tools-hardened/desktop: initial commit of hardened amd64 desktop
This is a revamping of the TinHat build, see http://opensource.dyc.edu/tinhat Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
This commit is contained in:
parent
1c585a9f2b
commit
b80e4e5ff8
23
tools-hardened/desktop/README
Normal file
23
tools-hardened/desktop/README
Normal file
|
@ -0,0 +1,23 @@
|
|||
Kernel Requirements:
|
||||
====================
|
||||
|
||||
On the host system, these two packages need to be installed:
|
||||
|
||||
* sys-kernel/hardened-sources-3.13.5
|
||||
* sys-kernel/linux-firmware-20131230
|
||||
|
||||
To run:
|
||||
=======
|
||||
|
||||
Execute ./<DM>-run.sh
|
||||
|
||||
Where <DM> is a desktop manager of three flavors of choice:
|
||||
|
||||
* Fluxbox
|
||||
* Gnome3
|
||||
* Xfce4
|
||||
|
||||
When your ISO is built, you can clean up by removing the th-<ARCH>-<DM>/
|
||||
directory as it is no longer needed.
|
||||
|
||||
Enjoy! ;)
|
9
tools-hardened/desktop/configs/ABOUT.html
Normal file
9
tools-hardened/desktop/configs/ABOUT.html
Normal file
|
@ -0,0 +1,9 @@
|
|||
<HTML>
|
||||
<HEAD>
|
||||
<TITLE>Welcome to Tin Hat Linux</TITLE>
|
||||
<META HTTP-EQUIV="refresh" content="10;URL=http://opensource.dyc.edu/tinhat">
|
||||
</HEAD>
|
||||
<BODY>
|
||||
Redirecting to <A HREF="http://opensource.dyc.edu/tinhat">http://opensource.dyc.edu/tinhat</A> in 10 seconds ...
|
||||
</BODY>
|
||||
</HTML>
|
6
tools-hardened/desktop/configs/busybox.txt
Normal file
6
tools-hardened/desktop/configs/busybox.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
|
||||
"busybox" version 1.7.4, statically compiled against uClibc
|
||||
To obtain its configuration, run ./busybox bbconfig
|
||||
|
||||
8d9b173bfb62795922c1ed4a314b401f busybox
|
||||
|
44
tools-hardened/desktop/configs/init
Normal file
44
tools-hardened/desktop/configs/init
Normal file
|
@ -0,0 +1,44 @@
|
|||
#!/bin/sh
|
||||
|
||||
/bin/mount -t proc proc /proc
|
||||
/bin/mount -t sysfs sysfs /sys
|
||||
/bin/mount -o remount,rw /
|
||||
|
||||
/bin/mknod /dev/null c 1 3
|
||||
/bin/mknod /dev/tty c 5 0
|
||||
|
||||
echo
|
||||
echo "Waiting for slow devices ... "
|
||||
echo
|
||||
|
||||
sleep 10
|
||||
|
||||
mdev -s
|
||||
|
||||
FOUND=''
|
||||
for CDROM in hda hdb hdc hdd sr0 sr1 sr2 sr3 sda1 sdb1 sdc1 sdd1 sde1 sdf1 sdg1
|
||||
do
|
||||
if [ "x$FOUND" == "x" ]
|
||||
then
|
||||
/bin/mount /dev/${CDROM} /mnt/cdrom
|
||||
[ -f /mnt/cdrom/tinroot ] && FOUND=$CDROM || /bin/umount /dev/${CDROM}
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "x$FOUND" == "x" ]
|
||||
then
|
||||
echo "Boot device not found, very confusing"
|
||||
echo "Dropping to shell"
|
||||
exec /bin/sh
|
||||
fi
|
||||
|
||||
/bin/mount -o loop -t squashfs /mnt/cdrom/tinroot /mnt/squashfs
|
||||
/bin/mount -o size=6g,nr_inodes=2m,mode=755 -t tmpfs none /mnt/tmpfs
|
||||
/bin/cp -a /mnt/squashfs/* /mnt/tmpfs/
|
||||
|
||||
/bin/umount /mnt/squashfs
|
||||
/bin/umount /mnt/cdrom
|
||||
/bin/umount /sys
|
||||
/bin/umount /proc
|
||||
|
||||
exec /sbin/switch_root /mnt/tmpfs /usr/lib/systemd/systemd
|
44
tools-hardened/desktop/configs/init.1
Normal file
44
tools-hardened/desktop/configs/init.1
Normal file
|
@ -0,0 +1,44 @@
|
|||
#!/bin/sh
|
||||
|
||||
/bin/mount -t proc proc /proc
|
||||
/bin/mount -t sysfs sysfs /sys
|
||||
/bin/mount -o remount,rw /
|
||||
|
||||
/bin/mknod /dev/null c 1 3
|
||||
/bin/mknod /dev/tty c 5 0
|
||||
|
||||
echo
|
||||
echo "Waiting for slow devices ... "
|
||||
echo
|
||||
|
||||
sleep 10
|
||||
|
||||
mdev -s
|
||||
|
||||
FOUND=''
|
||||
for CDROM in hda hdb hdc hdd sr0 sr1 sr2 sr3 sda1 sdb1 sdc1 sdd1 sde1 sdf1 sdg1
|
||||
do
|
||||
if [ "x$FOUND" == "x" ]
|
||||
then
|
||||
/bin/mount /dev/${CDROM} /mnt/cdrom
|
||||
[ -f /mnt/cdrom/tinroot ] && FOUND=$CDROM || /bin/umount /dev/${CDROM}
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "x$FOUND" == "x" ]
|
||||
then
|
||||
echo "Boot device not found, very confusing"
|
||||
echo "Dropping to shell"
|
||||
exec /bin/sh
|
||||
fi
|
||||
|
||||
/bin/mount -o loop -t squashfs /mnt/cdrom/tinroot /mnt/squashfs
|
||||
/bin/mount -o size=3g,nr_inodes=1m,mode=755 -t tmpfs none /mnt/tmpfs
|
||||
/bin/cp -a /mnt/squashfs/* /mnt/tmpfs/
|
||||
|
||||
/bin/umount /mnt/squashfs
|
||||
/bin/umount /mnt/cdrom
|
||||
/bin/umount /sys
|
||||
/bin/umount /proc
|
||||
|
||||
exec /sbin/switch_root /mnt/tmpfs /sbin/init
|
44
tools-hardened/desktop/configs/init.2
Normal file
44
tools-hardened/desktop/configs/init.2
Normal file
|
@ -0,0 +1,44 @@
|
|||
#!/bin/sh
|
||||
|
||||
/bin/mount -t proc proc /proc
|
||||
/bin/mount -t sysfs sysfs /sys
|
||||
/bin/mount -o remount,rw /
|
||||
|
||||
/bin/mknod /dev/null c 1 3
|
||||
/bin/mknod /dev/tty c 5 0
|
||||
|
||||
echo
|
||||
echo "Waiting for slow devices ... "
|
||||
echo
|
||||
|
||||
sleep 10
|
||||
|
||||
mdev -s
|
||||
|
||||
FOUND=''
|
||||
for CDROM in hda hdb hdc hdd sr0 sr1 sr2 sr3 sda1 sdb1 sdc1 sdd1 sde1 sdf1 sdg1
|
||||
do
|
||||
if [ "x$FOUND" == "x" ]
|
||||
then
|
||||
/bin/mount /dev/${CDROM} /mnt/cdrom
|
||||
[ -f /mnt/cdrom/tinroot ] && FOUND=$CDROM || /bin/umount /dev/${CDROM}
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "x$FOUND" == "x" ]
|
||||
then
|
||||
echo "Boot device not found, very confusing"
|
||||
echo "Dropping to shell"
|
||||
exec /bin/sh
|
||||
fi
|
||||
|
||||
/bin/mount -o loop -t squashfs /mnt/cdrom/tinroot /mnt/squashfs
|
||||
/bin/mount -o size=4g,nr_inodes=1m,mode=755 -t tmpfs none /mnt/tmpfs
|
||||
/bin/cp -a /mnt/squashfs/* /mnt/tmpfs/
|
||||
|
||||
/bin/umount /mnt/squashfs
|
||||
/bin/umount /mnt/cdrom
|
||||
/bin/umount /sys
|
||||
/bin/umount /proc
|
||||
|
||||
exec /sbin/switch_root /mnt/tmpfs /sbin/init
|
9046
tools-hardened/desktop/configs/loop-AES-kernel-3.10.patch
Normal file
9046
tools-hardened/desktop/configs/loop-AES-kernel-3.10.patch
Normal file
File diff suppressed because it is too large
Load diff
4
tools-hardened/desktop/configs/menu.lst
Normal file
4
tools-hardened/desktop/configs/menu.lst
Normal file
|
@ -0,0 +1,4 @@
|
|||
timeout 10
|
||||
title TinHat
|
||||
kernel /boot/tinhat
|
||||
initrd /boot/tinhat.igz
|
5
tools-hardened/desktop/configs/syslinux.cfg
Normal file
5
tools-hardened/desktop/configs/syslinux.cfg
Normal file
|
@ -0,0 +1,5 @@
|
|||
default TinHat
|
||||
timeout 1
|
||||
label TinHat
|
||||
kernel tinhat
|
||||
append initrd=tinhat.igz
|
3211
tools-hardened/desktop/files/3.13.5-hardened.config
Normal file
3211
tools-hardened/desktop/files/3.13.5-hardened.config
Normal file
File diff suppressed because one or more lines are too long
2854
tools-hardened/desktop/files/3.7.5-hardened.config
Normal file
2854
tools-hardened/desktop/files/3.7.5-hardened.config
Normal file
File diff suppressed because it is too large
Load diff
71
tools-hardened/desktop/files/Encrypt/howto-loop-aes.txt
Normal file
71
tools-hardened/desktop/files/Encrypt/howto-loop-aes.txt
Normal file
|
@ -0,0 +1,71 @@
|
|||
|
||||
- First make the key file. To make things easy, I've given you a script. Just run
|
||||
|
||||
./mkkey.sh
|
||||
|
||||
to generate key.gpg This file contains 65 random keys in an ascii armored gpg
|
||||
file. (See the reference below for details.)
|
||||
|
||||
If this is slow, do some work. (It depends on /dev/random which blocks on system entropy.)
|
||||
|
||||
Put it somewhere. A USB stick is good. You can't put it on the filesystem since
|
||||
it lives only in RAM. Once you reboot, poof! and no more access to your data.
|
||||
|
||||
You have been warned!
|
||||
You have been warned!
|
||||
You have been warned!
|
||||
|
||||
|
||||
- Fill your drive with random data. Replace sda with your device.
|
||||
|
||||
head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 | losetup -p 0 -e AES256 /dev/loop3 /dev/sda
|
||||
dd if=/dev/zero of=/dev/loop3 bs=4k conv=notrunc 2>/dev/null
|
||||
losetup -d /dev/loop3
|
||||
|
||||
|
||||
- Add the following line to /etc/fstab
|
||||
|
||||
/dev/sda /mnt/mpoint ext3 defaults,noauto,loop=/dev/loop3,encryption=AES256,gpgkey=/path/to/key.gpg 0 0
|
||||
|
||||
Change /mnt/mpoint to whatever mount point you like. Change /path/to to
|
||||
wherever your key lives.
|
||||
|
||||
NOTE: We are using the entire drive as one partition.
|
||||
|
||||
|
||||
- Lay down a filesystem on your encrypted partition:
|
||||
|
||||
losetup -F /dev/loop3
|
||||
mke2fs -j /dev/loop3
|
||||
losetup -d /dev/loop3
|
||||
|
||||
|
||||
- Mount the partition:
|
||||
|
||||
mount /mnt/mpoint
|
||||
|
||||
You may now use that filesystem as usual.
|
||||
|
||||
|
||||
- Umount the parition:
|
||||
|
||||
umount /mnt/mpoint
|
||||
|
||||
|
||||
- Every so often, you should do an fsck on the filesystem. Make sure its
|
||||
unmount, and then:
|
||||
|
||||
losetup -F /dev/loop3
|
||||
fsck -f -y /dev/loop3
|
||||
losetup -d /dev/loop3
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
REFERENCE: This howto derived from section 7.2 of
|
||||
|
||||
http://loop-aes.sourceforge.net/loop-AES.README
|
||||
|
||||
See that howto for more information on the loop-aes patch.
|
||||
|
||||
|
||||
|
4
tools-hardened/desktop/files/Encrypt/mkkey.sh
Normal file
4
tools-hardened/desktop/files/Encrypt/mkkey.sh
Normal file
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
eval 'gpg-agent --daemon --use-standard-socket'
|
||||
head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 | gpg --symmetric -a > key.gpg
|
||||
|
6
tools-hardened/desktop/files/Save/clean-docs.sh
Normal file
6
tools-hardened/desktop/files/Save/clean-docs.sh
Normal file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
rm -rf /usr/share/doc/*
|
||||
rm -rf /usr/share/gnome/help/*
|
||||
rm -rf /usr/share/gtk-doc/*
|
||||
|
58
tools-hardened/desktop/files/Save/clean.sh
Normal file
58
tools-hardened/desktop/files/Save/clean.sh
Normal file
|
@ -0,0 +1,58 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
rm -rf /root/.ssh
|
||||
rm -f /root/.bash_history /root/.lesshst /root/.recently-used.xbel /root/.recently-used.xbel /root/.viminfo
|
||||
|
||||
rm -f /etc/ssh/ssh_host_*
|
||||
|
||||
rm -f /etc/udev/rules.d/70-persistent-cd.rules /etc/udev/rules.d/70-persistent-net.rules
|
||||
|
||||
rm -f /var/lib/dhcpcd-eth*
|
||||
rm -f /var/lib/dhcpcd/*
|
||||
|
||||
|
||||
>/var/log/everything/current
|
||||
rm -f /var/log/everything/log*
|
||||
|
||||
>/var/log/critical/current
|
||||
rm -f /var/log/critical/log*
|
||||
|
||||
>/var/log/cron/current
|
||||
rm -f /var/log/cron/log*
|
||||
|
||||
>/var/log/mail/current
|
||||
rm -f /var/log/mail/log*
|
||||
|
||||
>/var/log/pm-powersave.log
|
||||
rm -f /var/log/pm-powersave/log*
|
||||
|
||||
>/var/log/pwdfail/current
|
||||
rm -f /var/log/pwdfail/log*
|
||||
|
||||
>/var/log/tallylog
|
||||
|
||||
>/var/log/sshd/current
|
||||
rm -f /var/log/sshd/log*
|
||||
|
||||
>/var/log/kernel/current
|
||||
rm -f /var/log/kernel/log*
|
||||
|
||||
>/var/log/gdm/:0.log
|
||||
rm -f /var/log/gdm/:0.log.*
|
||||
|
||||
>/var/log/Xorg.0.log
|
||||
rm -f /var/log/Xorg.0.log.old
|
||||
|
||||
>/var/log/dmesg
|
||||
>/var/log/emerge.log
|
||||
>/var/log/emerge-fetch.log
|
||||
>/var/log/faillog
|
||||
>/var/log/genkernel.log
|
||||
>/var/log/lastlog
|
||||
>/var/log/wtmp
|
||||
>/var/log/portage/elog/summary.log
|
||||
>/var/log/ConsoleKit/history
|
||||
|
||||
find /var/log/ -size +1c -type f
|
||||
|
10
tools-hardened/desktop/files/Save/configs/ABOUT.html
Normal file
10
tools-hardened/desktop/files/Save/configs/ABOUT.html
Normal file
|
@ -0,0 +1,10 @@
|
|||
<HTML>
|
||||
<HEAD>
|
||||
<TITLE>Welcome to Tin Hat Linux</TITLE>
|
||||
<META HTTP-EQUIV="refresh" content="10;URL=http://opensource.dyc.edu/tinhat">
|
||||
</HEAD>
|
||||
<BODY>
|
||||
Redirecting to <A HREF="http://opensource.dyc.edu/tinhat">http://opensource.dyc.edu/tinhat</A> in 10 seconds ...
