OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[owl-users] Rescue BootCD (testing is needed)

From: GalaxyMaster (galaxyopenwall.com)
Date: Wed Jul 02 2008 - 11:47:12 CDT

Hello,

I'd like to announce availability of the following Boot CD-ROM ISO image
- Openwall Rescue BootCD (NOTE: although I've used 'Openwall' this image
is still my personal experimental project and isn't an official ISO
image).

=== a testing request ===
If possible, please download the ISO image, burn it to CD/DVD, and try
to boot from it. The expected result is that at least one network
interface (beside lo) is up and running and has 192.168.255.*/30
assigned to it. I would greatly appreciate both positive and negative
attempt reports (please mention CPU, CD/DVD drive type, network
interface type and manufacturer). And please submit your reports to me
privately (at galaxy-at-openwall.com) to not abuse this list
subscribers.
=== end of request ===

This Rescue BootCD could be used to startup a wide range of hardware
that can't be initialized by the official Owl ISO images. But the main
purpose of this BootCD is to provide easy-to-use BootCD for remote
installations or server rescue operations.

The ISO image for Rescue BootCD is located at the following URL:

ftp://ftp.ru.openwall.com/pvt/galaxy/private/rescue-cd/rescue-20080701.iso

The md5sum checksum of the above image can be downloaded at the
following URL:

ftp://ftp.ru.openwall.com/pvt/galaxy/private/rescue-cd/rescue-20080701.iso.md5sum

This ISO is using ISOLINUX bootloader, kernel 2.6.25.9, initramfs, busybox, and
OpenSSH daemon. The ISO image is dual-boot 32-bit/64-bit with 32-bit
kernel/userspace set as the default option to boot.

The following is a short description of the default boot process used in
startup script on this image:

1. startup the selected kernel (or the default one);

2. prepare the Early User Space filesystem (initramfs);

3. initialize the USB subsystem (to be able to detect USB network adapters);

4. probe for all network modules (modprobe -a -t drivers/net \*);

5. configure the found interfaces with predefined addresses
   (192.168.255.n/30, where n is 1+(ethX*4), e.g. for eth2 the assigned
   address will be 192.168.255.(1+(2*4))/30 => 192.168.255.9/30);

6. launch OpenSSH daemon listening on all interfaces.

At this stage the user is given shell access and can load other
necessary modules like SATA/SCSI controllers, etc.

It should be noted that by default (since this image is intended to be
used for Openwall provided remote installations
[See: http://openwall.com/services/]) the system is preconfigured to
grant root access to Openwall technical support (this is done by placing
Openwall keys to /root/.ssh/authorized_keys).

If you want to disable this functionality you need to add the following
kernel parameter to the kernel: no-default-key .

It's possible to specify an alternative SSH public key by using the
'remote-key=URL' kernel parameter, where URL is a path to an SSH key
located somewhere in the network. The Rescue CD will try to retrieve
the content of the specified URL and will append it to
/root/.ssh/authorized_keys . This functionality is not tested and
requires further enhancements. For instance, the URL is limited to
[http|ftp]://192.168.255.*/... only due to the way the network
interfaces are configured.

Oh, re: network interfaces -- it's also possible to specify custom set
of addresses which will be assigned to interfaces with the
'network=LIST' kernel boot parameter, where LIST is a comma separated
list of addresses recognized by the ip utility from iproute2. For
example, the following will assign 192.168.0.1/24 to eth0 and
172.16.1.1/24 to eth1:

network=192.168.0.1/24,172.16.1.1/24

Any testing/feedback is much appreciated! Thanks!

--
(GM)

--
To unsubscribe, e-mail owl-users-unsubscribelists.openwall.com and reply
to the automated confirmation request that will be sent to you.