I've taken it upon myself to document my installation, configuration and operation of Slackware Linux/GNU on a Dell Latitude D620.
System Info:
Code:
beatzz@D620:~$ lscpu
Architecture: i686
CPU op-mode(s): 32-bit
Byte Order: Little Endian
CPU(s): 2
On-line CPU(s) list: 0,1
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 14
Model name: Genuine Intel(R) CPU T2300 @ 1.66GHz
Stepping: 8
CPU MHz: 1000.000
CPU max MHz: 1667.0000
CPU min MHz: 1000.0000
BogoMIPS: 3329.07
L1d cache: 32K
L1i cache: 32K
L2 cache: 2048K
NUMA node0 CPU(s): 0,1
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc arch_perfmon bts aperfmperf pni monitor est tm2 xtpr pdcm dtherm
Code:
root@D620:~# lspci
00:00.0 Host bridge: Intel Corporation Mobile 945GM/PM/GMS, 943/940GML and 945GT Express Memory Controller Hub (rev 03)
00:02.0 VGA compatible controller: Intel Corporation Mobile 945GM/GMS, 943/940GML Express Integrated Graphics Controller (rev 03)
00:02.1 Display controller: Intel Corporation Mobile 945GM/GMS/GME, 943/940GML Express Integrated Graphics Controller (rev 03)
00:1b.0 Audio device: Intel Corporation NM10/ICH7 Family High Definition Audio Controller (rev 01)
00:1c.0 PCI bridge: Intel Corporation NM10/ICH7 Family PCI Express Port 1 (rev 01)
00:1c.1 PCI bridge: Intel Corporation NM10/ICH7 Family PCI Express Port 2 (rev 01)
00:1c.2 PCI bridge: Intel Corporation NM10/ICH7 Family PCI Express Port 3 (rev 01)
00:1d.0 USB controller: Intel Corporation NM10/ICH7 Family USB UHCI Controller #1 (rev 01)
00:1d.1 USB controller: Intel Corporation NM10/ICH7 Family USB UHCI Controller #2 (rev 01)
00:1d.2 USB controller: Intel Corporation NM10/ICH7 Family USB UHCI Controller #3 (rev 01)
00:1d.3 USB controller: Intel Corporation NM10/ICH7 Family USB UHCI Controller #4 (rev 01)
00:1d.7 USB controller: Intel Corporation NM10/ICH7 Family USB2 EHCI Controller (rev 01)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev e1)
00:1f.0 ISA bridge: Intel Corporation 82801GBM (ICH7-M) LPC Interface Bridge (rev 01)
00:1f.2 IDE interface: Intel Corporation 82801GBM/GHM (ICH7-M Family) SATA Controller [IDE mode] (rev 01)
00:1f.3 SMBus: Intel Corporation NM10/ICH7 Family SMBus Controller (rev 01)
03:01.0 CardBus bridge: O2 Micro, Inc. OZ601/6912/711E0 CardBus/SmartCardBus Controller (rev 40)
09:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5752 Gigabit Ethernet PCI Express (rev 02)
0c:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG [Golan] Network Connection (rev 02)
Code:
beatzz@D620:~$ lsscsi
[2:0:0:0] disk ATA Hitachi HTS54104 C60R /dev/sda
[3:0:0:0] cd/dvd TSSTcorp DVD+-RW TS-L632D DE03 /dev/sr0
Code:
beatzz@D620:~$ uname -r
4.4.38-smp
Pre-Installation:
Code:
root@kali:~# shred -vfzn1 /dev/sda
Installation:
Using a pre-installed KALI linux Live USB, I downloaded the slackware-14.2-install-dvd.iso and the corrosponding asc, md5, and txt files.
Code:
root@kali:~# wget http://mirrors.slackware.com/slackware/slackware-iso/slackware-14.2-iso/slackware-14.2-install-dvd.iso*
Checked the md5.
Code:
root@kali:~# md5sum slackware-14.2-install-dvd.iso
Then burnt the .iso to a secondary USB flash drive.
Code:
root@kali:~# dd bs=4M if=slackware14.2-install-dvd.iso of=/dev/sdc
Once that was finished, I sent the system down for a reboot.
Code:
root@kali:~# shutdown -r now
After removing the KALI Linux USB, and ordering BIOS to boot off USB HD, the Slackware 14.2 Installation began. First order of business, formatting the disk.