|
||||
</BODY>
|
||||
</HTML>
|
||||
|
45
tools-hardened/desktop/files/Save/configs/init
Normal file
45
tools-hardened/desktop/files/Save/configs/init
Normal file
|
@ -0,0 +1,45 @@
|
|||
#!/bin/sh
|
||||
|
||||
/bin/mount -t proc proc /proc
|
||||
/bin/mount -t sysfs sysfs /sys
|
||||
/bin/mount -o remount,rw /
|
||||
|
||||
/bin/mknod /dev/null c 1 3
|
||||
/bin/mknod /dev/tty c 5 0
|
||||
|
||||
echo
|
||||
echo "Waiting for slow devices ... "
|
||||
echo
|
||||
|
||||
sleep 10
|
||||
|
||||
mdev -s
|
||||
|
||||
FOUND=''
|
||||
for CDROM in hda hdb hdc hdd sr0 sr1 sr2 sr3 sda1 sdb1 sdc1 sdd1 sde1 sdf1 sdg1
|
||||
do
|
||||
if [ "x$FOUND" == "x" ]
|
||||
then
|
||||
/bin/mount /dev/${CDROM} /mnt/cdrom
|
||||
[ -f /mnt/cdrom/tinroot ] && FOUND=$CDROM || /bin/umount /dev/${CDROM}
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "x$FOUND" == "x" ]
|
||||
then
|
||||
echo "Boot device not found, very confusing"
|
||||
echo "Dropping to shell"
|
||||
exec /bin/sh
|
||||
fi
|
||||
|
||||
/bin/mount -o loop -t squashfs /mnt/cdrom/tinroot /mnt/squashfs
|
||||
/bin/mount -o size=3400m,nr_inodes=1m,mode=755 -t tmpfs none /mnt/tmpfs
|
||||
/bin/cp -a /mnt/squashfs/* /mnt/tmpfs/
|
||||
|
||||
/bin/umount /mnt/squashfs
|
||||
/bin/umount /mnt/cdrom
|
||||
/bin/umount /sys
|
||||
/bin/umount /proc
|
||||
|
||||
exec /sbin/switch_root /mnt/tmpfs /sbin/init
|
||||
|
2404
tools-hardened/desktop/files/Save/configs/kernel-3.3.8.config
Normal file
2404
tools-hardened/desktop/files/Save/configs/kernel-3.3.8.config
Normal file
File diff suppressed because it is too large
Load diff
4
tools-hardened/desktop/files/Save/configs/menu.lst
Normal file
4
tools-hardened/desktop/files/Save/configs/menu.lst
Normal file
|
@ -0,0 +1,4 @@
|
|||
timeout 10
|
||||
title TinHat
|
||||
kernel /boot/tinhat
|
||||
initrd /boot/tinhat.igz
|
6
tools-hardened/desktop/files/Save/configs/syslinux.cfg
Normal file
6
tools-hardened/desktop/files/Save/configs/syslinux.cfg
Normal file
|
@ -0,0 +1,6 @@
|
|||
default TinHat
|
||||
timeout 1
|
||||
label TinHat
|
||||
kernel tinhat
|
||||
append initrd=tinhat.igz
|
||||
|
32
tools-hardened/desktop/files/Save/howto-save.txt
Normal file
32
tools-hardened/desktop/files/Save/howto-save.txt
Normal file
|
@ -0,0 +1,32 @@
|
|||
1. To save your running Tin Hat system, first prepare a working directory:
|
||||
|
||||
sudo su -
|
||||
cd ~
|
||||
cp -a ~thuser/Save .
|
||||
cd Save
|
||||
chmod 755 *.sh
|
||||
|
||||
|
||||
2. If you want to clean out logs, ssh keys, udev persistent rules (eg. for a
|
||||
prestine release), then
|
||||
|
||||
./clean.sh
|
||||
|
||||
|
||||
3. If you want information about your release, then
|
||||
|
||||
./info.sh
|
||||
|
||||
|
||||
4. To make the ISO, do
|
||||
|
||||
./make.sh
|
||||
|
||||
|
||||
5. After having made the ISO, you can optionally transfer the image to a pen drive
|
||||
using
|
||||
|
||||
./iso2usb.sh
|
||||
|
||||
|
||||
|
11
tools-hardened/desktop/files/Save/info.sh
Normal file
11
tools-hardened/desktop/files/Save/info.sh
Normal file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash
|
||||
|
||||
[ $(uname -m) == "x86_64" ] && ARCH=amd64
|
||||
[ $(uname -m) == "i686" ] && ARCH=i686
|
||||
|
||||
cat /etc/make.conf > make-conf.${ARCH}.txt
|
||||
emerge --info > emerge-info.${ARCH}.txt
|
||||
epm -qa | sort > epm-qa.${ARCH}.txt
|
||||
emerge -vep world > emerge-world.${ARCH}.txt
|
||||
zcat /proc/config.gz > kernel-config.${ARCH}.txt
|
||||
|
96
tools-hardened/desktop/files/Save/iso2usb.sh
Normal file
96
tools-hardened/desktop/files/Save/iso2usb.sh
Normal file
|
@ -0,0 +1,96 @@
|
|||
#!/bin/bash
|
||||
|
||||
WORKING=$(pwd)
|
||||
|
||||
welcome ()
|
||||
{
|
||||
echo
|
||||
echo "================================================================================"
|
||||
echo "= This script will transfer the contents of a bootable iso to a usb stick. ="
|
||||
echo "= ="
|
||||
echo "= WARNING: IT WILL DESTROY THE CONTENTS OF THE USB STICK!!! ="
|
||||
echo "= ="
|
||||
echo "================================================================================"
|
||||
echo
|
||||
}
|
||||
|
||||
|
||||
check ()
|
||||
{
|
||||
echo
|
||||
echo "Enter the device name of the USB drive, eg sda "
|
||||
echo "Don't worry, I'll show you the device's partition table before we wipe it "
|
||||
echo
|
||||
echo -n "Device: "
|
||||
|
||||
read DEVICE
|
||||
|
||||
echo
|
||||
|
||||
parted /dev/${DEVICE} print
|
||||
|
||||
echo -n "Are you sure? (Type uppercase yes): "
|
||||
|
||||
read ANSWER
|
||||
|
||||
if [[ $ANSWER != "YES" ]] ; then
|
||||
echo
|
||||
echo "ABORT! ABORT! ABORT!"
|
||||
echo
|
||||
exit
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
partition ()
|
||||
{
|
||||
dd if=/dev/zero of=/dev/${DEVICE} bs=1 count=1024 >/dev/null 2>&1
|
||||
dd if=/usr/lib/syslinux/mbr.bin of=/dev/${DEVICE} >/dev/null 2>&1
|
||||
parted -s /dev/${DEVICE} mklabel msdos mkpartfs primary fat32 0 100% >/dev/null 2>&1
|
||||
parted -s /dev/${DEVICE} set 1 boot >/dev/null 2>&1
|
||||
}
|
||||
|
||||
|
||||
copyiso()
|
||||
{
|
||||
echo
|
||||
echo "Enter the name of the iso image relative to ${WORKING} "
|
||||
echo
|
||||
echo -n "Name: "
|
||||
|
||||
read IMAGE
|
||||
|
||||
if [[ ! -f ${WORKING}/${IMAGE} ]] ; then
|
||||
echo
|
||||
echo "Cannot find iso image, exiting."
|
||||
echo
|
||||
exit
|
||||
fi
|
||||
|
||||
cd ${WORKING}
|
||||
mkdir -p iso usb
|
||||
mount -o loop ${IMAGE} iso
|
||||
mount /dev/${DEVICE}1 usb
|
||||
|
||||
cp iso/tinroot usb
|
||||
cp iso/boot/tinhat usb
|
||||
cp iso/boot/tinhat.igz usb
|
||||
cp configs/syslinux.cfg usb
|
||||
|
||||
umount iso && rmdir iso
|
||||
umount usb && rmdir usb
|
||||
}
|
||||
|
||||
|
||||
finishup()
|
||||
{
|
||||
syslinux /dev/${DEVICE}1
|
||||
}
|
||||
|
||||
|
||||
welcome
|
||||
check
|
||||
partition
|
||||
copyiso
|
||||
finishup
|
||||
|
134
tools-hardened/desktop/files/Save/make.sh
Normal file
134
tools-hardened/desktop/files/Save/make.sh
Normal file
|
@ -0,0 +1,134 @@
|
|||
#!/bin/bash
|
||||
|
||||
WORKING=$(pwd)
|
||||
SKIP=$(echo $WORKING | sed -e 's/^\///')
|
||||
|
||||
welcome()
|
||||
{
|
||||
echo
|
||||
echo "================================================================================"
|
||||
echo "= Building iso image from template ... ="
|
||||
echo "= Hit Control-C at any continuation prompt to stop at that point ="
|
||||
echo "================================================================================"
|
||||
echo
|
||||
}
|
||||
|
||||
|
||||
cleanup()
|
||||
{
|
||||
echo
|
||||
echo "================================================================================"
|
||||
echo "= Cleaning up any remaining tmp files from previous builds ="
|
||||
echo "= Removing ramdisk.iso tinhat.igz init/ iso/ ="
|
||||
echo "================================================================================"
|
||||
echo -n "Continue? "
|
||||
read ANSWER
|
||||
|
||||
cd ${WORKING}
|
||||
rm -f ramdisk.iso
|
||||
rm -f tinhat.igz
|
||||
rm -rf init
|
||||
rm -rf iso
|
||||
}
|
||||
|
||||
|
||||
mkinitramfs()
|
||||
{
|
||||
echo
|
||||
echo "================================================================================"
|
||||
echo "= Building initramfs image which will be named tinhat.igz ="
|
||||
echo "================================================================================"
|
||||
echo -n "Continue? "
|
||||
read ANSWER
|
||||
|
||||
cd ${WORKING}
|
||||
|
||||
mkdir init
|
||||
cd init
|
||||
|
||||
mkdir -p bin dev etc mnt/cdrom mnt/squashfs mnt/tmpfs proc sbin sys tmp usr/bin usr/sbin var
|
||||
|
||||
cp ../configs/busybox bin
|
||||
cp ../configs/init .
|
||||
chmod 755 bin/busybox
|
||||
chmod 755 init
|
||||
|
||||
chroot . /bin/busybox --install -s
|
||||
|
||||
find . | cpio -H newc -o | gzip -9 > ../tinhat.igz
|
||||
|
||||
cd ${WORKING}
|
||||
|
||||
rm -rf init
|
||||
}
|
||||
|
||||
|
||||
mkiso()
|
||||
{
|
||||
echo
|
||||
echo "================================================================================"
|
||||
echo "= Building the iso image which will be named ramdisk.iso ="
|
||||
echo "================================================================================"
|
||||
echo -n "Continue? "
|
||||
read ANSWER
|
||||
|
||||
cd ${WORKING}
|
||||
|
||||
mkdir -p iso/boot/grub
|
||||
|
||||
mv tinhat.igz iso/boot
|
||||
|
||||
cp -L /boot/kernel iso/boot/tinhat
|
||||
|
||||
cp /lib/grub/i386-pc/stage2_eltorito iso/boot/grub
|
||||
|
||||
cp configs/menu.lst iso/boot/grub/menu.lst
|
||||
|
||||
|
||||
mkdir -p root
|
||||
mount -o ro --bind / root
|
||||
mksquashfs root iso/tinroot -e usr/portage $SKIP usr/src var/cache/edb
|
||||
umount root
|
||||
rmdir root
|
||||
|
||||
|
||||
cp configs/ABOUT.html iso/ABOUT.html
|
||||
|
||||
mkisofs -R -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 4 -boot-info-table -o ramdisk.iso iso
|
||||
|
||||
rm -rf iso
|
||||
|
||||
cd ${WORKING}
|
||||
}
|
||||
|
||||
|
||||
nameit()
|
||||
{
|
||||
echo
|
||||
echo "================================================================================"
|
||||
echo "= Renaming the iso image as th-ARCH-DATE.iso ="
|
||||
echo "================================================================================"
|
||||
echo -n "Continue? "
|
||||
read ANSWER
|
||||
|
||||
echo
|
||||
echo -n "Enter the RC suffix, empty for none: "
|
||||
read RC
|
||||
|
||||
[ $(uname -m) == "x86_64" ] && ARCH="amd64"
|
||||
[ $(uname -m) == "i686" ] && ARCH="i686"
|
||||
|
||||
DATE=$(date +%Y%m%d)
|
||||
|
||||
[ -z $RC ] && NAME="th-${ARCH}-${DATE}.iso" || NAME="th-${ARCH}-${DATE}-${RC}.iso"
|
||||
|
||||
[ -f ramdisk.iso ] && mv ramdisk.iso $NAME || echo "Can't name ramdisk.iso, I didn't find it."
|
||||
}
|
||||
|
||||
|
||||
welcome
|
||||
cleanup
|
||||
mkinitramfs
|
||||
mkiso
|
||||
nameit
|
||||
|
25
tools-hardened/desktop/files/Utilities/README
Normal file
25
tools-hardened/desktop/files/Utilities/README
Normal file
|
@ -0,0 +1,25 @@
|
|||
This directory contains utilities which are relavant to
|
||||
Tin Hat's design goals. . As of the current release,
|
||||
there is only one, but more will be added.
|
||||
|
||||
1. checksec.sh - Checks binaries or running processes for
|
||||
the following security enhancements:
|
||||
|
||||
RELRO - Default Read Only Marking.
|
||||
STACK CANARY (aka SSP) - Stack Smashing Protector
|
||||
NX - No eXecute
|
||||
PIE - Position Independent Executables
|
||||
ASLR - Address Space Layout Randomization
|
||||
|
||||
For a better explanation of these see
|
||||
|
||||
http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml
|
||||
http://en.wikipedia.org/wiki/NX_bit
|
||||
http://en.wikipedia.org/wiki/ASLR
|
||||
|
||||
|
||||
This script was written by Tobias Klein. Thank you!
