr-wrap\ --msgbox "\n\n The drive you have selected is smaller (${DISKSIZE}MB) than the minimum allowed (${1}MB) \n\n" ${DIMENSIONS} exit fi } #======================================================================================= nicdetect(){ NFSROOT=`df /|grep nfs |wc -l` if [ $NFSROOT = 0 ]; then # modular kernel, detect net driver by attepting to load module. # if monolithic kernel (for nfs install) then network driver is built in and cannot be detected this way. PRINTK=`cat /proc/sys/kernel/printk` echo "0" >/proc/sys/kernel/printk for card in 3c501 3c503 3c505 3c507 3c509 3c515 3c59x \ 8139cp 8139too 82596 ac3200 acenic amd8111e \ at1700 b44 cs89x0 de4x5 de620 depca dgrs dl2k \ dmfe e2100 eepro eepro100 eexpress epic100 eth16i \ ewrk3 fealnx hamachi hp-plus hp hp100 lance lp486e \ natsemi ne ne2k-pci ni5010 ni52 ni65 ns83820 pcnet32 \ r8169 sis900 smc-ultra smc9194 starfire sundance sungem \ sunhme tg3 tlan typon wd via-rhine winbond-840 yelwfin \ e100 e1000 sk98lin tulip; do /sbin/modprobe -q $card 1>>/dev/null 2>>/dev/null if [ $? = 0 ]; then module=$card fi done echo $PRINTK >/proc/sys/kernel/printk if [ -z $module ]; then dialog \ --backtitle "$BACKTITLE"\ --no-collapse \ --title "Network card detection"\ --yesno "\n\n Alert!! No network devices detected!! \n\n Continue?" ${DIMENSIONS} case $? in 1) exit;; 255) exit;; esac echo "" >${LOGDIR}/netdevice else dialog \ --backtitle "$BACKTITLE"\ --title "Network card detection"\ --yesno "\n\n\n\n\n Network card(s) found using $module module\n\n\n \ Update system configuration?" ${DIMENSIONS} if [ $? = 0 ]; then echo "alias eth0 $module" >${LOGDIR}/netdevice echo "alias eth1 $module" >> ${LOGDIR}/netdevice fi fi if [ $? = 1 ]; then exit fi else # let the network startup script detect the card next boot. echo "" >${LOGDIR}/netdevice fi } #======================================================================================= getnetinfo(){ CONF="${LOGDIR}/netconfig"; >$CONF echo "GetNetInfo" echo -n "HOSTNAME:" >>$CONF dialog \ --backtitle "$BACKTITLE"\ --title "Setting host name"\ --inputbox "\n\n\n\n Enter the hostname of this machine \n - the domain is not required at this point\n\n\n\n" ${DIMENSIONS} 2>>$CONF echo >>$CONF echo -n "DOMAIN:" >>$CONF dialog \ --backtitle "$BACKTITLE"\ --title "Setting domain name"\ --inputbox "\n\n\n\n Now we need the domain name (eg blueskylinux.net) \n (Do not supply a leading '.')\n\n\n\n" ${DIMENSIONS} 2>>$CONF echo >>$CONF echo -n "EXT-IPADDR:" >>$CONF dialog \ --backtitle "$BACKTITLE"\ --title "Setting address"\ --inputbox "\n\n\n\n Enter IP address for eth0 (external interface) \n\n\n\n" ${DIMENSIONS} 2>>$CONF echo >>$CONF echo -n "EXT-NETMASK:" >>$CONF dialog \ --backtitle "$BACKTITLE"\ --title "Setting network mask"\ --inputbox "\n\n\n\nEnter the netmask for eth0 \n\n\n\n" ${DIMENSIONS} 2>>$CONF echo >>$CONF echo -n "INT-IPADDR:" >>$CONF dialog \ --backtitle "$BACKTITLE"\ --title "Setting address"\ --inputbox "\n\n\n\nEnter IP address for eth1 (internal interface) \n\n\n\n" ${DIMENSIONS} 2>>$CONF echo >>$CONF echo -n "INT-NETMASK:" >>$CONF dialog \ --backtitle "$BACKTITLE"\ --title "Setting network mask"\ --inputbox "\n\n\n\nEnter the netmask for eth1 \n\n\n\n" ${DIMENSIONS} "255.255.255.0" 2>>$CONF echo >>$CONF echo -n "GATEWAY:" >>$CONF dialog \ --backtitle "$BACKTITLE"\ --title "Setting gateway address "\ --inputbox "\n\n\n\nEnter the default gateway address for your network \n (usually the routers address) - hit ENTER for none. \n\n\n\n" ${DIMENSIONS} 2>>$CONF echo >>$CONF echo -n "NAMESERVER-1:" >>$CONF dialog \ --backtitle "$BACKTITLE"\ --title "Setting nameserver address "\ --inputbox "\n\n\n\nEnter the address of the primary nameserver you will use \n - hit ENTER for none.