Code:
root@slackware:~# cfdisk /dev/sda
/etc/fstab:
Code:
/dev/sda1 swap swap defaults 0 0
/dev/sda2 / ext4 defaults 1 1
/dev/sda3 /home ext4 defaults 1 2
#/dev/cdrom /mnt/cdrom auto noauto,owner,ro,comment=x-gvfs-show 0 0
/dev/fd0 /mnt/floppy auto noauto,owner 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
proc /proc proc defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
Code:
beatzz@D620:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 37.3G 0 disk
|-sda1 8:1 0 1G 0 part [SWAP]
|-sda2 8:2 0 26.3G 0 part /
`-sda3 8:3 0 10G 0 part /home
sr0 11:0 1 1024M 0 rom
After all that was done I ran setup, went with the defaults where ever possible.
Code:
root@slackware:~# setup
After having been prompted for a reboot, I proceeded to user management.
Code:
root@D620:~# adduser beatzz
I then installed wicd to handle my wifi.
Code:
root@D620:~# installpkg /mnt/dvd/slackware-14.2/extra/wicd/wicd*.txz
Then, added beatzz to the Group 'netdev' to access wifi.
Code:
root@D620:~# usermod -aG netdev beatzz
At this point, the system is now online. I immediately go Alien BOB's Easy Firewall Generator.
http://www.slackware.com/~alien/efg/ and generate a rc.firewall which allows ssh, irc, http, httpd, ftp, and ts3 traffic, and denies everything else. Then apply executable permission, and start the script.
Code:
root@D620:~# chmod +x /etc/rc.d/rc.firewall && /etc/rc.d/rc.firewall start
Updating Slackware:
via slackpkg by first selecting a mirror within /etc/slackpkg/mirrors
Code:
root@D620:~# pico /etc/slackpkg/mirrors
Code:
root@D620:~# slackpkg update
root@D620:~# slackpkg install-new
root@D620:~# slackpkg upgrade-all
With Slackware installed, -current, online, and operational, I decided to clean up the boot process a little bit. First by trimming down the timer on lilo from 30 to 3 seconds (Who needs 30 seconds to select a damn kernel? Not this guy....)
Code:
root@D620:~# pico /etc/lilo.conf
# Timeout before the first entry boots.
# This is given in tenths of a second, so 600 for every minute:
timeout = 30
After that, I decided to kill that annoying DHCP broadcast on eth0 during boot. So I edited /etc/rc.d/rc.inet1.conf also while I was there I allowed inetd to handle vsftpd.
Code:
root@D620:~# pico /etc/rc.d/rc.inet1.conf
# Config information for eth0:
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]="" //removed the "yes"
DHCP_HOSTNAME[0]=""
# Very Secure File Transfer Protocol (FTP) server.
ftp stream tcp nowait root /usr/sbin/tcpd vsftpd
Then I decided to compile the running modules into a custom kernel...
Code:
root@d620:~# zcat /proc/config.gz > /usr/src/linux/.config
root@D620:/usr/src/linux# make menuconfig
root@D620:/usr/src/linux# make bzImage modules
root@D620:/usr/src/linux# make modules_install
root@D620:/usr/src/linux# cp arch/x86/boot/bzImage /boot/vmlinuz-custom-4.4.38
root@D620:/usr/src/linux# cp System.map /boot/System.map-custom-4.4.38
root@D620:/usr/src/linux# cp .config /boot/config-custom-4.4.38
re-ran lilo
Printing:
Code:
chmod +x /etc/rc.d/rc.cups
/etc/rc.d/rc.cups start
In FireFox, I went to localhost:631 and used the CUPS WebClient to Add Printer, I selected the LDP/LDR Protocol, and the most appropriate driver (MG2900 driver) for my printer ( Canon MG3022). Works great.
3rd Party Software:
Code:
root@D620:~# wget -v https://github.com/sbopkg/sbopkg/releases/download/0.38.1/sbopkg*.tgz
Code:
root@D620:~# installpkg sbopkg*.tgz
synced and used sbopkg to install a selection of software I enjoy including, aircrack-ng, macchanger, john, reaver, tor-browser, volumeicon (for xfce4), and TeamSpeak3. I also installed ts3server from
https://www.teamspeak.com/downloads
Service configuration:
Created executable files rc.ts3d & rc.vsftpd in /etc/rc.d/ for start and stop purposes.
