Re: [OT] secure, minimal Debian installation for linux-based thin clients?
> > Towards the end of the Debian installation process, when you're asked
> > whether you want to run tasksel or dselect, you can choose dselect
> > and
> > exit it before installing any packages. If you do that, you're left
> > with a really minimal install. You might be able to base your work
> > on
> > this.
> since this is the way I usually work and I've tried to build a debian
> based thin client myself.....I can say that woody base contains a lot
> of packages which you really don't want/need on a thin client.
>
> Gr,
>
> Ivo van Dongen
...
One way to do it is to have:
# ls -l
total 56
...
drwxr-xr-x 19 root root 4096 Oct 20 11:08 deb
...
lrwxrwxrwx 1 root root 33 Nov 30 2001 e2fs_stage1_5 -> ../grub-0.90/stage2/e2fs_stage1_5
lrwxrwxrwx 1 root root 22 Nov 30 2001 grub -> ../grub-0.90/grub/grub
-rw-r--r-- 1 root root 502 Oct 20 11:32 mkdisk
...
drwxr-xr-x 6 root root 4096 Nov 28 2001 add
-rw-r--r-- 1 root root 2491 Oct 20 11:23 pkg.list
drwxr-xr-x 19 root root 4096 Dec 4 2001 slim
lrwxrwxrwx 1 root root 26 Nov 30 2001 stage1 -> ../grub-0.90/stage1/stage1
lrwxrwxrwx 1 root root 26 Nov 30 2001 stage2 -> ../grub-0.90/stage2/stage2
-rwxr-xr-x 1 root root 573 Oct 20 11:11 trimming
...
-rwxr-xr-x 1 root root 800 Oct 20 11:17 updhostname...
where "deb" is a minimal install of debian:
# chroot deb dpkg --get-selections > pkg.list
"add" is whatever custom things you want to add and "slim" is a
generated trimmed down root of the thin clients.
# du -s deb add slim
99304 deb
4352 add
42092 slim
you generate slim with trimming, and customize it to a specific client
with updhostname..., and write to disk with mkdisk. Later you can
update the clients with mirrordir (found with apt-get install
mirrordir).
Regards,
/Karl
-----------------------------------------------------------------------
Karl Hammar Aspö Data karl@kalle.csb.ki.se
Lilla Aspö 2340 +46 173 140 57 Networks
S-742 94 Östhammar +46 18 26 09 00 Computers
Sweden +46 10 270 26 67 Consulting
-----------------------------------------------------------------------
#!/bin/sh
if [ $# = 0 ]
then
echo Usage:
echo " mkdisk <ip> <hostname>"
exit 1
fi
UNITID=$1
dd if=/dev/zero of=/dev/hdc count=50
sfdisk -uM /dev/hdc << EOF
0,30,L,*
,
;
EOF
mkfs.ext2 /dev/hdc1
mkfs.ext2 /dev/hdc2
#mkswap /dev/hdc2
mount /dev/hdc1 mnt
mkdir mnt/usr
mount /dev/hdc2 mnt/usr
cp -a current/* mnt
chroot mnt updhostname... $1 $2
umount mnt/usr
umount mnt
./grub --batch <<EOT 1>/dev/null 2>/dev/null
root (hd2,0)
install /boot/stage1 (hd2) /boot/stage2 p
quit
EOT
#!/bin/sh
IP=$1
HOST=$2
root=$3
if [ $? -ne 0 ]
then
cat <<EOF
Usage: unitset <ipaddr> <hostname> [<root of filesystem>]
Synopsis:
change hostname ip-number
EOF
exit 1
fi
export LANG=C
perl -pi.org -e "s/172\.16\.0\.1/$IP/" $root/etc/network/interfaces
perl -pi.org -e "s/HOSTNAME/$HOSTNAME/" \
$root/etc/exim/exim.conf
echo $HOSTNAME > $root/etc/hostname
echo $HOSTNAME > $root/etc/mailname
ALIAS=`echo $HOSTNAME | sed -e 's/\..*$//'`
echo "$IP $HOSTNAME $ALIAS" >> $root/etc/hosts
umask 022
rm $root/etc/ssh/ssh_host_*key
ssh-keygen -t rsa1 -N '' -f $root/etc/ssh/ssh_host_key # >/dev/null
ssh-keygen -t rsa -N '' -f $root/etc/ssh/ssh_host_rsa_key # >/dev/null
ssh-keygen -t dsa -N '' -f $root/etc/ssh/ssh_host_dsa_key # >/dev/null
#!/bin/sh
rm -rf slim/*
cp -a all/* slim
cp -a add/* slim
cd slim
mv etc/cron.d/exim etc/cron.daily/0exim
rm etc/cron.*/sysklogd
rm etc/resolv.conf
rm -rf lib/modules/*
rm -rf var/lib/apt
rm -rf var/lib/dpkg
rm -rf var/cache/*
rm -f var/spool/cron/crontabs/uucp
cd usr
#rm lib/gconv/???
cd share
rm -rf unidata/*
rm -rf man/*
rm -rf doc/*
rm -rf keymaps/{amiga,atari,mac,sun}
rm -rf info/*
find zoneinfo -type f | grep -v ^./zoneinfo/Europe/Stockholm | xargs rm
rm -rf terminfo
ln -s ../../etc/terminfo .
cd locale
ls | grep -v en$ | grep -v sv | xargs rm -rf
adduser install
adjtimex install
apt install
apt-utils install
at install
base-files install
base-passwd install
bash install
bsdmainutils install
bsdutils install
console-common install
console-data install
console-tools install
console-tools-libs install
cpio install
cron install
debconf install
debianutils install
dhcp-client install
diff install
dpkg install
e2fsprogs install
ed install
exim install
file install
file-rc install
fileutils install
findutils install
gettext-base install
gkermit install
grep install
grub install
gzip install
host install
hostname install
ifupdown install
ipchains install
kernel-image-2.2.20v2 install
klogd install
less install
lftp install
libc6 install
libcap1 install
libdb2 install
libdb3 install
libident install
libldap2 install
liblockfile1 install
liblwres1 install
libncurses5 install
libnewt0 install
libpam-modules install
libpam-runtime install
libpam0g install
libpcap0 install
libpcre3 install
libperl5.6 install
libpopt0 install
libreadline4 install
libsasl7 install
libssl0.9.6 install
libstdc++2.10 install
libstdc++2.10-glibc2.2 install
libwrap0 install
login install
logrotate install
lsof install
mailx install
makedev install
mawk install
mgetty install
mirrordir install
modutils install
mount install
ncftp install
ncurses-base install
ncurses-bin install
ncurses-term install
net-tools install
netbase install
netkit-inetd install
netkit-ping install
ntp-simple install
ntpdate install
passwd install
patch install
perl-base install
ppp install
pppconfig install
procps install
psmisc install
rdate install
rsync install
sed install
setserial install
sharutils install
shellutils install
slang1 install
socket install
ssh install
stat install
strace install
sysklogd install
sysvinit install
tar install
tcpd install
telnet install
telnetd install
textutils install
time install
tree install
update install
util-linux install
uucp install
vlock install
whiptail install
zile install
zlib1g install
Reply to: