Fedora 8 Live DVD Security?!?!?!

zcrxsir88 · 02-23-2008, 02:04 PM

All,

I'm looking at creating a Fedora 8 LiveCD, but i need to lock it down as much as possible. Basically all I want to have installed is Gnome (stripped of all the extras, no Firefox, Openoffice, etc).

I will be using LiveCD-Creator for this project. I tried using Revisor, but it hasn't been working well.

I have been told that you cannot crack open the ISO after creation. Is this true? I was thinking about building the ISO slimmed down as much as possible and then modifying the config files within the ISO after creation for better security.

Does anyone have any recommended kickstart configs?

Thanks in advance!

b0uncer · 02-24-2008, 01:54 PM

If you want it secure, why pick up Fedora? Or the other way around, why not making it from ground up, so you know exactly what is taken in and what left out?

Check out linuxfromscratch.org => LFS, and the others.

Not sure what you mean by "crack open the ISO after creation"; the file can be mounted and read, as long as it's not encrypted (and even then, with enough time it's theoretically possible), and an image can be made of a ready ISO, modified and re-burnt. So I don't see how you could possibly lock something down that can be read

the same thing as with copyright-protected audio CDs for example..none of the things actually worked like intended, mostly just annoyed the non-criminal-minded customers.

zcrxsir88 · 02-24-2008, 08:25 PM

What I mean by "cracking open the ISO" is to use one of the ISO tools to open it up, modify the config files so that when it boots up it's in the most secure possible configuration.

win32sux · 02-24-2008, 10:56 PM

Quote:

Originally Posted by zcrxsir88

What I mean by "cracking open the ISO" is to use one of the ISO tools to open it up, modify the config files so that when it boots up it's in the most secure possible configuration.

Basically you mount the ISO, copy the contents, modify them, then make a new ISO. Example:

Code:

mount -t iso9660 -o loop livecd.iso /mnt/cdrom
cp -a /mnt/cdrom/* /tmp/whatever
# (Now make your edits in /tmp/whatever.)
cd /tmp/whatever
mkisofs -o /tmp/customlivecd.iso \
-R -J -V "My CD" -hide-rr-moved -v -d -N -no-emul-boot -boot-load-size 4 -boot-info-table \
-sort isolinux/iso.sort -b isolinux/isolinux.bin -c isolinux/isolinux.boot -A "My CD" .

zcrxsir88 · 02-24-2008, 11:20 PM

Thanks for the post. Has anyone had any luck actually breaking one of those ISO's open and modifying them? I was told that there is some problems with doing it. He said he tried, but ran into some sort of compression that is used in the disc and couldn't get it to boot properly again. (This was an ISO created with the Livecd-creator utility)

win32sux · 02-25-2008, 12:57 AM

Quote:

Originally Posted by zcrxsir88

Thanks for the post. Has anyone had any luck actually breaking one of those ISO's open and modifying them? I was told that there is some problems with doing it. He said he tried, but ran into some sort of compression that is used in the disc and couldn't get it to boot properly again. (This was an ISO created with the Livecd-creator utility)

I do it all the time. I am not familiar with Fedora, but pretty much all live CDs use either Cramfs or Squashfs for their root filesystem image. All this does is add an additional step before you start modifying. Basically, once you've mounted/copied the ISO image contents, you mount the Cramfs/Squashfs image and then proceed in a similar fashion (copy the contents, modify them, then re-create the Cramfs/Squashfs image when you're done, before sticking it back in your /tmp/whatever directory in order to then create the ISO image.

zcrxsir88 · 02-25-2008, 11:15 AM

That is probably what he was talking about. I'll have to look into properly doing all that.

Thanks.