|
||||
See his informative blog at
|
||||
|
||||
http://www.trapkit.de
|
||||
|
883
tools-hardened/desktop/files/Utilities/checksec.sh
Normal file
883
tools-hardened/desktop/files/Utilities/checksec.sh
Normal file
|
@ -0,0 +1,883 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# The BSD License (http://www.opensource.org/licenses/bsd-license.php)
|
||||
# specifies the terms and conditions of use for checksec.sh:
|
||||
#
|
||||
# Copyright (c) 2009-2011, Tobias Klein.
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in
|
||||
# the documentation and/or other materials provided with the
|
||||
# distribution.
|
||||
# * Neither the name of Tobias Klein nor the name of trapkit.de may be
|
||||
# used to endorse or promote products derived from this software
|
||||
# without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
||||
# OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
||||
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
|
||||
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
|
||||
# DAMAGE.
|
||||
#
|
||||
# Name : checksec.sh
|
||||
# Version : 1.5
|
||||
# Author : Tobias Klein
|
||||
# Date : November 2011
|
||||
# Download: http://www.trapkit.de/tools/checksec.html
|
||||
# Changes : http://www.trapkit.de/tools/checksec_changes.txt
|
||||
#
|
||||
# Description:
|
||||
#
|
||||
# Modern Linux distributions offer some mitigation techniques to make it
|
||||
# harder to exploit software vulnerabilities reliably. Mitigations such
|
||||
# as RELRO, NoExecute (NX), Stack Canaries, Address Space Layout
|
||||
# Randomization (ASLR) and Position Independent Executables (PIE) have
|
||||
# made reliably exploiting any vulnerabilities that do exist far more
|
||||
# challenging. The checksec.sh script is designed to test what *standard*
|
||||
# Linux OS and PaX (http://pax.grsecurity.net/) security features are being
|
||||
# used.
|
||||
#
|
||||
# As of version 1.3 the script also lists the status of various Linux kernel
|
||||
# protection mechanisms.
|
||||
#
|
||||
# Credits:
|
||||
#
|
||||
# Thanks to Brad Spengler (grsecurity.net) for the PaX support.
|
||||
# Thanks to Jon Oberheide (jon.oberheide.org) for the kernel support.
|
||||
# Thanks to Ollie Whitehouse (Research In Motion) for rpath/runpath support.
|
||||
#
|
||||
# Others that contributed to checksec.sh (in no particular order):
|
||||
#
|
||||
# Simon Ruderich, Denis Scherbakov, Stefan Kuttler, Radoslaw Madej,
|
||||
# Anthony G. Basile, Martin Vaeth and Brian Davis.
|
||||
#
|
||||
|
||||
# global vars
|
||||
have_readelf=1
|
||||
verbose=false
|
||||
|
||||
# FORTIFY_SOURCE vars
|
||||
FS_end=_chk
|
||||
FS_cnt_total=0
|
||||
FS_cnt_checked=0
|
||||
FS_cnt_unchecked=0
|
||||
FS_chk_func_libc=0
|
||||
FS_functions=0
|
||||
FS_libc=0
|
||||
|
||||
# version information
|
||||
version() {
|
||||
echo "checksec v1.5, Tobias Klein, www.trapkit.de, November 2011"
|
||||
echo
|
||||
}
|
||||
|
||||
# help
|
||||
help() {
|
||||
echo "Usage: checksec [OPTION]"
|
||||
echo
|
||||
echo "Options:"
|
||||
echo
|
||||
echo " --file <executable-file>"
|
||||
echo " --dir <directory> [-v]"
|
||||
echo " --proc <process name>"
|
||||
echo " --proc-all"
|
||||
echo " --proc-libs <process ID>"
|
||||
echo " --kernel"
|
||||
echo " --fortify-file <executable-file>"
|
||||
echo " --fortify-proc <process ID>"
|
||||
echo " --version"
|
||||
echo " --help"
|
||||
echo
|
||||
echo "For more information, see:"
|
||||
echo " http://www.trapkit.de/tools/checksec.html"
|
||||
echo
|
||||
}
|
||||
|
||||
# check if command exists
|
||||
command_exists () {
|
||||
type $1 > /dev/null 2>&1;
|
||||
}
|
||||
|
||||
# check if directory exists
|
||||
dir_exists () {
|
||||
if [ -d $1 ] ; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# check user privileges
|
||||
root_privs () {
|
||||
if [ $(/usr/bin/id -u) -eq 0 ] ; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# check if input is numeric
|
||||
isNumeric () {
|
||||
echo "$@" | grep -q -v "[^0-9]"
|
||||
}
|
||||
|
||||
# check if input is a string
|
||||
isString () {
|
||||
echo "$@" | grep -q -v "[^A-Za-z]"
|
||||
}
|
||||
|
||||
# check file(s)
|
||||
filecheck() {
|
||||
# check for RELRO support
|
||||
if readelf -l $1 2>/dev/null | grep -q 'GNU_RELRO'; then
|
||||
if readelf -d $1 2>/dev/null | grep -q 'BIND_NOW'; then
|
||||
echo -n -e '\033[32mFull RELRO \033[m '
|
||||
else
|
||||
echo -n -e '\033[33mPartial RELRO\033[m '
|
||||
fi
|
||||
else
|
||||
echo -n -e '\033[31mNo RELRO \033[m '
|
||||
fi
|
||||
|
||||
# check for stack canary support
|
||||
if readelf -s $1 2>/dev/null | grep -q '__stack_chk_fail'; then
|
||||
echo -n -e '\033[32mCanary found \033[m '
|
||||
else
|
||||
echo -n -e '\033[31mNo canary found\033[m '
|
||||
fi
|
||||
|
||||
# check for NX support
|
||||
if readelf -W -l $1 2>/dev/null | grep 'GNU_STACK' | grep -q 'RWE'; then
|
||||
echo -n -e '\033[31mNX disabled\033[m '
|
||||
else
|
||||
echo -n -e '\033[32mNX enabled \033[m '
|
||||
fi
|
||||
|
||||
# check for PIE support
|
||||
if readelf -h $1 2>/dev/null | grep -q 'Type:[[:space:]]*EXEC'; then
|
||||
echo -n -e '\033[31mNo PIE \033[m '
|
||||
elif readelf -h $1 2>/dev/null | grep -q 'Type:[[:space:]]*DYN'; then
|
||||
if readelf -d $1 2>/dev/null | grep -q '(DEBUG)'; then
|
||||
echo -n -e '\033[32mPIE enabled \033[m '
|
||||
else
|
||||
echo -n -e '\033[33mDSO \033[m '
|
||||
fi
|
||||
else
|
||||
echo -n -e '\033[33mNot an ELF file\033[m '
|
||||
fi
|
||||
|
||||
# check for rpath / run path
|
||||
if readelf -d $1 2>/dev/null | grep -q 'rpath'; then
|
||||
echo -n -e '\033[31mRPATH \033[m '
|
||||
else
|
||||
echo -n -e '\033[32mNo RPATH \033[m '
|
||||
fi
|
||||
|
||||
if readelf -d $1 2>/dev/null | grep -q 'runpath'; then
|
||||
echo -n -e '\033[31mRUNPATH \033[m '
|
||||
else
|
||||
echo -n -e '\033[32mNo RUNPATH \033[m '
|
||||
fi
|
||||
}
|
||||
|
||||
# check process(es)
|
||||
proccheck() {
|
||||
# check for RELRO support
|
||||
if readelf -l $1/exe 2>/dev/null | grep -q 'Program Headers'; then
|
||||
if readelf -l $1/exe 2>/dev/null | grep -q 'GNU_RELRO'; then
|
||||
if readelf -d $1/exe 2>/dev/null | grep -q 'BIND_NOW'; then
|
||||
echo -n -e '\033[32mFull RELRO \033[m '
|
||||
else
|
||||
echo -n -e '\033[33mPartial RELRO \033[m '
|
||||
fi
|
||||
else
|
||||
echo -n -e '\033[31mNo RELRO \033[m '
|
||||
fi
|
||||
else
|
||||
echo -n -e '\033[31mPermission denied (please run as root)\033[m\n'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# check for stack canary support
|
||||
if readelf -s $1/exe 2>/dev/null | grep -q 'Symbol table'; then
|
||||
if readelf -s $1/exe 2>/dev/null | grep -q '__stack_chk_fail'; then
|
||||
echo -n -e '\033[32mCanary found \033[m '
|
||||
else
|
||||
echo -n -e '\033[31mNo canary found \033[m '
|
||||
fi
|
||||
else
|
||||
if [ "$1" != "1" ] ; then
|
||||
echo -n -e '\033[33mPermission denied \033[m '
|
||||
else
|
||||
echo -n -e '\033[33mNo symbol table found\033[m '
|
||||
fi
|
||||
fi
|
||||
|
||||
# first check for PaX support
|
||||
if cat $1/status 2> /dev/null | grep -q 'PaX:'; then
|
||||
pageexec=( $(cat $1/status 2> /dev/null | grep 'PaX:' | cut -b6) )
|
||||
segmexec=( $(cat $1/status 2> /dev/null | grep 'PaX:' | cut -b10) )
|
||||
mprotect=( $(cat $1/status 2> /dev/null | grep 'PaX:' | cut -b8) )
|
||||
randmmap=( $(cat $1/status 2> /dev/null | grep 'PaX:' | cut -b9) )
|
||||
if [[ "$pageexec" = "P" || "$segmexec" = "S" ]] && [[ "$mprotect" = "M" && "$randmmap" = "R" ]] ; then
|
||||
echo -n -e '\033[32mPaX enabled\033[m '
|
||||
elif [[ "$pageexec" = "p" && "$segmexec" = "s" && "$randmmap" = "R" ]] ; then
|
||||
echo -n -e '\033[33mPaX ASLR only\033[m '
|
||||
elif [[ "$pageexec" = "P" || "$segmexec" = "S" ]] && [[ "$mprotect" = "m" && "$randmmap" = "R" ]] ; then
|
||||
echo -n -e '\033[33mPaX mprot off \033[m'
|
||||
elif [[ "$pageexec" = "P" || "$segmexec" = "S" ]] && [[ "$mprotect" = "M" && "$randmmap" = "r" ]] ; then
|
||||
echo -n -e '\033[33mPaX ASLR off\033[m '
|
||||
elif [[ "$pageexec" = "P" || "$segmexec" = "S" ]] && [[ "$mprotect" = "m" && "$randmmap" = "r" ]] ; then
|
||||
echo -n -e '\033[33mPaX NX only\033[m '
|
||||
else
|
||||
echo -n -e '\033[31mPaX disabled\033[m '
|
||||
fi
|
||||
# fallback check for NX support
|
||||
elif readelf -W -l $1/exe 2>/dev/null | grep 'GNU_STACK' | grep -q 'RWE'; then
|
||||
echo -n -e '\033[31mNX disabled\033[m '
|
||||
else
|
||||
echo -n -e '\033[32mNX enabled \033[m '
|
||||
fi
|
||||
|
||||
# check for PIE support
|
||||
if readelf -h $1/exe 2>/dev/null | grep -q 'Type:[[:space:]]*EXEC'; then
|
||||
echo -n -e '\033[31mNo PIE \033[m '
|
||||
elif readelf -h $1/exe 2>/dev/null | grep -q 'Type:[[:space:]]*DYN'; then
|
||||
if readelf -d $1/exe 2>/dev/null | grep -q '(DEBUG)'; then
|
||||
echo -n -e '\033[32mPIE enabled \033[m '
|
||||
else
|
||||
echo -n -e '\033[33mDynamic Shared Object\033[m '
|
||||
fi
|
||||
else
|
||||
echo -n -e '\033[33mNot an ELF file \033[m '
|
||||
fi
|
||||
}
|
||||
|
||||
# check mapped libraries
|
||||
libcheck() {
|
||||
libs=( $(awk '{ print $6 }' /proc/$1/maps | grep '/' | sort -u | xargs file | grep ELF | awk '{ print $1 }' | sed 's/:/ /') )
|
||||
|
||||
printf "\n* Loaded libraries (file information, # of mapped files: ${#libs[@]}):\n\n"
|
||||
|
||||
for element in $(seq 0 $((${#libs[@]} - 1)))
|
||||
do
|
||||
echo " ${libs[$element]}:"
|
||||
echo -n " "
|
||||
filecheck ${libs[$element]}
|
||||
printf "\n\n"
|
||||
done
|
||||
}
|
||||
|
||||
# check for system-wide ASLR support
|
||||
aslrcheck() {
|
||||
# PaX ASLR support
|
||||
if !(cat /proc/1/status 2> /dev/null | grep -q 'Name:') ; then
|
||||
echo -n -e ':\033[33m insufficient privileges for PaX ASLR checks\033[m\n'
|
||||
echo -n -e ' Fallback to standard Linux ASLR check'
|
||||
fi
|
||||
|
||||
if cat /proc/1/status 2> /dev/null | grep -q 'PaX:'; then
|
||||
printf ": "
|
||||
if cat /proc/1/status 2> /dev/null | grep 'PaX:' | grep -q 'R'; then
|
||||
echo -n -e '\033[32mPaX ASLR enabled\033[m\n\n'
|
||||
else
|
||||
echo -n -e '\033[31mPaX ASLR disabled\033[m\n\n'
|
||||
fi
|
||||
else
|
||||
# standard Linux 'kernel.randomize_va_space' ASLR support
|
||||
# (see the kernel file 'Documentation/sysctl/kernel.txt' for a detailed description)
|
||||
printf " (kernel.randomize_va_space): "
|
||||
if /sbin/sysctl -a 2>/dev/null | grep -q 'kernel.randomize_va_space = 1'; then
|
||||
echo -n -e '\033[33mOn (Setting: 1)\033[m\n\n'
|
||||
printf " Description - Make the addresses of mmap base, stack and VDSO page randomized.\n"
|
||||
printf " This, among other things, implies that shared libraries will be loaded to \n"
|
||||
printf " random addresses. Also for PIE-linked binaries, the location of code start\n"
|
||||
printf " is randomized. Heap addresses are *not* randomized.\n\n"
|
||||
elif /sbin/sysctl -a 2>/dev/null | grep -q 'kernel.randomize_va_space = 2'; then
|
||||
echo -n -e '\033[32mOn (Setting: 2)\033[m\n\n'
|
||||
printf " Description - Make the addresses of mmap base, heap, stack and VDSO page randomized.\n"
|
||||
printf " This, among other things, implies that shared libraries will be loaded to random \n"
|
||||
printf " addresses. Also for PIE-linked binaries, the location of code start is randomized.\n\n"
|
||||
elif /sbin/sysctl -a 2>/dev/null | grep -q 'kernel.randomize_va_space = 0'; then
|
||||
echo -n -e '\033[31mOff (Setting: 0)\033[m\n'
|
||||
else
|
||||
echo -n -e '\033[31mNot supported\033[m\n'
|
||||
fi
|
||||
printf " See the kernel file 'Documentation/sysctl/kernel.txt' for more details.\n\n"
|
||||
fi
|
||||
}
|
||||
|
||||
# check cpu nx flag
|
||||
nxcheck() {
|
||||
if grep -q nx /proc/cpuinfo; then
|
||||
echo -n -e '\033[32mYes\033[m\n\n'
|
||||
else
|
||||
echo -n -e '\033[31mNo\033[m\n\n'
|
||||
fi
|
||||
}
|
||||
|
||||
# check for kernel protection mechanisms
|
||||
kernelcheck() {
|
||||
printf " Description - List the status of kernel protection mechanisms. Rather than\n"
|
||||
printf " inspect kernel mechanisms that may aid in the prevention of exploitation of\n"
|
||||
printf " userspace processes, this option lists the status of kernel configuration\n"
|
||||
