#!/bin/sh # part of the gn*nix conspiracy http://gnnix.org # Copyright (C) Linus Sphinx 2004 # make the distro system directory and necessary text files gnxpaths() { mkdir -p /{bin,boot/grub,dev/{pts,shm},home,lib,mnt,proc,sys,opt} mkdir -p /{root,sbin,tmp,usr/local,var} mkdir -p /etc/{pam.d,rc.d,init.d} mkdir -p /usr/{bin,include,lib,sbin,share,src} mkdir -p /usr/local/{bin,etc,include,lib,sbin,share,src} mkdir -p /usr/share/{dict,doc,docs,locale,man,info} mkdir -p /usr/share/{nls,misc,terminfo,zoneinfo} mkdir -p /usr/share/man/man{1,2,3,4,5,6,7,8} mkdir -p /var/{gnx,lock,log,empty,mail,run,spool/{mqueue,lpd,cron/crontabs}} mkdir -p /var/{tmp,cache,lib/misc,local} # for X desktop krell mkdir -p /usr/lib/gkrellm2/plugins # eo X desktop krell ln -sf /usr/share/info /usr/info ln -sf /usr/share/man /usr/man ln -sf /usr/share/doc /usr/doc ln -sf /usr/share/docs /usr/docs ln -sf /tool/bin/{bash,cat,pwd,stty} /bin ln -sf /tool/bin/perl /usr/bin ln -sf /tool/lib/libgcc_s.so.1 /usr/lib touch /usr/share/man/man1/duh.1 touch /usr/share/info/duh.info cat > /etc/fstab << "EOF" devpts /dev/pts devpts gid=5,mode=620 0 0 proc /proc proc defaults 0 0 EOF cat > /etc/passwd << "EOF" root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: mail:x:8:12:mail:/: news:x:9:13:news:/usr/lib/news: uucp:x:10:14:uucp:/var/spool/uucppublic: sshd:x:15:15:sshd:/var/empty:/bin/false fcron:x:23:23:fcron:/dev/null:/bin/false smmsp:x:25:25:smmsp:/var/spool/clientmqueue: postfix:x:499:499:postfix:/dev/null:/bin/false nobody:x:65534:65534:nobody:/home:/bin/bash zeroinst::498:498:zero install guy:/usr/local/zero:/bin/false EOF cat > /etc/group << "EOF" root:x:0: bin:x:1: sys:x:2: kmem:x:3: tty:x:4: tape:x:5: daemon:x:6: floppy:x:7: disk:x:8: lp:x:9: dialout:x:10: audio:x:11: mail:x:12:mail news:x:13:news uucp:x:14:uucp sshd:x:15:sshd fcron:x:18:fcron postfix:x:23:postfix postdrop:x:21:postfix,root SMmsp:x:25:smmsp users:x:500: nogroup:x:65534:nobody EOF echo "/lib /usr/lib /usr/X11R6/lib /usr/lib/qt3/lib /tool/lib" > /etc/ld.so.conf ldconfig cat > /etc/nsswitch.conf << "EOF" passwd: files group: files shadow: files publickey: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: db files EOF cd /dev /gnxbuild/gnxdevs cd /etc /gnxbuild/gnxpamconf cd / cat > /etc/syslog.conf << "EOF" auth,authpriv.* -/var/log/auth.log *.*;auth,authpriv.none -/var/log/sys.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log mail.* -/var/log/mail.log user.* -/var/log/user.log *.emerg * EOF cat > /etc/xinetd.conf << "EOF" # most of this is a security leak blocked by default in gn*nix but # should you open it up and turn some of this on against our advice # we include support for tcpwrappers /etc/hosts.allow and /etc/hosts.deny # by adding NAMEINARGS to flags ie; # service telnet { flags = REUSE NAMEINARGS protocol = tcp socket_type = stream wait = no user = telnetd server = /usr/sbin/tcpd server_args = /usr/sbin/in.telnetd } # Sample configuration file for xinetd # defaults { instances = 25 log_type = FILE /var/log/servicelog log_on_success = HOST PID log_on_failure = HOST only_from = 128.138.193.0 128.138.204.0 128.138.209.0 128.138.243.0 only_from = localhost 192.231.139.0/24 disabled = tftp } # # Group 1: BSD services # Shell, login, exec, comsat, talk, ntalk service login { socket_type = stream protocol = tcp wait = no user = root server = /usr/etc/in.rlogind log_type = SYSLOG local4 info } service shell { socket_type = stream wait = no user = root instances = UNLIMITED flags = IDONLY log_on_success += USERID server = /usr/etc/in.rshd } service exec { socket_type = stream wait = no user = root server = /usr/etc/in.rexecd } service comsat { socket_type = dgram wait = yes user = nobody group = tty server = /usr/etc/in.comsat } service