BioSlax Discussion and Progress

From LsmWiki
Jump to: navigation, search

BioSlax Development Main Page


Important upgrade to BioSlax Howto

Security upgrade.

  1. Change bioslax to deny all remote root login
  2. create new .lzm
    1. block root login in hosts.deny
    2. allow only adminuserid@mastermachine.com and studentuserid@anymachine ssh hosts.allow
    3. create new adminuserid in /etc/passwd and /etc/shadow with secret adminuser password (protect carefully)
    4. create sudoers list to allow adminuserid (and studentuserid optional) to access root


Procedure for Creating students password

  1. Get list of student ids
  2. write expect script
  3. login to master manager server
  4. ssh-keygen
  5. cat ./.ssh/id_rsa.pub
  6. ssh-copy-id -i /fullpath/.ssh/id_rsa.pub adminuserid@mastermachine.com
  7. ssh adminuserid@remotebioslax.com 'adduser'
  8. use expect script to ssh '-e' to create user account for each studentuserid
    1. expect "new user []: "
    2. send $studentid
    3. expect "User ID ('UID') [ defaults to next available ]: "
    4. Initial group [ users ]:
    5. Or press the UP arrow to add/select/edit additional groups
    1. "Home directory [ /home/$studentid ] "
    2. Shell [ /bin/bash ]
    3. Expiry date (YYYY-MM-DD) []:
    4. ENTER to go ahead and make the account.
    5. five more ": "
    6. "New password: "
    7. "Re-enter new password: "
    8. Account setup complete. command prompt
  1. Instruct students to login their $studentuserid and change password
  2. use expect script to check that dummy password cannot log in to each of the same $studentuserid
  3. check regularly from mastermachine.com ssh adminuserid@remotebioslax.com 'command'
    1. where command = last to check last login of student
    2. where command = date to check if time is synchronized
    3. where command = df -kh to check if hd is full
    4. where command = savechanges to help student backup prior to rebooting the machine
    5. where command = cat /etc/sudoers or mdchecksum to check if it is modified
    6. where command = cat /etc/passwd to check if student added new users and monitor any hacking
    7. where command = whatever to check syslogs for any hacking attempts etc.


Initial Discussion on 13 September 2007, Thursday afternoon

1) Auto detect SLAX directory and boot from SLAX directory.

Done - SLAX will search for live.sgn and boot take data from the firstdirectory it finds with live.sgn

2) Build into the SLAX an autodetect of mounted drives and do configsave in a cronjob.

3) Auto detect if slaxconf.mo exists *anywhere* in the system and from rc.M do a configrestore if found ** may incurr overheads in boot up

Done - on boot up it will check for slaxconf.mo and give query the user if they want to insert the module. On shut down it will query if the user wants to save their changes back to the same module name.

4) Dyndns - token systems for servers that need a permanant FQDN but have dynamic IP ** servers which only need temporary FQDN can use the system we have now.

Impositions

1) Users who want to run bioslax off CD files in a directory on their hdd MUST save the CD files into a directory called "bioslax" (doesn't matter which partition or hdd, so long as the directory is called bioslax - this directory name can be discussed and changed as necessary)

Note: At the moment it is arbitary. Might be better to leave it this way.

2) Users, once having made changes to the system, MUST do "configsave" to slaxconf.mo where slaxconf.mo MUST be in the root of ANY MOUNTED PARTITON (ie : /mnt/*/slaxconf.mo).

Fixes

1) BioSLAX5181f will search for directory called "bioslax" automatically within all hdds and boot from the cd files in that directory if found. If not found it will boot from CD itself. If there is a need to repair a broken hdd install, users can boot from the cd with cheatcode :

linux from=/dev/hdX

where /dev/hdX is the CD-ROM device to force booting from the CD.

