FSL moved to Xfce

This commit is contained in:
Fabian Affolter 2013-08-13 13:51:50 +02:00
parent ca841d2202
commit 4411338736

View File

@ -4,358 +4,130 @@
# A fully functional live OS based on Fedora for use in security auditing, # A fully functional live OS based on Fedora for use in security auditing,
# forensics research, and penetration testing. # forensics research, and penetration testing.
# Maintainers: # Maintainers:
# Christoph Wickert <cwickert [AT] fedoraproject <dot> org> # Fabian Affolter <fab [AT] fedoraproject <dot> org>
# Joerg Simon <jsimon [AT] fedoraproject <dot> org> # Joerg Simon <jsimon [AT] fedoraproject <dot> org>
# Fabian Affolter <fab [AT] fedoraproject <dot> org> # Christoph Wickert <cwickert [AT] fedoraproject <dot> org>
# Acknowledgements: # Acknowledgements:
# Fedora LiveCD Xfce Spin team - some work here was inherited, many thanks! # Fedora LiveCD Xfce Spin team - some work here was and will be inherited,
# many thanks!
# Fedora LXDE Spin - Copied over stuff to make LXDE Default # Fedora LXDE Spin - Copied over stuff to make LXDE Default
# Luke Macken, Adam Miller for the original OpenBox Security ks and all # Luke Macken and Adam Miller for the original OpenBox Security ks and all