\n\n\n\n" ${DIMENSIONS} 2>>$CONF echo >>$CONF echo -n "NAMESERVER-2:" >>$CONF dialog \ --backtitle "$BACKTITLE"\ --title "Setting nameserver address "\ --inputbox "\n\n\n\nEnter the address of the secondary nameserver you will use \n - hit ENTER for none.\n\n\n\n" ${DIMENSIONS} 2>>$CONF echo >>$CONF echo -n "SYSLOGHOST:" >>$CONF dialog \ --backtitle "$BACKTITLE"\ --title "Setting syslog host "\ --inputbox "\n\n\n\nEnter the address of the remote syslog server you will use \n - hit ENTER for none.\n\n\n\n" ${DIMENSIONS} 2>>$CONF echo >>$CONF if [ $? = 1 ]; then exit fi } #======================================================================================= initconf(){ dialog \ --backtitle "$BACKTITLE"\ --title "Service configuration" \ --checklist "\nPlease select which daemons/services are to be automatically started: \ [ Press SPACE to toggle an option on/off ]\n\n" ${DIMENSIONS} 9 \ "Webmin" "HTTP system administration" on \ "SSHD" "Secure shell for remote admin" off \ "Cron" "Crond daemon" on \ "NTOP" "Network monitor and analysis" off \ "DHCPD" "Configure via Webmin interface" off \ "IPSEC" "VPN settings - configure with Webmin" off \ "QOS" "TCP/IP traffic shaping - see '/bin/ri-qos'" off \ "Shorewall" "Firewall - configure with webmin" off \ "Snort" "Intrusion detection" off \ "RatTrap" "Intrusion prevention in conjuction with Snort" off \ "RevProxy" "Pound Reverse Proxy" off \ 2> ${LOGDIR}/init.log if [ $? = 1 ]; then exit fi } #======================================================================================= getrootpasswd(){ PW1="/var/tmp/pw1" PW2="/var/tmp/pw2" while [ !$passwd ] ; do dialog \ --backtitle "$BACKTITLE"\ --title "Set root password" \ --passwordbox "\n\n\n\n Please enter the new root password:\n\n\n" ${DIMENSIONS} 2>$PW1 if [ $? = 1 ]; then exit fi dialog \ --backtitle "$BACKTITLE"\ --title "Set root password" \ --passwordbox "\n\n\n\n Please enter root password again to confirm:\n\n\n" ${DIMENSIONS} 2>$PW2 if [ $? = 1 ]; then exit fi pass1=`cat $PW1` pass2=`cat $PW2` if [ $pass1 = $pass2 ]; then passwd=$pass1 return else dialog \ --backtitle "$BACKTITLE"\ --title "" \ --msgbox "\n\n\n\n Passwords do not match.\n\n Please try again." ${DIMENSIONS} if [ $? = 255 ]; then exit fi fi done } #======================================================================================= partition_drive(){ ROOTSIZE=$1 DISKDEV=`cat ${LOGDIR}/diskdev` DISKSIZE=`sfdisk -s ${DISKDEV}` TOTALCYLS=`sfdisk -g $DISKDEV | cut -d ":" -f2 | cut -d " " -f2` CYLSIZE=$((${DISKSIZE}/${TOTALCYLS})) ROOTCYLINDERS=$((${ROOTSIZE}*1024/${CYLSIZE})) dialog \ --backtitle "$BACKTITLE"\ --title "\Z1 !!WARNING!! \Zn "\ --no-collapse \ --colors \ --defaultno \ --yesno "\n\n\n\n\n \Z1 About to overwrite all partitions on the hard drive!!\Zn \n\n\n\n \Z0 Continue?