printf " options that harden the kernel itself against attack.\n\n"
|
||||
printf " Kernel config: "
|
||||
|
||||
if [ -f /proc/config.gz ] ; then
|
||||
kconfig="zcat /proc/config.gz"
|
||||
printf "\033[32m/proc/config.gz\033[m\n\n"
|
||||
elif [ -f /boot/config-`uname -r` ] ; then
|
||||
kconfig="cat /boot/config-`uname -r`"
|
||||
printf "\033[33m/boot/config-`uname -r`\033[m\n\n"
|
||||
printf " Warning: The config on disk may not represent running kernel config!\n\n";
|
||||
elif [ -f "${KBUILD_OUTPUT:-/usr/src/linux}"/.config ] ; then
|
||||
kconfig="cat ${KBUILD_OUTPUT:-/usr/src/linux}/.config"
|
||||
printf "\033[33m%s\033[m\n\n" "${KBUILD_OUTPUT:-/usr/src/linux}/.config"
|
||||
printf " Warning: The config on disk may not represent running kernel config!\n\n";
|
||||
else
|
||||
printf "\033[31mNOT FOUND\033[m\n\n"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
printf " GCC stack protector support: "
|
||||
if $kconfig | grep -qi 'CONFIG_CC_STACKPROTECTOR=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf " Strict user copy checks: "
|
||||
if $kconfig | grep -qi 'CONFIG_DEBUG_STRICT_USER_COPY_CHECKS=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf " Enforce read-only kernel data: "
|
||||
if $kconfig | grep -qi 'CONFIG_DEBUG_RODATA=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
printf " Restrict /dev/mem access: "
|
||||
if $kconfig | grep -qi 'CONFIG_STRICT_DEVMEM=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf " Restrict /dev/kmem access: "
|
||||
if $kconfig | grep -qi 'CONFIG_DEVKMEM=y'; then
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
else
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf "\n"
|
||||
printf "* grsecurity / PaX: "
|
||||
|
||||
if $kconfig | grep -qi 'CONFIG_GRKERNSEC=y'; then
|
||||
if $kconfig | grep -qi 'CONFIG_GRKERNSEC_HIGH=y'; then
|
||||
printf "\033[32mHigh GRKERNSEC\033[m\n\n"
|
||||
elif $kconfig | grep -qi 'CONFIG_GRKERNSEC_MEDIUM=y'; then
|
||||
printf "\033[33mMedium GRKERNSEC\033[m\n\n"
|
||||
elif $kconfig | grep -qi 'CONFIG_GRKERNSEC_LOW=y'; then
|
||||
printf "\033[31mLow GRKERNSEC\033[m\n\n"
|
||||
else
|
||||
printf "\033[33mCustom GRKERNSEC\033[m\n\n"
|
||||
fi
|
||||
|
||||
printf " Non-executable kernel pages: "
|
||||
if $kconfig | grep -qi 'CONFIG_PAX_KERNEXEC=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf " Prevent userspace pointer deref: "
|
||||
if $kconfig | grep -qi 'CONFIG_PAX_MEMORY_UDEREF=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf " Prevent kobject refcount overflow: "
|
||||
if $kconfig | grep -qi 'CONFIG_PAX_REFCOUNT=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf " Bounds check heap object copies: "
|
||||
if $kconfig | grep -qi 'CONFIG_PAX_USERCOPY=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf " Disable writing to kmem/mem/port: "
|
||||
if $kconfig | grep -qi 'CONFIG_GRKERNSEC_KMEM=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf " Disable privileged I/O: "
|
||||
if $kconfig | grep -qi 'CONFIG_GRKERNSEC_IO=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf " Harden module auto-loading: "
|
||||
if $kconfig | grep -qi 'CONFIG_GRKERNSEC_MODHARDEN=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
|
||||
printf " Hide kernel symbols: "
|
||||
if $kconfig | grep -qi 'CONFIG_GRKERNSEC_HIDESYM=y'; then
|
||||
printf "\033[32mEnabled\033[m\n"
|
||||
else
|
||||
printf "\033[31mDisabled\033[m\n"
|
||||
fi
|
||||
else
|
||||
printf "\033[31mNo GRKERNSEC\033[m\n\n"
|
||||
printf " The grsecurity / PaX patchset is available here:\n"
|
||||
printf " http://grsecurity.net/\n"
|
||||
fi
|
||||
|
||||
printf "\n"
|
||||
printf "* Kernel Heap Hardening: "
|
||||
|
||||
if $kconfig | grep -qi 'CONFIG_KERNHEAP=y'; then
|
||||
if $kconfig | grep -qi 'CONFIG_KERNHEAP_FULLPOISON=y'; then
|
||||
printf "\033[32mFull KERNHEAP\033[m\n\n"
|
||||
else
|
||||
printf "\033[33mPartial KERNHEAP\033[m\n\n"
|
||||
fi
|
||||
else
|
||||
printf "\033[31mNo KERNHEAP\033[m\n\n"
|
||||
printf " The KERNHEAP hardening patchset is available here:\n"
|
||||
printf " https://www.subreption.com/kernheap/\n\n"
|
||||
fi
|
||||
}
|
||||
|
||||
# --- FORTIFY_SOURCE subfunctions (start) ---
|
||||
|
||||
# is FORTIFY_SOURCE supported by libc?
|
||||
FS_libc_check() {
|
||||
printf "* FORTIFY_SOURCE support available (libc) : "
|
||||
|
||||
if [ "${#FS_chk_func_libc[@]}" != "0" ] ; then
|
||||
printf "\033[32mYes\033[m\n"
|
||||
else
|
||||
printf "\033[31mNo\033[m\n"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# was the binary compiled with FORTIFY_SOURCE?
|
||||
FS_binary_check() {
|
||||
printf "* Binary compiled with FORTIFY_SOURCE support: "
|
||||
|
||||
for FS_elem_functions in $(seq 0 $((${#FS_functions[@]} - 1)))
|
||||
do
|
||||
if [[ ${FS_functions[$FS_elem_functions]} =~ _chk ]] ; then
|
||||
printf "\033[32mYes\033[m\n"
|
||||
return
|
||||
fi
|
||||
done
|
||||
printf "\033[31mNo\033[m\n"
|
||||
exit 1
|
||||
}
|
||||
|
||||
FS_comparison() {
|
||||
echo
|
||||
printf " ------ EXECUTABLE-FILE ------- . -------- LIBC --------\n"
|
||||
printf " FORTIFY-able library functions | Checked function names\n"
|
||||
printf " -------------------------------------------------------\n"
|
||||
|
||||
for FS_elem_libc in $(seq 0 $((${#FS_chk_func_libc[@]} - 1)))
|
||||
do
|
||||
for FS_elem_functions in $(seq 0 $((${#FS_functions[@]} - 1)))
|
||||
do
|
||||
FS_tmp_func=${FS_functions[$FS_elem_functions]}
|
||||
FS_tmp_libc=${FS_chk_func_libc[$FS_elem_libc]}
|
||||
|
||||
if [[ $FS_tmp_func =~ ^$FS_tmp_libc$ ]] ; then
|
||||
printf " \033[31m%-30s\033[m | __%s%s\n" $FS_tmp_func $FS_tmp_libc $FS_end
|
||||
let FS_cnt_total++
|
||||
let FS_cnt_unchecked++
|
||||
elif [[ $FS_tmp_func =~ ^$FS_tmp_libc(_chk) ]] ; then
|
||||
printf " \033[32m%-30s\033[m | __%s%s\n" $FS_tmp_func $FS_tmp_libc $FS_end
|
||||
let FS_cnt_total++
|
||||
let FS_cnt_checked++
|
||||
fi
|
||||
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
FS_summary() {
|
||||
echo
|
||||
printf "SUMMARY:\n\n"
|
||||
printf "* Number of checked functions in libc : ${#FS_chk_func_libc[@]}\n"
|
||||
printf "* Total number of library functions in the executable: ${#FS_functions[@]}\n"
|
||||
printf "* Number of FORTIFY-able functions in the executable : %s\n" $FS_cnt_total
|
||||
printf "* Number of checked functions in the executable : \033[32m%s\033[m\n" $FS_cnt_checked
|
||||
printf "* Number of unchecked functions in the executable : \033[31m%s\033[m\n" $FS_cnt_unchecked
|
||||
echo
|
||||
}
|
||||
|
||||
# --- FORTIFY_SOURCE subfunctions (end) ---
|
||||
|
||||
if !(command_exists readelf) ; then
|
||||
printf "\033[31mWarning: 'readelf' not found! It's required for most checks.\033[m\n\n"
|
||||
have_readelf=0
|
||||
fi
|
||||
|
||||
# parse command-line arguments
|
||||
case "$1" in
|
||||
|
||||
--version)
|
||||
version
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--help)
|
||||
help
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--dir)
|
||||
if [ "$3" = "-v" ] ; then
|
||||
verbose=true
|
||||
fi
|
||||
if [ $have_readelf -eq 0 ] ; then
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$2" ] ; then
|
||||
printf "\033[31mError: Please provide a valid directory.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
# remove trailing slashes
|
||||
tempdir=`echo $2 | sed -e "s/\/*$//"`
|
||||
if [ ! -d $tempdir ] ; then
|
||||
printf "\033[31mError: The directory '$tempdir' does not exist.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
cd $tempdir
|
||||
printf "RELRO STACK CANARY NX PIE RPATH RUNPATH FILE\n"
|
||||
for N in [A-Za-z]*; do
|
||||
if [ "$N" != "[A-Za-z]*" ]; then
|
||||
# read permissions?
|
||||
if [ ! -r $N ]; then
|
||||
printf "\033[31mError: No read permissions for '$tempdir/$N' (run as root).\033[m\n"
|
||||
else
|
||||
# ELF executable?
|
||||
out=`file $N`
|
||||
if [[ ! $out =~ ELF ]] ; then
|
||||
if [ "$verbose" = "true" ] ; then
|
||||
printf "\033[34m*** Not an ELF file: $tempdir/"
|
||||
file $N
|
||||
printf "\033[m"
|
||||
fi
|
||||
else
|
||||
filecheck $N
|
||||
if [ `find $tempdir/$N \( -perm -004000 -o -perm -002000 \) -type f -print` ]; then
|
||||
printf "\033[37;41m%s%s\033[m" $2 $N
|
||||
else
|
||||
printf "%s%s" $tempdir/ $N
|
||||
fi
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--file)
|
||||
if [ $have_readelf -eq 0 ] ; then
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$2" ] ; then
|
||||
printf "\033[31mError: Please provide a valid file.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
# does the file exist?
|
||||
if [ ! -e $2 ] ; then
|
||||
printf "\033[31mError: The file '$2' does not exist.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
# read permissions?
|
||||
if [ ! -r $2 ] ; then
|
||||
printf "\033[31mError: No read permissions for '$2' (run as root).\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
# ELF executable?
|
||||
out=`file $2`
|
||||
if [[ ! $out =~ ELF ]] ; then
|
||||
printf "\033[31mError: Not an ELF file: "
|
||||
file $2
|
||||
printf "\033[m\n"
|
||||
exit 1
|
||||
fi
|
||||
printf "RELRO STACK CANARY NX PIE RPATH RUNPATH FILE\n"
|
||||
filecheck $2
|
||||
if [ `find $2 \( -perm -004000 -o -perm -002000 \) -type f -print` ] ; then
|
||||
printf "\033[37;41m%s%s\033[m" $2 $N
|
||||
else
|
||||
printf "%s" $2
|
||||
fi
|
||||
echo
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--proc-all)
|
||||
if [ $have_readelf -eq 0 ] ; then
|
||||
exit 1
|
||||
fi
|
||||
cd /proc
|
||||
printf "* System-wide ASLR"
|
||||
aslrcheck
|
||||
printf "* Does the CPU support NX: "
|
||||
nxcheck
|
||||
printf " COMMAND PID RELRO STACK CANARY NX/PaX PIE\n"
|
||||
for N in [1-9]*; do
|
||||
if [ $N != $$ ] && readlink -q $N/exe > /dev/null; then
|
||||
printf "%16s" `head -1 $N/status | cut -b 7-`
|
||||
printf "%7d " $N
|
||||
proccheck $N
|
||||
echo
|
||||
fi
|
||||
done
|
||||
if [ ! -e /usr/bin/id ] ; then
|
||||
printf "\n\033[33mNote: If you are running 'checksec.sh' as an unprivileged user, you\n"
|
||||
printf " will not see all processes. Please run the script as root.\033[m\n\n"
|
||||
else
|
||||
if !(root_privs) ; then
|
||||
printf "\n\033[33mNote: You are running 'checksec.sh' as an unprivileged user.\n"
|
||||
printf " Too see all processes, please run the script as root.\033[m\n\n"
|
||||
fi
|
||||
fi
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--proc)
|
||||
if [ $have_readelf -eq 0 ] ; then
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$2" ] ; then
|
||||
printf "\033[31mError: Please provide a valid process name.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
if !(isString "$2") ; then
|
||||
printf "\033[31mError: Please provide a valid process name.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
cd /proc
|
||||
printf "* System-wide ASLR"
|
||||
aslrcheck
|
||||
printf "* Does the CPU support NX: "
|
||||
nxcheck
|
||||
printf " COMMAND PID RELRO STACK CANARY NX/PaX PIE\n"
|
||||
for N in `ps -Ao pid,comm | grep $2 | cut -b1-6`; do
|
||||
if [ -d $N ] ; then
|
||||
printf "%16s" `head -1 $N/status | cut -b 7-`
|
||||
printf "%7d " $N
|
||||
# read permissions?
|
||||
if [ ! -r $N/exe ] ; then
|
||||
if !(root_privs) ; then
|
||||
printf "\033[31mNo read permissions for '/proc/$N/exe' (run as root).\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! `readlink $N/exe` ] ; then
|
||||
printf "\033[31mPermission denied. Requested process ID belongs to a kernel thread.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
proccheck $N
|
||||
echo
|
||||
fi
|
||||
done
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--proc-libs)
|
||||
if [ $have_readelf -eq 0 ] ; then
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$2" ] ; then
|
||||
printf "\033[31mError: Please provide a valid process ID.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
if !(isNumeric "$2") ; then
|
||||
printf "\033[31mError: Please provide a valid process ID.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
cd /proc
|
||||
printf "* System-wide ASLR"
|
||||
aslrcheck
|
||||
printf "* Does the CPU support NX: "
|
||||
nxcheck
|
||||
printf "* Process information:\n\n"
|
||||
printf " COMMAND PID RELRO STACK CANARY NX/PaX PIE\n"