talk { socket_type = dgram wait = yes user = root server = /usr/etc/in.talkd } service ntalk { socket_type = dgram wait = yes user = root server = /usr/etc/in.ntalkd } # # Group 2: standard Internet services # Telnet, ftp service telnet { socket_type = stream wait = no user = root server = /usr/etc/in.telnetd bind = 127.0.0.1 log_on_failure += USERID } service telnet { socket_type = stream wait = no user = root # server = /usr/etc/in.telnetd bind = 192.231.139.175 redirect = 128.138.202.20 23 log_on_failure += USERID } service ftp { socket_type = stream wait = no user = root server = /usr/etc/in.ftpd server_args = -l instances = 4 log_on_success += DURATION USERID log_on_failure += USERID access_times = 2:00-8:59 12:00-23:59 nice = 10 } # # Group 3: other services # Tnamed serves the obsolete IEN-116 name server protocol. service name { socket_type = dgram wait = yes user = root server = /usr/etc/in.tnamed } #service uucp #{ # socket_type = stream # wait = no # user = root # server = /usr/etc/in.uucpd #} service tftp { socket_type = dgram wait = yes user = root server = /usr/etc/in.tftpd server_args = -s /tftpboot } service cvspserver { socket_type = stream protocol = tcp wait = no user = root passenv = server = /usr/bin/cvs server_args = --allow-root=/usr/local/cvsroot pserver -f } # # Group 4: information services service auth { socket_type = stream protocol = tcp wait = no user = nobody server = /usr/sbin/identd } service finger { socket_type = stream wait = no user = nobody server = /usr/etc/in.fingerd } service systat { socket_type = stream wait = no user = nobody server = /usr/bin/ps server_args = -auwwx only_from = 128.138.209.0 log_on_success = HOST } service netstat { socket_type = stream wait = no user = nobody server = /usr/ucb/netstat server_args = -f inet only_from = 128.138.209.0 log_on_success = HOST } # # Group 5: internal services # echo, time, daytime, chargen, servers, services service echo { type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no } service echo { type = INTERNAL id = echo-dgram socket_type = dgram protocol = udp user = root wait = yes } service chargen { type = INTERNAL id = chargen-stream socket_type = stream protocol = tcp user = root wait = no } service chargen { type = INTERNAL id = chargen-dgram socket_type = dgram protocol = udp user = root wait = yes } service daytime { type = INTERNAL id = daytime-stream socket_type = stream protocol = tcp user = root wait = no } service daytime { type = INTERNAL id = daytime-dgram socket_type = dgram protocol = udp user = root wait = yes } service time { type = INTERNAL id = time-stream socket_type = stream protocol = tcp user = root wait = no } service time { type = INTERNAL id = time-dgram socket_type = dgram protocol = udp user = root wait = yes } # # Group 6: RPC services service rstatd { type = RPC flags = INTERCEPT rpc_version = 2-4 socket_type = dgram protocol = udp server = /usr/etc/rpc.rstatd wait = yes user = root } service rquotad { type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/etc/rpc.rstatd } service rusersd { type = RPC rpc_version = 1-2 socket_type = dgram protocol = udp wait = yes user = root server = /usr/etc/rpc.rusersd } service sprayd { type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/etc/rpc.sprayd } service walld { type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = nobody group = tty server = /usr/etc/rpc.rwalld } # # Group 7: Security Sensors service irc { socket_type = stream wait = no user = root flags = SENSOR type = INTERNAL bind = 192.168.1.30 deny_time = 60 } EOF # fake a which command ala blfs cat > /usr/bin/which << "EOF" #!/bin/sh type -pa "$@"|head -n 1 EOF chmod 755 /usr/bin/which chown root:root /usr/bin/which echo $BUILD > /etc/gnxver } #eof