2) BioSLAX5181f on boot up will search for slaxconf.mo in the root of any mounted partition (/mnt/*/slaxconf.mo - will use the FIRST FOUND copy) and if found will auto configrestore. On shutdown it will again search for slaxconf.mo on any mounted partition (again will use the FIRST FOUND copy) and if found will do a configsave to that file automatically.

When server boots up it will automatically revert to the last state it was before it was shutdown/rebooted.

To do

1) Build into the distribution a cron job that will search for the first slaxconf.mo in any mounted partition (/mnt/*/slaxconf.mo) and if found will do a backup and configsave everyhour on the hour for a 24 hour rotation (schedule can be discussed and changed to every 3 hours, every 6 hours, etc).

2) Token DynDNS system for those who need permanant FQDNs but have dynamic IP addressed

Common boot problems

Hanging on bootup

There are several instances where hanging on boot up occurs, which could be due to a variety of reasons.

1) Hangs after finding the pcmcia cardslots

Issue at the boot command "nopcmcia", eg:

boot: linux from=/dev/sda1/slax nohotpcmcia

2) Hangs after hotplug message, detecting devices

Issue at the boot command "nohotplug", eg:

boot: linux from=/dev/sda1/slax nohotplug

Note: If the above methods fail for (1) and (2), issue at the boot command "acpi=off", eg:

boot: linux from=/dev/sda1/slax acpi=off

4) Hangs and shows "no PCI interrupts"

Issue at the boot command "irqpoll", eg:

boot: linux from=/dev/sda1/slax irqpoll


Common Wireless Card Detection

IPW2200 cards

1) Open a terminal/konsole and type lspci. For IPW2200/2100 cards lspci will show clearly that you are using that card:

Network controller: Intel Corp. PRO/Wireless 2200BG (rev 05)

In this case you will need to download the firmware from here.

Methods of inserting the firmware

Using uselivemod

1) Download the firmware from the link above and save it somewhere (thumbdrive, hard drive) 2) Click on the 'home' icon and browse to the location/folder where you downloaded and saved the ipw2200_firware_2_4.mo file 3) Double click on the ipw2200_firmware_2_4.mo file 4) Open a console and do the following:

rmmod ipw2200
modprobe ipw2200

5) Your card should be detected and active now.


Inserting the module into the modules directory

1) If you have the contents of the BioSLAX cd copied to your hard drive:

  • copy the ipw2200_firmware_2_4.mo into the modules directory
  • reboot to BioSLAX

The card will be automatically detected and active.


2) If you are still booting from the CD directly:

  • copy all the files from the CD onto your hard drive (eg: c:\bioslax)
  • copy the ipw2200_firmware_2_4.mo into the modules subdirectory (eg: c:\bioslax\modules)
  • use the make_iso.bat batch program in the directory (eg: c:\bioslax) to create a new ISO
  • burn the ISO image to a new CD.

Reboot with the new CD and your card should be automatically detected and active


Note: This shows why copying the files to the hard drive and booting from the files on the hard drive is much more effcient.


IPW3945 cards

1) Open a terminal/konsole and type lspci. For IPW3945 cards lspci will show clearly that you are using that card:

Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)

Sometimes it will not mention 3945, but you will get:

Unknown device 422x (rev 02)

The 422x usually indicates the 3945 chipset.


2) Open a terminal window and type the following:

/bin/ipw3945d

If you do a iwconfig you will see your card has been detected. Sample output is as follow:

eth1     unassociated  ESSID:off/any
         Mode:Managed  Channel=0  Access Point: 00:00:00:00:00:00
         Bit Rate=0 kb/s   Tx-Power:off
         Retry:on   RTS thr:off   Fragment thr:off
         Power Management:off
         Link Quality:0  Signal level:0  Noise level:0
         Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
         Tx excessive retries:0  Invalid misc:0   Missed beacon:0

In the konsole window type the following:

ifconfig eth1 up

This will give bring up your wireless card. You can then open the wireless management tools (eg: wlanassistant) to associate your card to a wireless access point.