# the Security Applications! # the Security Applications!
# Hiemanshu Sharma <hiemanshu [AT] fedoraproject <dot> org> # Hiemanshu Sharma <hiemanshu [AT] fedoraproject <dot> org>
# Important!!!!
# Beginning with Security Stuff - we use pattern to parse the kickstart file
# for building the security menu - please use
# # Category: Categoryname <- for new Categories
# # Command: Commandname <- for the given Command
# # rCommand: Commandname <- for a command as root
# # Entry: Menu-Entry <- for the MenuEntry Name (optional)
%include fedora-live-base.ks %include fedora-live-base.ks
%include fedora-live-minimization.ks %include fedora-live-minimization.ks
%packages %packages
### LXDE desktop @xfce-desktop
@lxde-desktop @xfce-apps
lxlauncher #@xfce-extra-plugins
obconf #@xfce-media
lxdm #@xfce-office
#@firefox
### internet # Security tools (not ready at the moment)
firefox @security-lab
icedtea-web security-menus
pidgin
sylpheed
transmission
### graphics
#mtpaint
### audio & video
alsa-plugins-pulseaudio
asunder
lxmusic
gxine
gxine-mozplugin
pavucontrol
pnmixer
# I'm looking for something smaller than
#gnomebaker
### utils
galculator
parcellite
xpad
### system
gigolo
Terminal
### more desktop stuff
fedora-icon-theme
adwaita-cursor-theme
adwaita-gtk2-theme
adwaita-gtk3-theme
# pam-fprint causes a segfault in LXDM when enabled
-fprintd-pam
# needed for automatic unlocking of keyring (#643435)
gnome-keyring-pam
network-manager-applet
# needed for xdg-open to support LXDE
perl-File-MimeInfo
xcompmgr
xdg-user-dirs-gtk
xscreensaver-extras
# use yumex instead of gnome-packagekit
#yumex
-apper
-gnome-packagekit
# LXDE has lxpolkit. Make sure no other authentication agents end up in the spin.
-polkit-gnome
-polkit-kde
# make sure xfce4-notifyd is not pulled in
notification-daemon
-xfce4-notifyd
# make sure xfwm4 is not pulled in for firstboot
# https://bugzilla.redhat.com/show_bug.cgi?id=643416
metacity
# Command line
powertop
wget
yum-utils
# dictionaries are big
-aspell-*
-hunspell-*
-man-pages-*
-words
# save some space # save some space
-sendmail -autofs
ssmtp
-acpid -acpid
-gimp-help
-desktop-backgrounds-basic
-realmd # only seems to be used in GNOME
-PackageKit* # we switched to yumex, so we don't need this
-aspell-* # dictionaries are big
-man-pages-*
# drop some system-config things # drop some system-config things
-system-config-boot -system-config-boot
#-system-config-language #-system-config-network
-system-config-rootpassword -system-config-rootpassword
#-system-config-services #-system-config-services
-policycoreutils-gui -policycoreutils-gui
-gnome-disk-utility
# we need UPower for suspend and hibernate # exclude some packages to save some space
upower # use './fsl-maintenance.py -l' in your security spin git folder to build
-ArpON
###################### Security Stuffs ############################ -bonesi
security-menus -cmospwd
################################################################## -dnstop
# Category: Reconnaissance -hfsutils
# rCommand: dsniff -h -honeyd
dsniff -kismon
# rCommand: hping -h -netsed
hping3 -onesixtyone
nc6 -pdfcrack
nc -picviz-gui
# Command: ncrack -h -prelude-lml
ncrack -prelude-manager
ngrep -prewikka
# rCommand: nmap -h -proxychains
nmap -pyrit
# Command: zenmap-root -raddump
nmap-frontend -safecopy
# Command: p0f -h -scalpel
p0f -sslstrip
# rCommand: sing -h -tcpreen
sing -tcpreplay
# Command: scanssh -h -tripwire
#temp takout scanssh -wipe
# rCommand: scapy -h
scapy
# Command: socat
# Entry: Socket cat
socat
# rCommand: tcpdump -h
tcpdump
# rCommand: unicornscan -h
unicornscan
# rCommand: wireshark
# Entry: Wireshark
wireshark-gnome
# Command: xprobe2
xprobe2
# Command: nbtscan
nbtscan
# Command: tcpxtract
tcpxtract
# Command: firewalk
# Entry: Firewalk
firewalk
# Command: hunt
# Entry: Hunt
hunt
# Command: dnsenum -h
# Entry: DNS Enumeration
dnsenum
# rCommand: iftop
iftop
# Command: argus -h
argus
# rCommand: ettercap -C
# Entry: Ettercap
ettercap
ettercap-gtk
# rCommand: packETH
packETH
# rCommand: iptraf-ng
iptraf-ng
pcapdiff
# rCommand: etherape
etherape
# Command: lynis
lynis
# rCommand: netsniff-ng
netsniff-ng
# Command: tcpjunk -x
tcpjunk
# rCommand: ssldump -h
ssldump
# rCommand: yersinia -G
# Entry: Yersinia
yersinia
net-snmp
# Command: openvas-client
# Entry: OpenVAS Client
openvas-client
openvas-scanner
#################################################################
# Category: Forensics
# Command: ddrescue -h
ddrescue
# Command: gparted
gparted
hexedit
# rCommand: testdisk -h
testdisk
# Command: foremost -h
# Entry: Foremost Filecarver
foremost