\Zn \n\n\n \ \n\n\n\n\n\n\n\n " ${DIMENSIONS} if [ $? = 1 ]; then exit else >${LOGDIR}/fdisk.log tempfile=`tempfile 2>/dev/null` || tempfile=${LOGDIR}/test$$ trap "rm -f $tempfile" 0 1 2 5 15 dialog \ --backtitle "$BACKTITLE"\ --title "Partitioning ${DISKDEV}:" \ --no-kill \ --tailboxbg ${LOGDIR}/fdisk.log ${DIMENSIONS} 2>$tempfile PRINTK=`cat /proc/sys/kernel/printk` echo "0" >/proc/sys/kernel/printk echo "Clearing out bootsector" >>${LOGDIR}/fdisk.log dd if=${DISKDEV} of=/tmp/setup/block0.dd bs=1k count=512 1>>${LOGDIR}/fdisk.log 2>>${LOGDIR}/fdisk.log dd if=/dev/zero of=${DISKDEV} bs=1k count=512 1>>/${LOGDIR}/fdisk.log 2>>${LOGDIR}/fdisk.log echo "Partitioning ${DISKDEV}" >${LOGDIR}/fdisk.log fdisk -l ${DISKDEV} >>${LOGDIR}/fdisk.log expect -c 'spawn fdisk '${DISKDEV}'; \ # new first primary partition: expect "help):"; send "n\n"; \ expect "(1-4)"; send "p\n"; \ expect "(1-4):"; send "1\n"; \ # starting at cylinder 1 to cylinder ROOTCYLINDERS: expect "1):"; send "\n"; \ expect "'${CYLCOUNT}'):"; send "'${ROOTCYLINDERS}'\n"; \ # make first partition active: expect "help):"; send "a\n"; \ expect "(1-4):"; send "1\n"; \ # new second primary partition: expect "help):"; send "n\n"; \ expect "(1-4)"; send "p\n"; \ expect "(1-4):"; send "2\n"; \ # starting at ROOTCYLINDERS +1 to the end of the disk: expect "'$(($ROOTCYLINDERS + 1))'):"; send "\n"; \ expect "'${CYLCOUNT}'):"; send "\n"; \ # write and quit: expect "help):"; send "w\n"; expect "Syncing disks."; exit ' >/dev/null 2>&1 fdisk -l ${DISKDEV} >>${LOGDIR}/fdisk.log echo $PRINTK >/proc/sys/kernel/printk sleep 2; kill -3 `cat $tempfile` 2>&1 >/dev/null 2>/dev/null sync; sync fi } #======================================================================================= mkrootfilesystem(){ LOGFILE=${LOGDIR}/mkrootfs.log >${LOGFILE} DISKDEV=`cat ${LOGDIR}/diskdev` echo "Making root filesystem" tempfile=`tempfile 2>/dev/null` || tempfile=${LOGDIR}/test$$ trap "rm -f $tempfile" 0 1 2 5 15 dialog \ --backtitle "$BACKTITLE"\ --title "Making root ext3 filesystem on ${DISKDEV}1:" \ --no-kill \ --tailboxbg ${LOGFILE} ${DIMENSIONS} 2>$tempfile PRINTK=`cat /proc/sys/kernel/printk` echo "0" >/proc/sys/kernel/printk mke2fs -j ${DISKDEV}1 1>>${LOGFILE} 2>>${LOGFILE} sync; sync mount -t ext3 -v ${DISKDEV}1 /mnt 1>>${LOGFILE} 2>>${LOGFILE} echo "PRINTK" >/proc/sys/kernel/printk echo "Mounting ${DISKDEV}1 on /mnt" >>${LOGFILE} sleep 2; kill -3 `cat $tempfile` 2>&1 >/dev/null 2>/dev/null } #======================================================================================= mkscratchfilesystem(){ LOGFILE=${LOGDIR}/mkscratchfs.log >${LOGFILE} DISKDEV=`cat ${LOGDIR}/diskdev` echo "Making scratch filesystem" tempfile=`tempfile 2>/dev/null` || tempfile=${LOGDIR}/test$$ trap "rm -f $tempfile" 0 1 2 5 15 dialog \ --backtitle "$BACKTITLE"\ --title "Making scratch ext3 filesystem on ${DISKDEV}2:" \ --no-kill \ --tailboxbg ${LOGFILE} ${DIMENSIONS} 2>$tempfile PRINTK=`cat /proc/sys/kernel/printk` echo "0" >/proc/sys/kernel/printk mke2fs -j ${DISKDEV}2 1>>${LOGFILE} 2>>${LOGFILE} sync; sync echo "PRINTK" >/proc/sys/kernel/printk sleep 2; kill -3 `cat $tempfile` 2>&1 >/dev/null 2>/dev/null } #======================================================================================= copydata(){ >/var/tmp/syscopy.log tempfile=`tempfile 2>/dev/null` || tempfile=${LOGDIR}/test$$ trap "rm -f $tempfile" 0 1 2 5 15 dialog \ --backtitle "$BACKTITLE"\ --title "Installing BSL system files:" \ --no-kill \ --tailboxbg ${LOGDIR}/syscopy.log ${DIMENSIONS} 2>$tempfile find / -mount -print| cpio -pudv /mnt 1>>/var/tmp/syscopy.log 2>>/var/tmp/syscopy.log rm -rf /mnt/var/* sleep 2; kill -3 `cat $tempfile` 2>&1 >/dev/null 2>/dev/null sync; sync; sync } #======================================================================================= grubinstall(){ >${LOGDIR}/grubinstall.log DISKDEV=`cat ${LOGDIR}/diskdev` task=`cat ${LOGDIR}/task` if [ ${task} = 2 ]; then # build USB stick echo "Installing grub to USBstick" >${LOGDIR}/grubinstall.log TARGETDISKDEV="/dev/sda" # it the usbstick is /dev/sdd here it will be sda on the target system. # cannot boot otherwise. else TARGETDISKDEV=${DISKDEV} # installing to this machine so device naming will not change. fi tempfile=`tempfile 2>/dev/null` || tempfile=${LOGDIR}/test$$ trap "rm -f $tempfile" 0 1 2 5 15 dialog \ --backtitle "$BACKTITLE"\ --title "Installing GRUB bootloader:" \ --no-kill \ --tailboxbg ${LOGDIR}/grubinstall.log ${DIMENSIONS} 2>$tempfile echo "Updating grub.conf" >>${LOGDIR}/grubinstall.log KERNEL586=`basename /mnt/boot/kernel*586*` echo " default 0 timeout 10 splashimage=(hd0,0)/boot/grub/bslsplash.xpm.gz title BSL (i586) root (hd0,0) kernel /boot/$KERNEL586 root=${TARGETDISKDEV}1 ramdisk_size=8192 vga=788 ro devfs=nomount " >/mnt/boot/grub/grub.conf echo "Building device.map" >>${LOGDIR}/grubinstall.log echo "(hd0) ${DISKDEV}" >/mnt/boot/grub/device.map echo "Installing GRUB bootloader to ${DISKDEV}" >>${LOGDIR}/grubinstall.log echo "Please wait...." >>${LOGDIR}/grubinstall.log echo "grub-install --root-directory=/mnt ${DISKDEV}" >>${LOGDIR}/grubinstall.log grub-install --root-directory=/mnt ${DISKDEV} 1>>${LOGDIR}/grubinstall.log 2>>${LOGDIR}/grubinstall.log sync; sync echo "Rebuilding device.map" >>${LOGDIR}/grubinstall.log echo "(hd0) ${TARGETDISKDEV}" >/mnt/boot/grub/device.map echo "Updating mtab" >>${LOGDIR}/grubinstall.log echo "${TARGETDISKDEV}1 / ext3 rw 0 0 proc /proc proc rw 0 0 /dev/ram0 /var ext2 rw 0 0 /dev/cloop0 /usr iso9660 ro 0 0 devpts /dev/pts devpts rw,gid=5,mode=620 0 0 " >/mnt/etc/mtab echo "Updating fstab" >>${LOGDIR}/grubinstall.log echo "${TARGETDISKDEV}1 / ext3 defaults 1 1 devpts /dev/pts devpts gid=5,mode=620 0 0 proc /proc proc defaults 0 0">/mnt/etc/fstab sleep 5 kill -3 `cat $tempfile` 2>&1 >/dev/null 2>/dev/null sync } #======================================================================================= sysinits(){ tempfile=`tempfile 2>/dev/null` || tempfile=${LOGDIR}/test$$ trap "rm -f $tempfile" 0 1 2 5 15 >${LOGDIR}/postinstall.log dialog \ --backtitle "$BACKTITLE"\ --title "Post install configuration:" \ --no-kill \ --tailboxbg ${LOGDIR}/postinstall.log ${DIMENSIONS} 2>$tempfile webmin=`grep Webmin ${LOGDIR}/init.log` sshd=`grep SSHD ${LOGDIR}/init.log` crond=`grep Cron ${LOGDIR}/init.log` dhcpd=`grep DHCPD ${LOGDIR}/init.log` ntop=`grep NTOP ${LOGDIR}/init.log` ipsec=`grep IPSEC ${LOGDIR}/init.log` qos=`grep QOS ${LOGDIR}/init.log` shorewall=`grep Shorewall ${LOGDIR}/init.log` snortd=`grep Snort ${LOGDIR}/init.log` ratrapd=`grep RatTrap ${LOGDIR}/init.log` revproxy=`grep RevProxy ${LOGDIR}/init.log` cd /mnt/etc/rc.d chmod 755 init.d/* cd rc3.d; ln -s ../init.d/network S10network ; cd .. cd rc3.d; ln -s ../init.d/routes S12routes ; cd .. cd rc3.d; ln -s ../init.d/sysklogd S15syslog ; cd .. cd rc0.d; ln -s ../init.d/mountfs K70mountfs ; cd .. cd rc6.d; ln -s ../init.d/mountfs K70mountfs ; cd .. if [ "$webmin" ]; then echo "Enabling Webmin" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/webmin S95webmin cd ../rc0.d; ln -s ../init.d/webmin K28webmin cd ../rc6.d; ln -s ../init.d/webmin K28webmin cd .. fi if [ "$sshd" ]; then echo "Enabling SSHD" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/sshd