Code:
root@D620:~# touch /etc/rc.d/rc.ts3d && touch /etc/rc.d/rc.vsftpd
made sure sshd and httpd, vsftpd, and ts3d were all executable.
Code:
root@D620:~# chmod +x /etc/rc.d/rc.sshd &&
chmod +x /etc/rc.d/rc.httpd &&
chmod +x /etc/rc.d/rc.vsftpd &&
chmod +x /etc/rc.d/rc.ts3d
My vsftpd.conf, which allows anonymous ftp connections, jailed to /home/ftp/, permissions read-only, local users allowed to connect unjailed, but only permissions read, write, and execute in their respective /home/ directories.
Code:
# Config file /etc/vsftpd.conf
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
nopriv_user=ftp
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to beatzz FTP service!
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode (rather
# than from inetd) and listens on IPv4 sockets. To use vsftpd in standalone
# mode rather than with inetd, change the line below to 'listen=YES'
# This directive cannot be used in conjunction with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
#
# The seccomp sandbox feature adds an additional layer of security, but has
# been known to cause various problems depending on the kernel version.
# Problems may include kernel audit warnings in the system logs, or even
# failure to get a directory listing (or do much of anything in directories
# with enough files to trigger the issue).
# If you see errors like "OOPS: priv_sock_get_cmd" make sure this option is
# set to NO. We'll set it to NO by default since we want a reliable ftpd.
seccomp_sandbox=NO
My /etc/rc.d/rc.local & rc.local_shutdown to start/stop my Teamspeak3 server & FTP server.
Code:
#!/bin/sh
#
# /etc/rc.d/rc.local: Local system initialization script.
#
# Start the TeamSpeak3 server...
if [ -x /etc/rc.d/rc.ts3d ]; then
/opt/ts3server/ts3server_startscript.sh start
fi
# Start the FTP server...
if [ -x /etc/rc.d/rc.vsftpd ]; then
vsftpd &
echo "vsftpd has been started..."
fi
Code:
#!/bin/sh
#
# /etc/rc.d/rc.local_shutdown: Local system shutdown script.
#
# Stop the TeamSpeak3 server...
if [ -x /etc/rc.d/rc.ts3d ]; then
/opt/ts3server/ts3server_startscript.sh stop
fi
# Stop the FTP server...
if [ -x /etc/rc.d/rc.vsftpd ]; then
pkill vsftpd
echo "vsftpd has been stopped..."
fi
ts3server requires a tmpfs to make sure your not running more than one instance w/o paying for it, so...
Code:
root@D620:~# mount -t tmpfs tmpfs /dev/shm
A quick port scan on localhost
Code:
beatzz@D620:~$ nmap localhost
Starting Nmap 7.12 ( https://nmap.org ) at 2017-01-06 23:56 PST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000027s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
113/tcp open ident
631/tcp open ipp
Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
And a look at the results from top...
Code:
top - 16:38:28 up 1:11, 2 users, load average: 1.64, 1.08, 0.91
Tasks: 189 total, 1 running, 188 sleeping, 0 stopped, 0 zombie
%Cpu(s): 13.7 us, 2.9 sy, 0.0 ni, 80.5 id, 2.4 wa, 0.0 hi, 0.5 si, 0.0 st
KiB Mem : 1009360 total, 122488 free, 539960 used, 346912 buff/cache
KiB Swap: 1048572 total, 850884 free, 197688 used. 211560 avail Mem
Then I just configured irssi, hexchat, firefox, and added /usr/bin/volumeicon and /usr/bin/xfce4-session to the Applications > Settings > Session and Startup > Application Autostart. I also downloaded a shit ton of awesome Slackware wallpapers and have them cycling every hour on my desktop.
Finally, I stay up to date by subscribing to the slackware-security mailing list, following the instructions found on this page >
http://www.slackware.com/lists/ and by running
Code:
root@D620:~#sbopkg -c
I update packages as I see fit to do so.
I want to thank everyone who has helped me get this far, much love to all the locals in ##slackware on irc.freenode.net I wouldn't have gotten this far without you. And of course the man who introduced me to Slackware/Linux in 2003 MrFezzyWig.