|
||||
N=$2
|
||||
if [ -d $N ] ; then
|
||||
printf "%16s" `head -1 $N/status | cut -b 7-`
|
||||
printf "%7d " $N
|
||||
# read permissions?
|
||||
if [ ! -r $N/exe ] ; then
|
||||
if !(root_privs) ; then
|
||||
printf "\033[31mNo read permissions for '/proc/$N/exe' (run as root).\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! `readlink $N/exe` ] ; then
|
||||
printf "\033[31mPermission denied. Requested process ID belongs to a kernel thread.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
proccheck $N
|
||||
echo
|
||||
libcheck $N
|
||||
fi
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--kernel)
|
||||
cd /proc
|
||||
printf "* Kernel protection information:\n\n"
|
||||
kernelcheck
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--fortify-file)
|
||||
if [ $have_readelf -eq 0 ] ; then
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$2" ] ; then
|
||||
printf "\033[31mError: Please provide a valid file.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
# does the file exist?
|
||||
if [ ! -e $2 ] ; then
|
||||
printf "\033[31mError: The file '$2' does not exist.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
# read permissions?
|
||||
if [ ! -r $2 ] ; then
|
||||
printf "\033[31mError: No read permissions for '$2' (run as root).\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
# ELF executable?
|
||||
out=`file $2`
|
||||
if [[ ! $out =~ ELF ]] ; then
|
||||
printf "\033[31mError: Not an ELF file: "
|
||||
file $2
|
||||
printf "\033[m\n"
|
||||
exit 1
|
||||
fi
|
||||
if [ -e /lib/libc.so.6 ] ; then
|
||||
FS_libc=/lib/libc.so.6
|
||||
elif [ -e /lib64/libc.so.6 ] ; then
|
||||
FS_libc=/lib64/libc.so.6
|
||||
elif [ -e /lib/i386-linux-gnu/libc.so.6 ] ; then
|
||||
FS_libc=/lib/i386-linux-gnu/libc.so.6
|
||||
elif [ -e /lib/x86_64-linux-gnu/libc.so.6 ] ; then
|
||||
FS_libc=/lib/x86_64-linux-gnu/libc.so.6
|
||||
else
|
||||
printf "\033[31mError: libc not found.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
FS_chk_func_libc=( $(readelf -s $FS_libc | grep _chk@@ | awk '{ print $8 }' | cut -c 3- | sed -e 's/_chk@.*//') )
|
||||
FS_functions=( $(readelf -s $2 | awk '{ print $8 }' | sed 's/_*//' | sed -e 's/@.*//') )
|
||||
|
||||
FS_libc_check
|
||||
FS_binary_check
|
||||
FS_comparison
|
||||
FS_summary
|
||||
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--fortify-proc)
|
||||
if [ $have_readelf -eq 0 ] ; then
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$2" ] ; then
|
||||
printf "\033[31mError: Please provide a valid process ID.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
if !(isNumeric "$2") ; then
|
||||
printf "\033[31mError: Please provide a valid process ID.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
cd /proc
|
||||
N=$2
|
||||
if [ -d $N ] ; then
|
||||
# read permissions?
|
||||
if [ ! -r $N/exe ] ; then
|
||||
if !(root_privs) ; then
|
||||
printf "\033[31mNo read permissions for '/proc/$N/exe' (run as root).\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! `readlink $N/exe` ] ; then
|
||||
printf "\033[31mPermission denied. Requested process ID belongs to a kernel thread.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
if [ -e /lib/libc.so.6 ] ; then
|
||||
FS_libc=/lib/libc.so.6
|
||||
elif [ -e /lib64/libc.so.6 ] ; then
|
||||
FS_libc=/lib64/libc.so.6
|
||||
elif [ -e /lib/i386-linux-gnu/libc.so.6 ] ; then
|
||||
FS_libc=/lib/i386-linux-gnu/libc.so.6
|
||||
elif [ -e /lib/x86_64-linux-gnu/libc.so.6 ] ; then
|
||||
FS_libc=/lib/x86_64-linux-gnu/libc.so.6
|
||||
else
|
||||
printf "\033[31mError: libc not found.\033[m\n\n"
|
||||
exit 1
|
||||
fi
|
||||
printf "* Process name (PID) : %s (%d)\n" `head -1 $N/status | cut -b 7-` $N
|
||||
FS_chk_func_libc=( $(readelf -s $FS_libc | grep _chk@@ | awk '{ print $8 }' | cut -c 3- | sed -e 's/_chk@.*//') )
|
||||
FS_functions=( $(readelf -s $2/exe | awk '{ print $8 }' | sed 's/_*//' | sed -e 's/@.*//') )
|
||||
|
||||
FS_libc_check
|
||||
FS_binary_check
|
||||
FS_comparison
|
||||
FS_summary
|
||||
fi
|
||||
exit 0
|
||||
;;
|
||||
|
||||
*)
|
||||
if [ "$#" != "0" ] ; then
|
||||
printf "\033[31mError: Unknown option '$1'.\033[m\n\n"
|
||||
fi
|
||||
help
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
5
tools-hardened/desktop/files/Utilities/post_gnome3_install.sh
Executable file
5
tools-hardened/desktop/files/Utilities/post_gnome3_install.sh
Executable file
|
@ -0,0 +1,5 @@
|
|||
#! /bin/bash
|
||||
|
||||
gsettings set org.gnome.settings-daemon.plugins.cursor active false
|
||||
gsettings set org.gnome.desktop.background picture-uri "file:///usr/share/backgrounds/background.jpg"
|
||||
|
43
tools-hardened/desktop/files/fluxbox-world
Normal file
43
tools-hardened/desktop/files/fluxbox-world
Normal file
|
@ -0,0 +1,43 @@
|
|||
app-admin/metalog
|
||||
app-admin/sudo
|
||||
app-admin/sysstat
|
||||
app-arch/file-roller
|
||||
app-arch/sharutils
|
||||
app-arch/unrar
|
||||
app-cdr/cdrtools
|
||||
app-editors/leafpad
|
||||
app-editors/nano
|
||||
app-editors/vim
|
||||
app-office/abiword
|
||||
app-office/gnumeric
|
||||
app-portage/gentoolkit
|
||||
app-text/tree
|
||||
mail-client/mailx
|
||||
mail-client/sylpheed
|
||||
mail-mta/postfix
|
||||
media-video/vlc
|
||||
media-gfx/ristretto
|
||||
media-sound/alsa-utils
|
||||
net-irc/hexchat
|
||||
net-misc/dhcpcd
|
||||
net-misc/openssh
|
||||
sys-apps/gradm
|
||||
sys-apps/iproute2
|
||||
sys-boot/grub
|
||||
sys-boot/syslinux
|
||||
sys-fs/btrfs-progs
|
||||
sys-fs/cryptsetup
|
||||
sys-fs/dosfstools
|
||||
sys-fs/mtools
|
||||
sys-fs/squashfs-tools
|
||||
sys-fs/eudev
|
||||
sys-kernel/linux-firmware
|
||||
sys-power/cpufrequtils
|
||||
sys-process/at
|
||||
sys-process/fcron
|
||||
www-client/firefox
|
||||
x11-base/xorg-server
|
||||
x11-misc/slim
|
||||
x11-terms/xfce4-terminal
|
||||
x11-wm/fluxbox
|
||||
xfce-base/thunar
|
2
tools-hardened/desktop/files/fstab
Normal file
2
tools-hardened/desktop/files/fstab
Normal file
|
@ -0,0 +1,2 @@
|
|||
tmpfs / tmpfs size=4000m,nr_inodes=1m 0 1
|
||||
shm /dev/shm tmpfs nodev,nosuid,noexec 0 0
|
32
tools-hardened/desktop/files/gnome-world
Normal file
32
tools-hardened/desktop/files/gnome-world
Normal file
|
@ -0,0 +1,32 @@
|
|||
app-admin/metalog
|
||||
app-admin/sudo
|
||||
app-admin/sysstat
|
||||
app-arch/sharutils
|
||||
app-cdr/cdrtools
|
||||
app-editors/nano
|
||||
app-editors/vim
|
||||
app-office/abiword
|
||||
app-office/gnumeric
|
||||
app-portage/gentoolkit
|
||||
app-text/tree
|
||||
gnome-base/gnome
|
||||
mail-client/mailx
|
||||
mail-mta/postfix
|
||||
media-sound/alsa-utils
|
||||
net-misc/dhcpcd
|
||||
net-misc/openssh
|
||||
sys-apps/gradm
|
||||
sys-apps/iproute2
|
||||
sys-boot/grub
|
||||
sys-boot/syslinux
|
||||
sys-fs/btrfs-progs
|
||||
sys-fs/cryptsetup
|
||||
sys-fs/dosfstools
|
||||
sys-fs/mtools
|
||||
sys-fs/squashfs-tools
|
||||
sys-kernel/linux-firmware
|
||||
sys-power/cpufrequtils
|
||||
sys-process/at
|
||||
sys-process/fcron
|
||||
www-client/firefox
|
||||
x11-base/xorg-server
|
1
tools-hardened/desktop/files/kernel-config
Symbolic link
1
tools-hardened/desktop/files/kernel-config
Symbolic link
|
@ -0,0 +1 @@
|
|||
3.13.5-hardened.config
|
4
tools-hardened/desktop/files/locale/02locale
Normal file
4
tools-hardened/desktop/files/locale/02locale
Normal file
|
@ -0,0 +1,4 @@
|
|||
# Configuration file for eselect
|
||||
# This file has been automatically generated.
|
||||
LANG="en_US.utf8"
|
||||
LC_COLLATE="C"
|
31
tools-hardened/desktop/files/locale/locale.gen
Normal file
31
tools-hardened/desktop/files/locale/locale.gen
Normal file
|
@ -0,0 +1,31 @@
|
|||
# /etc/locale.gen: list all of the locales you want to have on your system
|
||||
#
|
||||
# The format of each line:
|
||||
# <locale> <charmap>
|
||||
#
|
||||
# Where <locale> is a locale located in /usr/share/i18n/locales/ and
|
||||
# where <charmap> is a charmap located in /usr/share/i18n/charmaps/.
|
||||
#
|
||||
# All blank lines and lines starting with # are ignored.
|
||||
#
|
||||
# For the default list of supported combinations, see the file:
|
||||
# /usr/share/i18n/SUPPORTED
|
||||
#
|
||||
# Whenever glibc is emerged, the locales listed here will be automatically
|
||||
# rebuilt for you. After updating this file, you can simply run `locale-gen`
|
||||
# yourself instead of re-emerging glibc.
|
||||
|
||||
#en_US ISO-8859-1
|
||||
en_US.UTF-8 UTF-8
|
||||
#ja_JP.EUC-JP EUC-JP
|
||||
ja_JP.UTF-8 UTF-8
|
||||
#ja_JP EUC-JP
|
||||
#en_HK ISO-8859-1
|
||||
#en_PH ISO-8859-1
|
||||
#de_DE ISO-8859-1
|
||||
#de_DE@euro ISO-8859-15
|
||||
#es_MX ISO-8859-1
|
||||
fa_IR UTF-8
|
||||
#fr_FR ISO-8859-1
|
||||
#fr_FR@euro ISO-8859-15
|
||||
#it_IT ISO-8859-1
|
24
tools-hardened/desktop/files/portage/make.gnome.1
Normal file
24
tools-hardened/desktop/files/portage/make.gnome.1
Normal file
|
@ -0,0 +1,24 @@
|
|||
CFLAGS="-O2 -pipe"
|
||||
CXXFLAGS="${CFLAGS}"
|
||||
CHOST="x86_64-pc-linux-gnu"
|
||||
#MAKEOPTS="-j9"
|
||||
#
|
||||
USE="mmx sse sse2 ipv6 loop-aes static-libs"
|
||||
#USE="${USE} bindist suid"
|
||||
USE="${USE} suid mudflap -bindist"
|
||||
USE="${USE} X -xorg kdrive gnome gnome-shell cairo dbus dconf device-mapper fam gd gtk gtk3 gdu gudev hwdb udisks icu -systemd -openrc libnotify xa"
|
||||
USE="${USE} ads -client avahi autoipd eds ldap mbox mdnsresponder-compat policykit -consolekit samba sqlite winbind"
|
||||
USE="${USE} cdr cdda dvdr"
|
||||
USE="${USE} cups extras ppds"
|
||||
USE="${USE} exif gif jpeg jpeg2k mng apng png raw svg tiff wmf"
|
||||
USE="${USE} a52 alsa dvb dvd esd ffmpeg flac gstreamer lame mad mpeg ogg theora vorbis xv aac mp3 speex twolame pulseaudio"
|
||||
USE="${USE} python perl vala"
|
||||
#
|
||||
INPUT_DEVICES="evdev keyboard mouse acecad aiptek elographics fpit joystick penmount synaptics vmmouse void wacom"
|
||||
VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident v4l vesa via vmware apm ark ast chips cirrus epson fglrx i128 rendition s3 s3virge siliconmotion sisusb tga tseng"
|
||||
|
||||
# Set PORTDIR for backward compatibility with various tools:
|
||||
# gentoo-bashcomp - bug #478444
|
||||
# euse - bug #474574
|
||||
# euses and ufed - bug #478318
|
||||
PORTDIR="/usr/portage"
|
24
tools-hardened/desktop/files/portage/make.gnome.2
Normal file
24
tools-hardened/desktop/files/portage/make.gnome.2
Normal file
|
@ -0,0 +1,24 @@
|
|||
CFLAGS="-O2 -pipe"
|
||||
CXXFLAGS="${CFLAGS}"
|
||||
CHOST="x86_64-pc-linux-gnu"
|
||||
#MAKEOPTS="-j9"
|
||||
#
|
||||
USE="mmx sse sse2 ipv6 loop-aes static-libs"
|
||||
#USE="${USE} bindist suid"
|
||||
USE="${USE} suid mudflap bindist"
|
||||
USE="${USE} X xorg kdrive gnome gnome-shell cairo dbus dconf device-mapper fam gd gtk gtk3 gdu gudev hwdb udisks icu systemd -openrc libnotify xa"
|
||||
USE="${USE} ads -client avahi autoipd eds ldap mbox mdnsresponder-compat policykit -consolekit samba sqlite winbind"
|
||||
USE="${USE} cdr cdda dvdr"
|
||||
USE="${USE} cups extras ppds"
|
||||
USE="${USE} exif gif jpeg jpeg2k mng apng png raw svg tiff wmf"
|
||||
USE="${USE} a52 alsa dvb dvd esd ffmpeg flac gstreamer lame mad mpeg ogg theora vorbis xv aac mp3 speex twolame pulseaudio"
|
||||
USE="${USE} python perl vala"
|
||||
#
|
||||
INPUT_DEVICES="evdev keyboard mouse acecad aiptek elographics fpit joystick penmount synaptics vmmouse void wacom"
|
||||
VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident v4l vesa via vmware apm ark ast chips cirrus epson fglrx i128 rendition s3 s3virge siliconmotion sisusb tga tseng"
|
||||
|
||||
# Set PORTDIR for backward compatibility with various tools:
|
||||
# gentoo-bashcomp - bug #478444
|
||||
# euse - bug #474574
|
||||
# euses and ufed - bug #478318
|
||||
PORTDIR="/usr/portage"
|
24
tools-hardened/desktop/files/portage/make.xfce4.1
Normal file
24
tools-hardened/desktop/files/portage/make.xfce4.1
Normal file
|
@ -0,0 +1,24 @@
|
|||
CFLAGS="-O2 -pipe"
|
||||
CXXFLAGS="${CFLAGS}"
|
||||
CHOST="x86_64-pc-linux-gnu"
|
||||
#MAKEOPTS="-j9"
|
||||
#
|
||||
USE="mmx sse sse2 ipv6 loop-aes static-libs"
|
||||
#USE="${USE} bindist suid"
|
||||
USE="${USE} suid mudflap bindist"
|
||||
USE="${USE} X -xorg kdrive -gnome cairo dbus dconf device-mapper fam gd gtk gtk3 gdu gudev hwdb udisks icu openrc libnotify xa thunar"
|
||||
USE="${USE} ads -client avahi autoipd eds ldap mbox mdnsresponder-compat policykit consolekit samba sqlite winbind"
|
||||
USE="${USE} cdr cdda dvdr"
|
||||
USE="${USE} cups extras ppds"
|
||||
USE="${USE} exif gif jpeg jpeg2k mng apng png raw svg tiff wmf"
|
||||
USE="${USE} a52 alsa dvb dvd esd ffmpeg flac gstreamer lame mad mpeg ogg theora vorbis xv aac mp3 speex twolame pulseaudio"
|
||||
USE="${USE} python perl vala"
|
||||
#
|
||||
INPUT_DEVICES="evdev keyboard mouse acecad aiptek elographics fpit joystick penmount synaptics vmmouse void wacom"
|