S95sshd cd .. fi if [ "$crond" ]; then echo "Enabling crond" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/crond S70crond cd .. fi if [ "$dhcpd" ]; then echo "Enabling DHCPD" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/dhcpd S28dhcpd ; ln -s ../init.d/thttpd S28thttpd cd ../rc0.d; ln -s ../init.d/dhcpd K28dhcpd ; ln -s ../init.d/thttpd K28thttpd cd ../rc6.d; ln -s ../init.d/dhcpd K28dhcpd ; ln -s ../init.d/thttpd K28thttpd cd .. fi if [ "$ntop" ]; then echo "Enabling NTOP" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/ntop S95ntop cd ../rc0.d; ln -s ../init.d/ntop K28ntop cd ../rc6.d; ln -s ../init.d/ntop K28ntop cd .. fi if [ "$ipsec" ]; then echo "Enabling IPSEC VPN" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/ipsec S47ipsec cd .. fi if [ "$qos" ]; then echo "Enabling QOS" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/qos S28qos cd .. fi if [ "$shorewall" ]; then echo "Enabling Shorewall firewall" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/shorewall S21shorewall cd .. fi if [ "$snortd" ]; then echo "Enabling SNORT IDS" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/snortd S22snortd cd .. fi if [ "$ratrapd" ]; then echo "Enabling RatTrap IPS" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/ratrap S23ratrapd cd .. fi if [ "$revproxy" ]; then echo "Enabling Pound Reverse Proxy" >>${LOGDIR}/postinstall.log cd rc3.d; ln -s ../init.d/pound S21pound cd .. fi cd / sync } #======================================================================================= mkinittab(){ echo " id:3:initdefault: si::sysinit:/etc/rc.d/init.d/rc sysinit l0:0:wait:/etc/rc.d/init.d/rc 0 l1:S1:wait:/etc/rc.d/init.d/rc 1 l2:2:wait:/etc/rc.d/init.d/rc 2 l3:3:wait:/etc/rc.d/init.d/rc 3 l4:4:wait:/etc/rc.d/init.d/rc 4 l5:5:wait:/etc/rc.d/init.d/rc 5 l6:6:wait:/etc/rc.d/init.d/rc 6 su:S016:once:/sbin/sulogin 1:2345:respawn:/sbin/agetty tty1 9600 2:2345:respawn:/sbin/agetty tty2 9600 s1:2345:respawn:/sbin/agetty ttyS0 9600 s2:2345:respawn:/sbin/agetty ttyS1 9600 " >/mnt/etc/inittab sync } #======================================================================================= mknetconf(){ echo "Configuring network settings" >>${LOGDIR}/postinstall.log cp /var/tmp/netdevice /mnt/etc/sysconfig HOSTNAME=`grep HOSTNAME ${LOGDIR}/netconfig| cut -d ":" -f2` DOMAIN=`grep DOMAIN ${LOGDIR}/netconfig| cut -d ":" -f2` FQDN=$HOSTNAME.$DOMAIN echo "NETWORKING=yes FORWARD_IPV4=yes HOSTNAME=$FQDN">/mnt/etc/sysconfig/network IP=`grep EXT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` if [ $IP ]; then NM=`grep EXT-NETMASK ${LOGDIR}/netconfig| cut -d ":" -f2` GW=`grep GATEWAY ${LOGDIR}/netconfig| cut -d ":" -f2` BC=`/bin/ipmask $NM $IP| cut -f1 -d ' '` echo "ONBOOT=yes DEVICE=eth0 SERVICE=static IPADDR=$IP NETMASK=$NM GATEWAY=$GW BROADCAST=$BC" >/mnt/etc/sysconfig/network-scripts/ifcfg-eth0 fi # echo " # # hosts This file describes a number of hostname-to-address # mappings for the TCP/IP subsystem. It is mostly # used at boot time, when no name servers are running. # On small systems, this file can be used instead of a # "named" name server. Just add the names, addresses # and any aliases to this file... # # By the way, Arnt Gulbrandsen says that 127.0.0.1 # should NEVER be named with the name of the machine. It causes problems # for some (stupid) programs, irc and reputedly talk. :^) # # For loopbacking. 127.0.0.1 localhost.localnet localhost " >/mnt/etc/hosts if [ $IP ]; then echo " $IP $HOSTNAME.