Documentation: secure-slinux-server-v0.2.0dev-i586-cd-v1.iso

AUTHOR: Sebastian Faulborn

DATE: 2006/03/20

LICENSE: GPL (the software packages contained on the live cd each have their own GPLish license)

SYNOPSIS: Installation of ISO image of the Secure-SLinux installation, rescue, live and demo cd!

Table of Contents:

Download
Installation
Requirements
Booting into Secure-SLinux from cd
    Selecting the resolution and colour depth
    Selecting the keyboard
    Login
Using the live cd
    Using the mouse
    Starting the network
    Ejecting the live cd
    reboot/shutdown
    Compiling Secure-SLinux from source
    Writable directories
    Memory usage

Download:

Download the most recent ISO image from here.

Installation:

Burn the ISO image with your favored cd burning tool onto a cd.

Note:
  • It doesn't matter whether you burn the cd on Windows or Linux
  • You can use R or R/W cds
  • On some cd burning tools, you can enable "Multi-Session" - this allows
    you to append data at the end of the cd (eg. the binary archive for SSLX-Server) which
    makes a nice installation cd

    Requirements:

  • IDE cdrom/dvd drive
  • 128MB RAM (256MB min. for compiling SSLX from source, 512MB recommended)

    Secure-SLinux does not support languages which use non-latin characters.
    All documentation (man-pages, info manuals) is in English.

    Booting into Secure-SLinux from cd:

    Insert the live cd and turn on your computer.

    After a few seconds, the grub bootloader should display a menu listing
    several different display modes with which you can start Secure-SLinux.

    Selecting the resolution and colour depth

    The first entry (standard) boots into the kernels default mode which should be compatible
    with all video cards.
    The other entries (fbWIDTHxHEIGHTxDEPTH) show display modes using framebuffers. Your
    video card must be VESA 2.0 compatible to use these modes. Most video cards sold over
    the last 5 years should work.

  • For CRT Monitors with up to 17" in size we recommend a resolution of 1024x768.
  • For CRT Monitors from 19" onwards we recommend a resolution of 1280x1024.
  • For LCD Monitors (including laptops) we recommand their maximum resolution.

    Try Booting with the highest colour depth (24bit). If you get an error message that your BIOS
    does not understand the selected mode, reboot ([ctrl]+[alt]+[del]) and try 16bit or 8bit.

    Your computer should now continue the boot process and load the kernel. If you chose one of the
    framebuffer modes, you will see a coloured tux penguin at the top of your screen.

    Selecting the keyboard

    You will be asked to select your keyboard. The menu lists the names of directories and files
    found in "/usr/share/kbd/keymaps/i386". Choose the path which suites your keyboard.

    For Germany you would select "qwertz" (6) followed by "de-latin1-nodeadkeys.map.gz" (3).

    The live cd will always use the font "lat1-16" which will suite English, German and most European
    languages. Independant of your keyboard settings you should always be able to access all 26 latin
    letters and all special characters which you will need as an administrator. You may not be able to access
    all of your language's special characters, though.

    Login

    Your computer should now have finished booting into Secure-SLinux. The kernel should have found your
    network adapters and possibly your SCSI hardware (if any). You will be presented the mini-help which
    reminds you of the most important commands.

  • You can now login using the username "root" with an empty password ([return]).

    Using the live cd:

    You can always find the mini-help at "/root/Secure-SLinux-README.txt".

    Using the mouse

    The live cd should recognise most mice attached to PS2. There are still problems with USB mice.
    You can copy with the left button and paste with the center button (or right button for 2 button mice).

    If your mouse does not work and you know how to configure gpm, configure "vi /etc/sysconfig/mouse" and
    restart gpm with "/etc/rc.d/init.d/gpm restart".

    Starting the network

    By default, the live cd does not start the network. It is usually not required and you cannot assume that
    a server environment runs a DHCP server. However it is straight forward to configure the network
    manually.

    Edit "vi /etc/sysconfig/network-devices/ifconfig.eth0/ipv4" and set ONBOOT to "yes". Insert your IP, Gateway and
    Broadcast. If the netmask is not "255.255.255.0" also change the PREFIX accordingly (the prefix represents the
    number of 1's at the beginning of the netmask). There is no need to configure a DNS server - the live cd
    comes with its own DNS server.
    Now restart the network with "/etc/rc.d/init.d/network restart".

    You can test the network with "ping web.de". There is the "lynx" text web browser which can be used
    to read HTML documentation. You can download files with "wget", "ncftp" or "scp". You will have
    a lot of other network commands available.

    Iptables will automatically be set to protect you from all unauthorized connections from the outside.

    Ejecting the live cd

    Ejecting the live cd is one of the most important features. Most live cd's cannot be ejected once you
    boot from them since the linux kernel holds on to a media if there is an application running which holds
    on to a file on the media or even if the current directory points to the media.

    A lot of care was taken in making sure that the SSLX-CD can be ejected at almost any point in time. You
    will have most common commands available when you have removed the cd, but for sophisticated work or
    shutdown you should mount the cd.

  • Make sure that no command started from the cd is still running in one of the consoles
  • issue "sslx-eject-livecd"

    To mount the live cd:
  • insert the cd and close the tray
  • issue "sslx-mount-livecd"

    Mount another cdrom:
  • mount -t iso9660 [device of cdrom] /media/cdrom
    where [device of cdrom] will be "/dev/hdX" and X=a,b,c or d. If you insert the cd into the boot drive, you
    can find out the device name by entering "cat /etc/device-livecd".

    reboot/shutdown

  • make sure the live cd is mounted
  • issue "reboot" or "halt"

    The live cd will be automatically ejected.

    Compiling Secure-SLinux from source

    The live cd is an excellent choice for compiling Secure-SLinux from source.

    You must have at least 256MB RAM (512MB recommended). You also must create a swap partition on your
    harddrive (partition type 82), format it with "mkswap /dev/hdXY" and activate it with "swapon /dev/hdXY".

    Note:
  • Since the live cd has grsecurity/pax enabled, you will not be able to run the testsuites

    Writable directories

    Since a cdrom is by its very nature a read-only media, it is impossible to write to some of the directories.
    The Secure-Slinux live cd is specially tailored such that most directories can be written to. The
    read-only content in some directories is linked to a compressed squashfs image on the cdrom.

    Basically this means that you can access "/", "/root", "/etc", "/var" etc. as you would an a harddisk which
    is necessary if you want to compile Secure-SLinux from source since the compile scripts will create some
    directories and links on the root filesystem.

    Memory usage

    When you boot from the live cd, it will use about 45MB for its processes and 20MB for the compressed ramdisk.

    When you have swap enabled (such as when compiling Secure-SLinux from sources), the 20MB used by
    the ramdisk will eventually be freed and placed onto the swap partition. So the live cd does not
    consume more main memory than when you were using a harddisk based distribution.

    The time needed for compiling Secure-SLinux from the live cd will be the same as if you were using
    a harddisk based distribution since most commands used during compilation will be cached in the linux
    IO memory so that the cdrom will not be accessed most of the time.



    		•