# Command: sectool-gui
# Entry: sectool
sectool-gui
scanmem
sleuthkit
# Command: unhide
unhide
# Command: examiner
# Entry: ELF Examiner
examiner
dc3dd
afftools
# Command: srm -h
# Entry: Securely Remove Files
srm
# Command: nwipe
# Entry: Securely erase disks
nwipe
# Command: firstaidkit -g gtk
# Entry: First Aid Kit
#firstaidkit-plugin-all #temp removed - dependency to grub2
ntfs-3g
ntfsprogs
#####################################################################
# Category: WebApplicationTesting
# Command: httping -h
httping
# Command: nikto -help
# Entry: Nikto Websecurity Scanner
nikto
# Command: ratproxy -h
ratproxy
# Command: lbd
# Entry: Load Balancing Detector
lbd
# Command: skipfish
skipfish
# Command: sqlninja
sqlninja
#######################################################################
# Category: Wireless
# Command: aircrack-ng
aircrack-ng
# Command: airsnort
airsnort
# rCommand: kismet
kismet
# Command: weplab
# Entry: Wep Key Cracker
weplab
# Command: wavemon
wavemon
#######################################################################
# Category: CodeAnalysis
# Command: splint
splint
# Command: pscan
pscan
# Command: flawfinder
# Entry: Flawfinder
flawfinder
# Command: rats
# Entry: Rough Auditing Tool for Security
rats
######################################################################
# Category: IntrusionDetection
# rCommand: chkrootkit
chkrootkit
# Command: aide -h
aide
labrea
# Command: honeyd -h
# Entry: Honeypot Daemon
# temp removal
#honeyd
# Command: pads -h
# Entry: Passive Asset Detection System
pads
nebula
# Command: rkhunter
# Entry: RootKitHunter
rkhunter
########################################################################
# Category: PasswordTools
# Command: john
john
# Command: ophcrack
# Entry: Objectif Securite ophcrack
ophcrack
# Command: medusa -d
# Entry: Medusa Brute Force
medusa
%end %end
%post %post
# LXDE and LXDM configuration # xfce configuration
# This is a huge file and things work ok without it
rm -f /usr/share/icons/HighContrast/icon-theme.cache
# create /etc/sysconfig/desktop (needed for installation) # create /etc/sysconfig/desktop (needed for installation)
cat > /etc/sysconfig/desktop <<EOF cat > /etc/sysconfig/desktop <<EOF
PREFERRED=/usr/bin/startlxde PREFERRED=/usr/bin/startxfce4
DISPLAYMANAGER=/usr/sbin/lxdm DISPLAYMANAGER=/usr/sbin/lightdm
EOF EOF
cat >> /etc/rc.d/init.d/livesys << EOF cat >> /etc/rc.d/init.d/livesys << EOF
# disable screensaver locking and make sure gamin gets started
cat > /etc/xdg/lxsession/LXDE/autostart << FOE mkdir -p /home/liveuser/.config/xfce4
/usr/libexec/gam_server
@lxpanel --profile LXDE cat > /home/liveuser/.config/xfce4/helpers.rc << FOE
@pcmanfm --desktop --profile LXDE MailReader=sylpheed-claws
/usr/libexec/notification-daemon FileManager=Thunar
WebBrowser=midori
FOE FOE
# set up preferred apps # disable screensaver locking (#674410)
cat > /etc/xdg/libfm/pref-apps.conf << FOE cat >> /home/liveuser/.xscreensaver << FOE
[Preferred Applications] mode: off
WebBrowser=firefox.desktop lock: False
MailClient=redhat-sylpheed.desktop dpmsEnabled: False
FOE FOE
# set up auto-login for liveuser # deactivate xfconf-migration (#683161)
sed -i 's|# autologin=dgod|autologin=liveuser|g' /etc/lxdm/lxdm.conf rm -f /etc/xdg/autostart/xfconf-migration-4.6.desktop || :
# deactivate xfce4-panel first-run dialog (#693569)
mkdir -p /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml
cp /etc/xdg/xfce4/panel/default.xml /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
# set up lightdm autologin
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
#sed -i 's/^#show-language-selector=.*/show-language-selector=true/' /etc/lightdm/lightdm-gtk-greeter.conf
# set Xfce as default session, otherwise login will fail
sed -i 's/^#user-session=.*/user-session=xfce/' /etc/lightdm/lightdm.conf
# Show harddisk install on the desktop # Show harddisk install on the desktop
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
mkdir /home/liveuser/Desktop mkdir /home/liveuser/Desktop
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop
# Add autostart for parcellite # and mark it as executable (new Xfce security feature)
cp /usr/share/applications/fedora-parcellite.desktop /etc/xdg/autostart chmod +x /home/liveuser/Desktop/liveinst.desktop
# this goes at the end after all other changes. # this goes at the end after all other changes.
chown -R liveuser:liveuser /home/liveuser chown -R liveuser:liveuser /home/liveuser
@ -364,4 +136,3 @@ restorecon -R /home/liveuser
EOF EOF
%end %end