$DOMAIN $HOSTNAME ">> /mnt/etc/hosts fi IP=`grep INT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` if [ $IP ]; then NM=`grep INT-NETMASK ${LOGDIR}/netconfig| cut -d ":" -f2` BC=`/bin/ipmask $NM $IP| cut -f1 -d ' '` echo "ONBOOT=yes DEVICE=eth1 SERVICE=static IPADDR=$IP NETMASK=$NM BROADCAST=$BC" >/mnt/etc/sysconfig/network-scripts/ifcfg-eth1 echo "$IP $HOSTNAME.localnet ">> /mnt/etc/hosts fi NS1=`grep NAMESERVER-1 ${LOGDIR}/netconfig| cut -d ":" -f2` NS2=`grep NAMESERVER-2 ${LOGDIR}/netconfig| cut -d ":" -f2` echo "search $DOMAIN nameserver $NS1 nameserver $NS2" >/mnt/etc/resolv.conf sync } #======================================================================================= setkbdlang(){ LANG=`cat ${LOGDIR}/lang` echo "Setting keyboard to $LANG" >>${LOGDIR}/postinstall.log echo "KEYMAP=$LANG" >/mnt/etc/sysconfig/console sync } #======================================================================================= mkwebminconf(){ IP=`grep INT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` if [ ! $IP ]; then IP=`grep EXT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` fi echo "Configuring webmin server to bind on local interface, $IP" >>${LOGDIR}/postinstall.log echo "port=10000 root=/webmin mimetypes=/webmin/mime.types addtype_cgi=internal/cgi realm=Webmin Server logfile=/var/webmin/miniserv.log errorlog=/var/webmin/miniserv.error pidfile=/var/webmin/miniserv.pid logtime=168 ppath= ssl=0 env_WEBMIN_CONFIG=/etc/webmin env_WEBMIN_VAR=/var/webmin atboot=1 logout=/etc/webmin/logout-flag listen=10000 denyfile=\.pl$ log=1 blockhost_failures=5 blockhost_time=60 syslog=0 session=1 userfile=/etc/webmin/miniserv.users keyfile=/etc/webmin/miniserv.pem passwd_file=/etc/shadow passwd_uindex=0 passwd_pindex=1 passwd_cindex=2 passwd_mindex=4 passwd_mode=0 bind=$IP sockets=">/mnt/etc/webmin/miniserv.conf sync } #======================================================================================= mkratrapconf(){ echo "Building ratrap.conf " >>${LOGDIR}/postinstall.log SYSLOGHOST=`grep SYSLOGHOST ${LOGDIR}/netconfig| cut -d ":" -f2` GW=`grep GATEWAY ${LOGDIR}/netconfig| cut -d ":" -f2` echo " # Config file for Ratrap snort logger. Gateway $GW # gateway address. SyslogHost $SYSLOGHOST # machine to report to via syslog. IPtables /usr/sbin/iptables # firewall manipulation program. IPtableChains INPUT # INPUT, OUTPUT, FORWARD. Add FORWARD if bridging. FWactions DROP # what to do with miscreant packets: drop and/or tarpit IFconfig /sbin/ifconfig IProute /sbin/route PublicInterface eth0 # public network interface: eth0,eth1 or even br0. LogFile /var/log/ratrap.log # our log file. Blacklist /var/log/blacklist # our blacklist file used to preserve state over reboots/reloads. Whitelist /etc/sysconfig/whitelist # our whitelist file of friendly IPs that snort keeps reporting. SnortFIFO /var/log/snort.fifo # Snort writes to this FIFO via syslog. Timeout 86400 # seconds that addresses are blocked for. AlarmPeriod 60 # seconds between checking for timed-out blocked addresses. TriggerLevel 2 # attack priority as reported by Snort. >2 is not critical. SyslogLevel local4.notice # syslog facility and level. ">/mnt/etc/sysconfig/ratrap.conf sync } #======================================================================================= mksyslogconf(){ echo "Building syslog.conf " >>${LOGDIR}/postinstall.log echo " # Begin /etc/syslog.conf # Choice of three:- log to server, local disk or /dev/null # # 1. Log to syslogserver:" >/mnt/etc/syslog.conf if [ $SYSLOGHOST ]; then echo " *.