||||
VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident v4l vesa via vmware apm ark ast chips cirrus epson fglrx i128 rendition s3 s3virge siliconmotion sisusb tga tseng"
|
||||
|
||||
# Set PORTDIR for backward compatibility with various tools:
|
||||
# gentoo-bashcomp - bug #478444
|
||||
# euse - bug #474574
|
||||
# euses and ufed - bug #478318
|
||||
PORTDIR="/usr/portage"
|
24
tools-hardened/desktop/files/portage/make.xfce4.2
Normal file
24
tools-hardened/desktop/files/portage/make.xfce4.2
Normal file
|
@ -0,0 +1,24 @@
|
|||
CFLAGS="-O2 -pipe"
|
||||
CXXFLAGS="${CFLAGS}"
|
||||
CHOST="x86_64-pc-linux-gnu"
|
||||
#MAKEOPTS="-j9"
|
||||
#
|
||||
USE="mmx sse sse2 ipv6 loop-aes static-libs"
|
||||
#USE="${USE} bindist suid"
|
||||
USE="${USE} suid mudflap bindist"
|
||||
USE="${USE} X xorg kdrive -gnome cairo dbus dconf device-mapper fam gd gtk gtk3 gdu gudev hwdb udisks icu openrc libnotify xa thunar"
|
||||
USE="${USE} ads -client avahi autoipd eds ldap mbox mdnsresponder-compat policykit consolekit samba sqlite winbind"
|
||||
USE="${USE} cdr cdda dvdr"
|
||||
USE="${USE} cups extras ppds"
|
||||
USE="${USE} exif gif jpeg jpeg2k mng apng png raw svg tiff wmf"
|
||||
USE="${USE} a52 alsa dvb dvd esd ffmpeg flac gstreamer lame mad mpeg ogg theora vorbis xv aac mp3 speex twolame pulseaudio"
|
||||
USE="${USE} python perl vala"
|
||||
#
|
||||
INPUT_DEVICES="evdev keyboard mouse acecad aiptek elographics fpit joystick penmount synaptics vmmouse void wacom"
|
||||
VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident v4l vesa via vmware apm ark ast chips cirrus epson fglrx i128 rendition s3 s3virge siliconmotion sisusb tga tseng"
|
||||
|
||||
# Set PORTDIR for backward compatibility with various tools:
|
||||
# gentoo-bashcomp - bug #478444
|
||||
# euse - bug #474574
|
||||
# euses and ufed - bug #478318
|
||||
PORTDIR="/usr/portage"
|
|
@ -0,0 +1 @@
|
|||
sys-kernel/hardened-sources ~amd64
|
10
tools-hardened/desktop/files/portage/package.gnome.use
Normal file
10
tools-hardened/desktop/files/portage/package.gnome.use
Normal file
|
@ -0,0 +1,10 @@
|
|||
x11-libs/libdrm libkms
|
||||
virtual/udev -static-libs
|
||||
sys-fs/lvm2 -static-libs
|
||||
sys-fs/cryptsetup -static-libs
|
||||
media-sound/cdparanoia -static-libs
|
||||
net-misc/openssh -bindist
|
||||
dev-libs/openssl -bindist
|
||||
x11-base/xorg-server xorg
|
||||
sys-libs/zlib minizip
|
||||
x11-libs/cairo opengl
|
|
@ -0,0 +1,3 @@
|
|||
sys-kernel/hardened-sources ~amd64
|
||||
xfce-extra/xfce4-composite-editor ~amd64
|
||||
xfce-extra/xfce-theme-manager ~amd64
|
8
tools-hardened/desktop/files/portage/package.xfce4.use
Normal file
8
tools-hardened/desktop/files/portage/package.xfce4.use
Normal file
|
@ -0,0 +1,8 @@
|
|||
x11-libs/libdrm libkms
|
||||
virtual/udev -static-libs
|
||||
sys-fs/lvm2 -static-libs
|
||||
sys-fs/cryptsetup -static-libs
|
||||
media-sound/cdparanoia -static-libs
|
||||
x11-base/xorg-server xorg
|
||||
sys-libs/zlib minizip
|
||||
x11-libs/cairo opengl
|
1
tools-hardened/desktop/files/portage/profile/package.use
Normal file
1
tools-hardened/desktop/files/portage/profile/package.use
Normal file
|
@ -0,0 +1 @@
|
|||
x11-drivers/ati-drivers -modules
|
|
@ -0,0 +1,7 @@
|
|||
[DEFAULT]
|
||||
main-repo = gentoo
|
||||
|
||||
[gentoo]
|
||||
location = /usr/portage
|
||||
sync-type = rsync
|
||||
sync-uri = rsync://rsync.gentoo.org/gentoo-portage
|
5
tools-hardened/desktop/files/resolv.conf
Normal file
5
tools-hardened/desktop/files/resolv.conf
Normal file
|
@ -0,0 +1,5 @@
|
|||
# Add your own name server here.
|
||||
# This is only for the build. It
|
||||
# will be removed in the final image.
|
||||
nameserver 209.18.47.61
|
||||
nameserver 209.18.47.62
|
92
tools-hardened/desktop/files/usermenu
Normal file
92
tools-hardened/desktop/files/usermenu
Normal file
|
@ -0,0 +1,92 @@
|
|||
[begin] (Fluxbox 1.3.2)
|
||||
[encoding] {UTF-8}
|
||||
[exec] (xfce4-terminal) {xfce4-terminal}
|
||||
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/utilities-terminal.xpm>
|
||||
[submenu] (Terminals)
|
||||
[exec] (xfce4-terminal) {xfce4-terminal}
|
||||
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/utilities-terminal.xpm>
|
||||
[end]
|
||||
[submenu] (Net)
|
||||
[submenu] (Browsers)
|
||||
[exec] (firefox) {firefox}
|
||||
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/firefox.xpm>
|
||||
[end]
|
||||
[submenu] (Mail)
|
||||
[exec] (sylpheed) {sylpheed}
|
||||
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/sylpheed.xpm>
|
||||
[end]
|
||||
[submenu] (IRC client)
|
||||
[exec] (hexchat) {hexchat}
|
||||
[end]
|
||||
[end]
|
||||
[submenu] (Editors)
|
||||
[exec] (leafpad) {leafpad}
|
||||
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/accessories-text-editor.xpm>
|
||||
[exec] (nano) {xfce4-terminal -e nano}
|
||||
[exec] (vim) {xfce4-terminal -e vim}
|
||||
[exec] (vi) {xfce4-terminal -e vi}
|
||||
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/vinagre.xpm>
|
||||
[end]
|
||||
[submenu] (File utils)
|
||||
[exec] (thunar) {thunar}
|
||||
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/system-file-manager.xpm>
|
||||
|
||||
[end]
|
||||
[submenu] (Multimedia)
|
||||
[submenu] (Audio)
|
||||
[exec] (alsamixer) {xfce4-terminal -e alsamixer}
|
||||
[end]
|
||||
[submenu] (Video)
|
||||
[exec] (vlc) {vlc}
|
||||
</usr/share/icons/hicolor/48x48/apps/vlc.xpm>
|
||||
[end]
|
||||
[submenu] (Image)
|
||||
[exec] (ristretto)
|
||||
[submenu] (X-utils)
|
||||
[exec] (Reload .Xdefaults) {xrdb -load $HOME/.Xdefaults}
|
||||
[end]
|
||||
[end]
|
||||
[submenu] (Office)
|
||||
[exec] (galculator) {galculator}
|
||||
[exec] (abiword) {abiword}
|
||||
[exec] (gnumeric) {gnumeric}
|
||||
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/abiword_48.xpm>
|
||||
[end]
|
||||
[submenu] (System Tools)
|
||||
[submenu] (Burning)
|
||||
[exec] (xcdroast) {xcdroast}
|
||||
</usr/share/icons/hicolor/48x48/apps/xcdroast.xpm>
|
||||
[end]
|
||||
[exec] (porthole) {porthole}
|
||||
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/porthole-icon.xpm>
|
||||
[exec] (top) {xfce4-terminal -e top}
|
||||
[end]
|
||||
[submenu] (Fluxbox menu)
|
||||
[config] (Configure)
|
||||
[submenu] (Styles)
|
||||
[include] (/usr/share/fluxbox/menu.d/styles/)
|
||||
[end]
|
||||
[workspaces] (Workspace List)
|
||||
[submenu] (Tools)
|
||||
[exec] (Window name) {xprop WM_CLASS|cut -d \" -f 2|gxmessage
|
||||
-file - -center}
|
||||
[exec] (Screenshot - JPG) {import screenshot.jpg && display
|
||||
-resize 50% screenshot.jpg}
|
||||
[exec] (Screenshot - PNG) {import screenshot.png && display
|
||||
-resize 50% screenshot.png}
|
||||
[end]
|
||||
[submenu] (Window Managers)
|
||||
[restart] (xfce4) {xfwm4}
|
||||
[restart] (gnome) {gnome-session}
|
||||
</var/tmp/portage/x11-wm/fluxbox-1.3.2/temp/home/.fluxbox/icons/session-properties.xpm>
|
||||
[end]
|
||||
[commanddialog] (Fluxbox Command)
|
||||
[reconfig] (Reload config)
|
||||
[restart] (Restart)
|
||||
[exec] (About) {(fluxbox -v; fluxbox -info | sed 1d) | gxmessage
|
||||
-file - -center}
|
||||
[separator]
|
||||
[exit] (Exit)
|
||||
[end]
|
||||
[endencoding]
|
||||
[end]
|
62
tools-hardened/desktop/files/xfce4-world
Normal file
62
tools-hardened/desktop/files/xfce4-world
Normal file
|
@ -0,0 +1,62 @@
|
|||
app-admin/metalog
|
||||
app-admin/sudo
|
||||
app-admin/sysstat
|
||||
app-arch/file-roller
|
||||
app-arch/sharutils
|
||||
app-arch/unrar
|
||||
app-cdr/cdrtools
|
||||
app-editors/leafpad
|
||||
app-editors/nano
|
||||
app-editors/vim
|
||||
app-office/abiword
|
||||
app-office/gnumeric
|
||||
app-portage/gentoolkit
|
||||
app-text/tree
|
||||
mail-client/mailx
|
||||
mail-client/sylpheed
|
||||
mail-mta/postfix
|
||||
media-video/vlc
|
||||
media-gfx/ristretto
|
||||
media-sound/alsa-utils
|
||||
net-irc/hexchat
|
||||
net-misc/dhcpcd
|
||||
net-misc/openssh
|
||||
sci-calculators/galculator
|
||||
sys-apps/gradm
|
||||
sys-apps/iproute2
|
||||
sys-apps/pciutils
|
||||
sys-boot/grub
|
||||
sys-boot/syslinux
|
||||
sys-fs/btrfs-progs
|
||||
sys-fs/cryptsetup
|
||||
sys-fs/dosfstools
|
||||
sys-fs/mtools
|
||||
sys-fs/squashfs-tools
|
||||
sys-fs/eudev
|
||||
sys-kernel/linux-firmware
|
||||
sys-power/cpufrequtils
|
||||
sys-process/at
|
||||
sys-process/cronie
|
||||
www-client/firefox
|
||||
x11-base/xorg-server
|
||||
x11-misc/slim
|
||||
x11-terms/xfce4-terminal
|
||||
xfce-base/thunar
|
||||
xfce-base/xfce4-meta
|
||||
xfce-extra/thunar-archive-plugin
|
||||
xfce-extra/tumbler
|
||||
xfce-extra/xfce-theme-manager
|
||||
xfce-extra/xfce4-composite-editor
|
||||
xfce-extra/xfce4-cpufreq-plugin
|
||||
xfce-extra/xfce4-cpugraph-plugin
|
||||
xfce-extra/xfce4-datetime-plugin
|
||||
xfce-extra/xfce4-diskperf-plugin
|
||||
xfce-extra/xfce4-mixer
|
||||
xfce-extra/xfce4-notes-plugin
|
||||
xfce-extra/xfce4-places-plugin
|
||||
xfce-extra/xfce4-screenshooter
|
||||
xfce-extra/xfce4-systemload-plugin
|
||||
xfce-extra/xfce4-taskmanager
|
||||
xfce-extra/xfce4-weather-plugin
|
||||
xfce-extra/xfce4-whiskermenu-plugin
|
||||
xfce-base/xfconf
|
211
tools-hardened/desktop/fluxbox-run.sh
Executable file
211
tools-hardened/desktop/fluxbox-run.sh
Executable file
|
@ -0,0 +1,211 @@
|
|||
#!/bin/bash
|
||||
|
||||
ARCH=${ARCH:-"amd64"}
|
||||
ROOTFS="th-${ARCH}-fluxbox"
|
||||
|
||||
PWD="$(pwd)"
|
||||
STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"
|
||||
LAYMAN="/var/lib/layman"
|
||||
KERNEL_SOURCE="/usr/src/linux-tinhat"
|
||||
|
||||
|
||||
unpack_stage3() {
|
||||
mkdir "${ROOTFS}"
|
||||
tar -x -C "${ROOTFS}" -f "${STAGE3}"
|
||||
}
|
||||
|
||||
mount_dirs() {
|
||||
mkdir "${ROOTFS}"/usr/portage/
|
||||
mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
|
||||
mount --bind /proc/ "${ROOTFS}"/proc/
|
||||
mount --bind /dev/ "${ROOTFS}"/dev/
|
||||
mount --bind /dev/pts "${ROOTFS}"/dev/pts/
|
||||
mount -t tmpfs shm "${ROOTFS}"/dev/shm
|
||||
mount --bind /sys/ "${ROOTFS}"/sys/
|
||||
}
|
||||
|
||||
populate_etc() {
|
||||
cp -f files/fstab "${ROOTFS}"/etc/fstab
|
||||
cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
|
||||
|
||||
rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
|
||||
cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
|
||||
cp -f files/portage/package.gnome.accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
|
||||
cp -f files/portage/package.xfce4.use "${ROOTFS}"/etc/portage/package.use
|
||||
cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
|
||||
cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
|
||||
}
|
||||
|
||||
rebuild_toolchain() {
|
||||
cp -f toolchain.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/toolchain.sh
|
||||
rm -f "${ROOTFS}"/tmp/toolchain.sh
|
||||
}
|
||||
|
||||
rebuild_world() {
|
||||
cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
|
||||
cp -f files/fluxbox-world "${ROOTFS}"/var/lib/portage/world
|
||||
cp -f rebuild.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/rebuild.sh
|
||||
rm -f "${ROOTFS}"/tmp/rebuild.sh
|
||||
}
|
||||
|
||||
|
||||
update_world() {
|
||||
cp -f files/portage/make.xfce4.2 "${ROOTFS}"/etc/portage/make.conf
|
||||
cp -f update.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/update.sh
|
||||
rm -f "${ROOTFS}"/tmp/update.sh
|
||||
}
|
||||
|
||||
build_kernel() {
|
||||
local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
|
||||
mkdir -p "${ROOTFS}"/boot
|
||||
|
||||
genkernel \
|
||||
--kernel-config=files/kernel-config \
|
||||
--makeopts=-j9 \
|
||||
--static \
|
||||
--symlink \
|
||||
--no-mountboot \
|
||||
--kerneldir="${KERNEL_SOURCE}" \
|
||||
--bootdir="${PWD}"/"${ROOTFS}"/boot/ \
|
||||
all
|
||||
|
||||
#for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
|
||||
# objcopy --strip-unneeded $i
|
||||
#done
|
||||
rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
|
||||
wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
|
||||
tar -x -C "${PWD}"/files -f th-boot.tar.gz
|
||||
cp -Rf files/th-boot/grub "${ROOTFS}"/boot
|
||||
rm -f "${PWD}"/th-boot.tar.gz
|
||||
}
|
||||
|
||||
setup_initrc() {
|
||||
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
|
||||
chroot "${ROOTFS}"/ rc-update add acpid boot
|
||||
chroot "${ROOTFS}"/ rc-update add alsasound boot
|
||||
chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
|
||||
chroot "${ROOTFS}"/ rc-update add device-mapper boot
|
||||
chroot "${ROOTFS}"/ rc-update add lvm boot
|
||||
chroot "${ROOTFS}"/ rc-update add udev boot
|
||||
chroot "${ROOTFS}"/ rc-update add cupsd default
|
||||
chroot "${ROOTFS}"/ rc-update add cronie default
|
||||
chroot "${ROOTFS}"/ rc-update add net.eth0 default
|
||||
chroot "${ROOTFS}"/ rc-update add postfix default
|
||||
chroot "${ROOTFS}"/ rc-update add sshd default
|
||||
chroot "${ROOTFS}"/ rc-update add xdm default
|
||||