* @$SYSLOGHOST ">>/mnt/etc/syslog.conf else echo "# *.* @111.222.333.444 ">>/mnt/etc/syslog.conf fi echo " # 2. Log to disk file. Do not enable local syslogging unless # absolutely necessary because there is limited diskspace in /var. # # If local logging is enabled, IT MUST BE DISABLED BEFORE YOU FINISH!! #*.* /var/log/syslog # # 3. Log to /dev/null:" >>/mnt/etc/syslog.conf if [ $SYSLOGHOST ]; then echo "#*.* /dev/null ">>/mnt/etc/syslog.conf else echo "*.* /dev/null ">>/mnt/etc/syslog.conf fi echo " # log snort alerts to fifo for ratrap to read: local3.* |/var/log/snort.fifo # End /etc/syslog.conf ">>/mnt/etc/syslog.conf sync } #======================================================================================= mkpoundconf(){ IP=`grep EXT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` echo " RootJail /var/jailroot/pound ListenHTTP $IP,80 User nobody Group nogroup LogLevel 4 Err503 \"/etc/pound/pound.503\" #UrlGroup \".*\" # HeadRequire Host \".*www.sample.com.*\" # BackEnd 192.168.0.237,80,1 #EndGroup ">/mnt/etc/sysconfig/pound.cfg } mkdhcpdconf(){ IP=`grep INT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` NM=`grep INT-NETMASK ${LOGDIR}/netconfig| cut -d ":" -f2` ROUTER=$IP if [ ! $IP ]; then IP=`grep EXT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` NM=`grep EXT-NETMASK ${LOGDIR}/netconfig| cut -d ":" -f2` ROUTER=`grep GATEWAY ${LOGDIR}/netconfig| cut -d ":" -f2` fi NETADDR=`echo $IP| cut -d "." -f1`.`echo $IP|cut -d "." -f2`.`echo $IP|cut -d "." -f3` BROADCAST=`ipmask $NM $IP| cut -f2 -d ' '` SUBNET=`ipmask $NM $IP| cut -f2 -d ' '` echo "### BSL configuration file for ISC dhcpd ### dhcpd.conf ### ### This tells the DHCP server that option 252 exists ### #option custom-proxy-server code 252 = text; ### ### # #default-lease-time 600; #max-lease-time 7200; # #authoritative; # ### Use this to send dhcp log messages to a different log file (you also ### have to hack syslog.conf to complete the redirection). ##log-facility local7; #ddns-update-style ad-hoc; # #subnet $SUBNET netmask $NM { # range $NETADDR.41 $NETADDR.100 ; # option domain-name-servers 193.113.57.243, 195.40.0.250; # option domain-name \"blueskylinux.net\"; # option routers $ROUTER; # option broadcast-address $BROADCAST; #} ### this line tells IE to go to the place where the script for the proxy server is ### the \n here helps to stop IE truncating the url # option custom-proxy-server \"http://$IP/proxy.pac\n\"; # default-lease-time 600; # max-lease-time 7200; # " >/mnt/etc/sysconfig/dhcpd.conf sync } #======================================================================================= mkthttpconf(){ IP=`grep INT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` if [ ! $IP ]; then IP=`grep EXT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` fi echo " dir=/etc/thttpd cgipat=**.cgi logfile=/var/log/thttpd pidfile=/var/run/thttpd.pid port=8180 host=$IP ">/mnt/etc/sysconfig/thttpd.conf sync } #======================================================================================= mkproxypak(){ IP=`grep INT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` NM=`grep INT-NETMASK ${LOGDIR}/netconfig| cut -d ":" -f2` if [ ! $IP ]; then IP=`grep EXT-IPADDR ${LOGDIR}/netconfig| cut -d ":" -f2` NM=`grep EXT-NETMASK ${LOGDIR}/netconfig| cut -d ":" -f2` fi SUBNET=`ipmask $NM $IP| cut -f2 -d ' '` echo " function FindProxyForURL(url,host) { if(isPlainHostName(host)|| isInNet(host,\"$SUBNET\",\"$NM\")) return \"DIRECT\"; else return \"PROXY 102.1.0.102:8080; DIRECT\"; } ">/mnt/etc/thttpd/proxy.pak sync } #======================================================================================= setrootpasswd(){ pass=`cat /var/tmp/pw1` passwd=`openssl passwd -1 $pass` echo "root:$passwd:12507:0:99999:7:::">/mnt/etc/shadow echo "sshd:!:12507:0:99999:7:::" >>/mnt/etc/shadow echo "nobody:!:12514:0:99999:7:::" >>/mnt/etc/shadow chmod 400 /mnt/etc/shadow echo "root:x:0:0:root:/root:/bin/bash" >/mnt/etc/passwd echo "daemon:x:2:2:daemon:/sbin/nologin">>/mnt/etc/passwd echo "nobody:x:99:99::/:/bin/bash">>/mnt/etc/passwd echo "sshd:x:1000:100::/sbin/nologin">>/mnt/etc/passwd rm -rf /var/tmp/pw[1-2] } #======================================================================================= copycfs(){ >${LOGDIR}/cfs.log tempfile=`tempfile 2>/dev/null` || tempfile=${LOGDIR}/test$$ trap "rm -f $tempfile" 0 1 2 5 15 dialog \ --backtitle "$BACKTITLE"\ --title "Installing BSL compressed filesystems:" \ --no-kill \ --tailboxbg ${LOGDIR}/cfs.log ${DIMENSIONS} 2>$tempfile echo "Copying precompressed /usr filesystems (may take some time)">>${LOGDIR}/cfs.log cp -v /cdrom/*_usr.z /mnt/state/ >>${LOGDIR}/cfs.log echo "Copying precompressed /var filesystems">>${LOGDIR}/cfs.log cp -v /cdrom/*_var.tbz /mnt/state/ >>${LOGDIR}/cfs.log kill -3 `cat $tempfile` 2>&1 >/dev/null 2>/dev/null sync; sync } #======================================================================================= cleanup(){ echo "Cleaning up">>${LOGDIR}/postinstall.log rm -rf /mnt/etc/ssh/*key* rm -rf /mnt/tmp/* rm -f /var/tmp/pw1 rm -f /var/tmp/pw2 mkdir /mnt/tmp/setup mkdir /mnt/root/updates mkdir /mnt/root/scratch mv /var/tmp/* /mnt/tmp/setup/ cp /skels/checkfs /mnt/etc/rc.d/init.d/ cp /skels/cleanfs /mnt/etc/rc.d/init.d/ cp /skels/mountfs /mnt/etc/rc.d/init.d/ cp /skels/mountkernfs /mnt/etc/rc.d/init.d/ sync; sync sleep 2 kill -3 `cat $tempfile` 2>&1 >/dev/null 2>/dev/null } #======================================================================================= reboot(){ dialog \ --backtitle "$BACKTITLE"\ --title "Finished" \ --no-collapse \ --beep \ --colors \ --yesno "\n\n\n\n\n \ Installation complete! \n\n\n\n \ Reboot?\n\n" 25 70 if [ $? = 1 ]; then umount /mnt clear; reset exit fi clear; reset umount /mnt shutdown -r now } #======================================================================================= #main Warning getlang taskselect task=`cat ${LOGDIR}/task` case "$task" in 1) # install to hdd with 256MB root partition: diskselect checkdisksize 256 nicdetect getrootpasswd getnetinfo initconf partition_drive 256 mkrootfilesystem mkscratchfilesystem copydata sysinits mkinittab mknetconf setkbdlang mkwebminconf mkratrapconf mksyslogconf mkpoundconf mkdhcpdconf mkthttpconf mkproxypak setrootpasswd copycfs grubinstall cleanup rm -rf /mnt/bin/setup rm -rf /mnt/var/* rm -rf /mnt/etc/issue ( cd /mnt/etc/rc.d/rc3.d && ln -s ../init.d/issue S22issue ) reboot ;; 2) # make usb (/dev/sda) installer with 128MB root partition: PRINTK=`cat /proc/sys/kernel/printk` echo "0" >/proc/sys/kernel/printk usbselect checkdisksize 128 partition_drive 128 mkrootfilesystem copydata copycfs grubinstall /dev/sda echo ${PRINTK} >/proc/sys/kernel/printk cleanup reboot ;; *) echo "Sys error - how did you get here?" exit ;; esac #endprog