chroot "${ROOTFS}"/ rc-update add avahi-daemon default
|
||||
chroot "${ROOTFS}"/ rc-update add dbus default
|
||||
chroot "${ROOTFS}"/ rc-update add samba default
|
||||
chroot "${ROOTFS}"/ rc-update add syslog-ng default
|
||||
chroot "${ROOTFS}"/ rc-update add udev-postmount default
|
||||
chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
|
||||
chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
|
||||
}
|
||||
|
||||
setup_usergroups() {
|
||||
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
|
||||
|
||||
cp -f passwd.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/passwd.sh
|
||||
rm -f "${ROOTFS}"/tmp/passwd.sh
|
||||
|
||||
rm -rf "${ROOTFS}"/etc/skel
|
||||
cp -a thuser "${ROOTFS}"/etc/skel
|
||||
|
||||
cp -f files/usermenu "${ROOTFS}"/usr/share/fluxbox/
|
||||
sed -i 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/etc/skel/.xinitrc
|
||||
mkdir -p "${ROOTFS}"/etc/skel/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
|
||||
chmod 700 "${ROOTFS}"/etc/skel/.ssh
|
||||
wget -O "${ROOTFS}"/etc/skel/.config/dconf/user "${DCONF_LOCAL}"
|
||||
wget -O "${ROOTFS}"/etc/skel/.cache/dconf/user "${DCONF_LOCAL}"
|
||||
|
||||
rm -rf "${ROOTFS}"/home/thuser
|
||||
cp -a thuser "${ROOTFS}"/home/thuser
|
||||
sed -i -e 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/home/thuser/.xinitrc
|
||||
cp -f files/usermenu "${ROOTFS}"/home/thuser/.fluxbox/my-menu
|
||||
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
|
||||
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_gnome3_install.sh
|
||||
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
|
||||
chmod 700 "${ROOTFS}"/home/thuser/.ssh
|
||||
wget -O "${ROOTFS}"/home/thuser/.config/dconf/user "${DCONF_LOCAL}"
|
||||
wget -O "${ROOTFS}"/home/thuser/.cache/dconf/user "${DCONF_LOCAL}"
|
||||
|
||||
chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser
|
||||
sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers
|
||||
sed -i 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/etc/skel/.xinitrc
|
||||
}
|
||||
|
||||
setup_confs() {
|
||||
local IMAGE="http://dev.gentoo.org/~blueness/lilblue/gentoo1600x1200.jpg"
|
||||
|
||||
sed -i 's/^\(DISPLAYMANAGER="\)xdm/\1slim/' "${ROOTFS}"/etc/conf.d/xdm
|
||||
sed -i 's/^\(login.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
|
||||
sed -i '/# login_cmd.*Xsession/ a\login_cmd exec /bin/bash -login ~/.xinitrc' "${ROOTFS}"/etc/slim.conf
|
||||
sed -i 's/^\(sessiondir.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
|
||||
sed -i '/# sessiondir.*/ a\sessiondir /etc/X11/Sessions' "${ROOTFS}"/etc/slim.conf
|
||||
sed -i 's/^session\.menuFile.*./session\.menuFile: \~\/.fluxbox\/my-menu/' "${ROOTFS}"/usr/share/fluxbox/init
|
||||
wget -O "${ROOTFS}"/usr/share/backgrounds/background.jpg "${IMAGE}"
|
||||
|
||||
sed -i '/^SYNC/d' "${ROOTFS}"/etc/portage/make.conf
|
||||
sed -i '/^GENTOO_MIRRORS/d' "${ROOTFS}"/etc/portage/make.conf
|
||||
sed -i 's/^MAKEOPTS/#MAKEOPTS/' "${ROOTFS}"/etc/portage/make.conf
|
||||
sed -i 's/^exec \/sbin\/*.*/exec \/sbin\/switch_root \/mnt\/tmpfs \/sbin\/init/' configs/init
|
||||
sed -i 's/^clock=\"*.*\"$/clock=\"local\"/' "${ROOTFS}"/etc/conf.d/hwclock
|
||||
|
||||
cp -a files/locale/locale.gen "${ROOTFS}"/etc/
|
||||
chroot "${ROOTFS}"/ locale-gen
|
||||
chroot "${ROOTFS}"/ eselect locale set 3
|
||||
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
|
||||
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
|
||||
# NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1
|
||||
#sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
|
||||
}
|
||||
|
||||
cleanup_dirs() {
|
||||
rm -rf "${ROOTFS}"/tmp/*
|
||||
rm -rf "${ROOTFS}"/var/cache/*
|
||||
rm -rf "${ROOTFS}"/var/log/*
|
||||
rm -rf "${ROOTFS}"/var/tmp/*
|
||||
rm -rf "${ROOTFS}"/etc/resolv.conf
|
||||
rm -rf "${ROOTFS}"/etc/ssh/*key*
|
||||
rm -rf "${ROOTFS}"/root/.viminfo
|
||||
for i in ${ROOTFS}/root/.bash_history ; do >$i; done
|
||||
find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
|
||||
}
|
||||
|
||||
unmount_dirs() {
|
||||
umount "${ROOTFS}"/sys/
|
||||
umount "${ROOTFS}"/dev/shm
|
||||
umount "${ROOTFS}"/dev/pts/
|
||||
umount "${ROOTFS}"/dev/
|
||||
umount "${ROOTFS}"/proc/
|
||||
umount "${ROOTFS}"/usr/portage/
|
||||
|
||||
mkdir "${ROOTFS}"/usr/portage/profiles/
|
||||
echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
|
||||
}
|
||||
|
||||
make_iso() {
|
||||
MYROOT="${ROOTFS}" ./make.sh
|
||||
}
|
||||
|
||||
main() {
|
||||
unpack_stage3
|
||||
mount_dirs
|
||||
populate_etc
|
||||
rebuild_toolchain
|
||||
rebuild_world
|
||||
update_world
|
||||
build_kernel
|
||||
setup_initrc
|
||||
setup_usergroups
|
||||
setup_confs
|
||||
cleanup_dirs
|
||||
unmount_dirs
|
||||
make_iso
|
||||
}
|
||||
|
||||
main > fluxbox-${ARCH}-build.log 2>&1 &
|
193
tools-hardened/desktop/gnome3-run.sh
Executable file
193
tools-hardened/desktop/gnome3-run.sh
Executable file
|
@ -0,0 +1,193 @@
|
|||
#!/bin/bash
|
||||
|
||||
ARCH=${ARCH:-"amd64"}
|
||||
ROOTFS="th-${ARCH}-gnome"
|
||||
|
||||
PWD="$(pwd)"
|
||||
STAGE3="/var/tmp/catalyst/builds/hardened/amd64/stage3-amd64-hardened-latest.tar.bz2"
|
||||
LAYMAN="/var/lib/layman"
|
||||
KERNEL_SOURCE="/usr/src/linux-tinhat"
|
||||
|
||||
|
||||
unpack_stage3() {
|
||||
mkdir "${ROOTFS}"
|
||||
tar -x -C "${ROOTFS}" -f "${STAGE3}"
|
||||
}
|
||||
|
||||
mount_dirs() {
|
||||
mkdir "${ROOTFS}"/usr/portage/
|
||||
mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
|
||||
mount --bind /proc/ "${ROOTFS}"/proc/
|
||||
mount --bind /dev/ "${ROOTFS}"/dev/
|
||||
mount --bind /dev/pts "${ROOTFS}"/dev/pts/
|
||||
mount -t tmpfs shm "${ROOTFS}"/dev/shm
|
||||
mount --bind /sys/ "${ROOTFS}"/sys/
|
||||
}
|
||||
|
||||
populate_etc() {
|
||||
cp -f files/fstab "${ROOTFS}"/etc/fstab
|
||||
cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
|
||||
|
||||
rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
|
||||
cp -f files/portage/make.gnome.1 "${ROOTFS}"/etc/portage/make.conf
|
||||
|
||||
cp -f files/portage/package.gnome.accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
|
||||
cp -f files/portage/package.gnome.use "${ROOTFS}"/etc/portage/package.use
|
||||
cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
|
||||
cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
|
||||
}
|
||||
|
||||
rebuild_toolchain() {
|
||||
cp -f toolchain.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/toolchain.sh
|
||||
rm -f "${ROOTFS}"/tmp/toolchain.sh
|
||||
}
|
||||
|
||||
rebuild_world() {
|
||||
cp -f files/gnome-world "${ROOTFS}"/var/lib/portage/world
|
||||
cp -f rebuild.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/rebuild.sh
|
||||
rm -f "${ROOTFS}"/tmp/rebuild.sh
|
||||
}
|
||||
|
||||
|
||||
update_world() {
|
||||
cp -f files/portage/make.gnome.2 "${ROOTFS}"/etc/portage/make.conf
|
||||
|
||||
cp -f update.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/update.sh
|
||||
rm -f "${ROOTFS}"/tmp/update.sh
|
||||
}
|
||||
|
||||
build_kernel() {
|
||||
local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
|
||||
mkdir -p "${ROOTFS}"/boot
|
||||
|
||||
genkernel \
|
||||
--kernel-config=files/kernel-config \
|
||||
--makeopts=-j9 \
|
||||
--static \
|
||||
--symlink \
|
||||
--no-mountboot \
|
||||
--kerneldir="${KERNEL_SOURCE}" \
|
||||
--bootdir="${PWD}"/"${ROOTFS}"/boot/ \
|
||||
all
|
||||
|
||||
#for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
|
||||
# objcopy --strip-unneeded $i
|
||||
# done
|
||||
rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
|
||||
wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
|
||||
tar -x -C "${PWD}"/files -f th-boot.tar.gz
|
||||
cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
|
||||
rm -f "${PWD}"/th-boot.tar.gz
|
||||
}
|
||||
|
||||
setup_systemd() {
|
||||
ln -sf /proc/self/mounts /etc/mtab
|
||||
sed -i -e 's/# GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
|
||||
chroot "${ROOTFS}"/ systemctl enable avahi-daemon.service
|
||||
chroot "${ROOTFS}"/ systemctl enable bluetooth.service
|
||||
chroot "${ROOTFS}"/ systemctl enable cups.service
|
||||
chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
|
||||
chroot "${ROOTFS}"/ systemctl enable cronie.service
|
||||
chroot "${ROOTFS}"/ systemctl enable gdm.service
|
||||
chroot "${ROOTFS}"/ systemctl enable metalog.service
|
||||
chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
|
||||
chroot "${ROOTFS}"/ systemctl enable postfix.service
|
||||
chroot "${ROOTFS}"/ systemctl enable smbd.service
|
||||
chroot "${ROOTFS}"/ systemctl enable sshd.service
|
||||
#chroot "${ROOTFS}"/ systemctl enable udev.service
|
||||
#chroot "${ROOTFS}"/ systemctl enable udev-settle.service
|
||||
#chroot "${ROOTFS}"/ systemctl enable udev-trigger.service
|
||||
}
|
||||
|
||||
setup_usergroups() {
|
||||
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
|
||||
|
||||
cp -f passwd.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/passwd.sh
|
||||
rm -f "${ROOTFS}"/tmp/passwd.sh
|
||||
|
||||
rm -rf "${ROOTFS}"/etc/skel
|
||||
cp -a thuser "${ROOTFS}"/etc/skel
|
||||
mkdir -p "${ROOTFS}"/etc/skel/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
|
||||
chmod 700 "${ROOTFS}"/etc/skel/.ssh
|
||||
wget -O "${ROOTFS}"/etc/skel/.config/dconf/user "${DCONF_LOCAL}"
|
||||
wget -O "${ROOTFS}"/etc/skel/.cache/dconf/user "${DCONF_LOCAL}"
|
||||
|
||||
rm -rf "${ROOTFS}"/home/thuser
|
||||
cp -a thuser "${ROOTFS}"/home/thuser
|
||||
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
|
||||
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_xfce4_install.sh
|
||||
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
|
||||
chmod 700 "${ROOTFS}"/home/thuser/.ssh
|
||||
wget -O "${ROOTFS}"/home/thuser/.config/dconf/user "${DCONF_LOCAL}"
|
||||
wget -O "${ROOTFS}"/home/thuser/.cache/dconf/user "${DCONF_LOCAL}"
|
||||
|
||||
chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser
|
||||
sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers
|
||||
}
|
||||
|
||||
setup_confs() {
|
||||
local IMAGE="http://dev.gentoo.org/~blueness/lilblue/gentoo1600x1200.jpg"
|
||||
|
||||
sed -i 's/^\(DISPLAYMANAGER="\)xdm/\1gdm/' "${ROOTFS}"/etc/conf.d/xdm
|
||||
|
||||
wget -O "${ROOTFS}"/usr/share/backgrounds/background.jpg "${IMAGE}"
|
||||
|
||||
sed -i '/^SYNC/d' "${ROOTFS}"/etc/portage/make.conf
|
||||
sed -i '/^GENTOO_MIRRORS/d' "${ROOTFS}"/etc/portage/make.conf
|
||||
sed -i 's/^MAKEOPTS/#MAKEOPTS/' "${ROOTFS}"/etc/portage/make.conf
|
||||
sed -i 's/^exec \/sbin\/*.*/exec \/sbin\/switch_root \/mnt\/tmpfs \/usr\/lib\/systemd\/systemd/' configs/init
|
||||
sed -i 's/^clock=\"*.*\"$/clock=\"local\"/' "${ROOTFS}"/etc/conf.d/hwclock
|
||||
|
||||
cp -a files/locale/locale.gen "${ROOTFS}"/etc/
|
||||
chroot "${ROOTFS}"/ locale-gen
|
||||
|
||||
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
|
||||
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
|
||||
# NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1
|
||||
#sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
|
||||
}
|
||||
|
||||
cleanup_dirs() {
|
||||
rm -rf "${ROOTFS}"/tmp/*
|
||||
rm -rf "${ROOTFS}"/var/log/*
|
||||
rm -rf "${ROOTFS}"/var/tmp/*
|
||||
rm -rf "${ROOTFS}"/etc/resolv.conf
|
||||
}
|
||||
|
||||
unmount_dirs() {
|
||||
umount -l "${ROOTFS}"/sys/
|
||||
umount -l "${ROOTFS}"/dev/shm
|
||||
umount -l "${ROOTFS}"/dev/pts/
|
||||
umount -l "${ROOTFS}"/dev/
|
||||
umount -l "${ROOTFS}"/proc/
|
||||
umount -l "${ROOTFS}"/usr/portage/
|
||||
|
||||
mkdir "${ROOTFS}"/usr/portage/profiles/
|
||||
echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
|
||||
}
|
||||
|
||||
make_iso() {
|
||||
MYROOT="${ROOTFS}" ./make.sh
|
||||
}
|
||||
|
||||
main() {
|
||||
unpack_stage3
|
||||
mount_dirs
|
||||
populate_etc
|
||||
rebuild_toolchain
|
||||
rebuild_world
|
||||
update_world
|
||||
build_kernel
|
||||
setup_systemd
|
||||
setup_usergroups
|
||||
setup_confs
|
||||
cleanup_dirs
|
||||
unmount_dirs
|
||||
make_iso
|
||||
}
|
||||
|
||||
main > gnome3-"${ARCH}"-build.log 2>&1 &
|
72
tools-hardened/desktop/make.sh
Executable file
72
tools-hardened/desktop/make.sh
Executable file
|
@ -0,0 +1,72 @@
|
|||
#!/bin/bash
|
||||
|
||||
WORKING=$(pwd)
|
||||
CHROOTS=${CHROOTS:-"${WORKING}"}
|
||||
MYROOT=${MYROOT:-"desktop-amd64-hardened-ramdisk"}
|
||||
|
||||
cleanup()
|
||||
{
|
||||
cd ${WORKING}
|
||||
rm -f ramdisk.iso
|
||||
rm -f tinhat.igz
|
||||
rm -rf init
|
||||
rm -rf iso
|
||||
}
|
||||
|
||||
|
||||
mkinitramfs()
|
||||
{
|
||||
local BUSYBOX="http://dev.gentoo.org/~twitch153/tinhat/busybox"
|
||||
|
||||
cd ${WORKING}
|
||||
mkdir init
|
||||
|
||||
cd init
|
||||
mkdir -p bin dev etc mnt/cdrom mnt/squashfs mnt/tmpfs proc sbin sys tmp usr/bin usr/sbin var
|
||||
|
||||
wget -O ${WORKING}/init/bin/busybox "${BUSYBOX}"
|
||||
cp ../configs/init .
|
||||
chmod 755 bin/busybox
|
||||
chmod 755 init
|
||||
|
||||
chroot . /bin/busybox --install -s
|
||||
|
||||
find . | cpio -H newc -o | gzip -9 > ../tinhat.igz
|
||||
|
||||
cd ${WORKING}
|
||||
rm -rf init
|
||||
}
|
||||
|
||||
|
||||
mkiso()
|
||||
{
|
||||
cd ${WORKING}
|
||||
mkdir -p iso/boot/grub
|
||||
|
||||
mv tinhat.igz iso/boot
|
||||
cp -L ${CHROOTS}/${MYROOT}/boot/kernel iso/boot/tinhat
|
||||
cp files/th-boot/grub/stage2_eltorito iso/boot/grub
|
||||
cp configs/menu.lst iso/boot/grub/menu.lst
|
||||
cp configs/ABOUT.html iso/ABOUT.html
|
||||
|
||||
mksquashfs ${CHROOTS}/${MYROOT} iso/tinroot -comp xz -e usr/src var/cache/edb usr/portage/distfiles
|
||||
|
||||
mkisofs -R -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 4 -boot-info-table -o ramdisk.iso iso
|
||||
|
||||
rm -rf iso
|
||||
}
|
||||
|
||||
|
||||
nameit()
|
||||
{
|
||||
DATE=$(date +%Y%m%d)
|
||||
NAME="${MYROOT}-${DATE}.iso"
|
||||
|
||||
[ -f ramdisk.iso ] && mv ramdisk.iso $NAME || echo "Can't name ramdisk.iso, I didn't find it."
|
||||
}
|
||||
|
||||
|
||||
cleanup
|
||||
mkinitramfs
|
||||
mkiso
|
||||
nameit
|
25
tools-hardened/desktop/passwd.sh
Executable file
25
tools-hardened/desktop/passwd.sh
Executable file
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash -l
|
||||
|
||||
echo root:thuser | chpasswd
|
||||
|
||||
useradd -m thuser
|
||||
gpasswd -a thuser disk
|
||||
gpasswd -a thuser wheel
|
||||
gpasswd -a thuser audio
|
||||
gpasswd -a thuser video
|
||||
gpasswd -a thuser floppy
|
||||
gpasswd -a thuser tape
|
||||
gpasswd -a thuser cdrom
|
||||
gpasswd -a thuser cdrw
|
||||
gpasswd -a thuser usb
|
||||
gpasswd -a thuser games
|
||||
|
||||
gpasswd -a portage wheel
|
||||
|
||||
echo thuser:thuser | chpasswd
|
||||
|
||||
groupadd -g 9995 graudit
|
||||
groupadd -g 9996 grslink
|
||||
groupadd -g 9997 grasock
|
||||
groupadd -g 9998 grcsock
|
||||
groupadd -g 9999 grssock
|
5
tools-hardened/desktop/rebuild.sh
Executable file
5
tools-hardened/desktop/rebuild.sh
Executable file
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash -l
|
||||
|
||||
source /etc/profile
|
||||
env-update
|
||||
emerge -evq --keep-going --with-bdeps=y world
|
6
tools-hardened/desktop/thuser/.bash_logout
Normal file
6
tools-hardened/desktop/thuser/.bash_logout
Normal file
|
@ -0,0 +1,6 @@
|
|||
# /etc/skel/.bash_logout
|
||||
|
||||
# This file is sourced when a login shell terminates.
|
||||
|
||||
# Clear the screen for security's sake.
|
||||
clear
|
5
tools-hardened/desktop/thuser/.bash_profile
Normal file
5
tools-hardened/desktop/thuser/.bash_profile
Normal file
|
@ -0,0 +1,5 @@
|
|||
# /etc/skel/.bash_profile
|
||||
|
||||
# This file is sourced by bash for login shells. The following line
|
||||
# runs your .bashrc and is recommended by the bash info pages.
|
||||
[[ -f ~/.bashrc ]] && . ~/.bashrc
|
18
tools-hardened/desktop/thuser/.bashrc
Normal file
18
tools-hardened/desktop/thuser/.bashrc
Normal file
|
@ -0,0 +1,18 @@
|
|||
# /etc/skel/.bashrc
|
||||
#
|
||||
# This file is sourced by all *interactive* bash shells on startup,
|
||||
# including some apparently interactive shells such as scp and rcp
|
||||
# that can't tolerate any output. So make sure this doesn't display
|
||||
# anything or bad things will happen !
|
||||
|
||||
|
||||
# Test for an interactive shell. There is no need to set anything
|
||||
# past this point for scp and rcp, and it's important to refrain from
|
||||
# outputting anything in those cases.
|
||||
if [[ $- != *i* ]] ; then
|
||||
# Shell is non-interactive. Be done now!
|
||||
return
|
||||
fi
|
||||
|
||||
|
||||
# Put your fun stuff here.
|
3
tools-hardened/desktop/thuser/.config/Thunar/accels.scm
Normal file
3
tools-hardened/desktop/thuser/.config/Thunar/accels.scm
Normal file
|
@ -0,0 +1,3 @@
|
|||
; Thunar GtkAccelMap rc-file -*- scheme -*-
|
||||
; this file is an automated accelerator map dump
|
||||
;
|
|
@ -0,0 +1,11 @@
|
|||
[Filechooser Settings]
|
||||
LocationMode=path-bar
|
||||
ShowHidden=false
|
||||
ShowSizeColumn=true
|
||||
GeometryX=36
|
||||
GeometryY=92
|
||||
GeometryWidth=952
|
||||
GeometryHeight=585
|
||||
SortColumn=name
|
||||
SortOrder=ascending
|
||||
StartupMode=recent
|
560
tools-hardened/desktop/thuser/.config/smplayer/smplayer.ini
Normal file
560
tools-hardened/desktop/thuser/.config/smplayer/smplayer.ini
Normal file
|
@ -0,0 +1,560 @@
|
|||
[update_checker]
|
||||
checked_date=@Variant(\0\0\0\xe\0%{\x9c)
|
||||
last_known_version=0.8.5.5487
|
||||
|
||||
[smplayer]
|
||||
stable_version=0.8.5
|
||||
check_for_new_version=true
|
||||
|
||||
[actions]
|
||||
open_file=Ctrl+F
|
||||
open_directory=
|
||||
open_playlist=
|
||||
open_vcd=
|
||||
open_audio_cd=
|
||||
open_dvd=
|
||||
open_dvd_folder=
|
||||
open_url=Ctrl+U
|
||||
close=Ctrl+X
|
||||
clear_recents=
|
||||
favorites_menu=
|
||||
tv_menu=
|
||||
edit_tv_list=
|
||||
jump_tv_list=
|
||||
next_tv=H
|
||||
previous_tv=L
|
||||
radio_menu=
|
||||
edit_radio_list=
|
||||
jump_radio_list=
|
||||
next_radio=Shift+H
|
||||
previous_radio=Shift+L
|
||||
play=
|
||||
play_or_pause=Media Play
|
||||
pause=Space
|
||||
pause_and_frame_step=
|
||||
stop=Media Stop
|
||||
frame_step=.
|
||||
rewind1=Left
|
||||
rewind2=Down
|
||||
rewind3=PgDown
|
||||
forward1=Right
|
||||
forward2=Up
|
||||
forward3=PgUp
|
||||
set_a_marker=
|
||||
set_b_marker=
|
||||
clear_ab_markers=
|
||||
repeat=
|
||||
jump_to=Ctrl+J
|
||||
normal_speed=Backspace
|
||||
halve_speed={
|
||||
double_speed=}
|
||||
dec_speed=[
|
||||
inc_speed=]
|
||||
dec_speed_4=
|
||||
inc_speed_4=
|
||||
dec_speed_1=
|
||||
inc_speed_1=
|
||||
fullscreen=F
|
||||
compact=Ctrl+C
|
||||
video_equalizer=Ctrl+E
|
||||
screenshot=S
|
||||
multiple_screenshots=Shift+D
|
||||
video_preview=
|
||||
flip=
|
||||
mirror=
|
||||
postprocessing=
|
||||
autodetect_phase=
|
||||
deblock=
|
||||
dering=
|
||||
gradfun=
|
||||
add_noise=
|
||||
add_letterbox=
|
||||
upscaling=
|
||||
audio_equalizer=
|
||||
mute=M
|
||||
decrease_volume="9, /"
|
||||
increase_volume="0, *"
|
||||
dec_audio_delay=-
|
||||
inc_audio_delay=+
|
||||
audio_delay=
|
||||
load_audio_file=
|
||||
unload_audio_file=
|
||||
extrastereo_filter=
|
||||
karaoke_filter=
|
||||
volnorm_filter=
|
||||
load_subs=
|
||||
unload_subs=
|
||||
dec_sub_delay=Z
|
||||
inc_sub_delay=X
|
||||
sub_delay=
|
||||
dec_sub_pos=R
|
||||
inc_sub_pos=T
|
||||
dec_sub_scale=Shift+R
|
||||
inc_sub_scale=Shift+T
|
||||
dec_sub_step=G
|
||||
inc_sub_step=Y
|
||||
use_ass_lib=
|
||||
use_forced_subs_only=
|
||||
subtitle_visibility=V
|
||||
show_find_sub_dialog=
|
||||
upload_subtitles=
|
||||
show_playlist=Ctrl+L
|
||||
show_file_properties=Ctrl+I
|
||||
show_preferences=Ctrl+P
|
||||
show_tube_browser=F11
|
||||
show_mplayer_log=Ctrl+M
|
||||
show_smplayer_log=Ctrl+S
|
||||
first_steps=
|
||||
faq=
|
||||
cl_options=
|
||||
check_updates=
|
||||
show_config=
|
||||
about_qt=
|
||||
about_smplayer=
|
||||
facebook=
|
||||
twitter=
|
||||
gmail=
|
||||
hotmail=
|
||||
yahoo=
|
||||
play_next=>
|
||||
play_prev=<
|
||||
move_up=Alt+Up
|
||||
move_down=Alt+Down
|
||||
move_left=Alt+Left
|
||||
move_right=Alt+Right
|
||||
inc_zoom=E
|
||||
dec_zoom=W
|
||||
reset_zoom=Shift+E
|
||||
auto_zoom=Shift+W
|
||||
zoom_169=Shift+A
|
||||
zoom_235=Shift+S
|
||||
exit_fullscreen=Esc
|
||||
next_osd=O
|
||||
dec_contrast=1
|
||||
inc_contrast=2
|
||||
dec_brightness=3
|
||||
inc_brightness=4
|
||||
dec_hue=5
|
||||
inc_hue=6
|
||||
dec_saturation=7
|
||||
inc_saturation=8
|
||||
dec_gamma=
|
||||
inc_gamma=
|
||||
next_video=
|
||||
next_audio=K
|
||||
next_subtitle=J
|
||||
next_chapter=@@
|
||||
prev_chapter=!
|
||||
toggle_double_size=Ctrl+D
|
||||
reset_video_equalizer=
|
||||
reset_audio_equalizer=
|
||||
show_context_menu=
|
||||
next_aspect=A
|
||||
next_wheel_function=
|
||||
show_filename=Shift+I
|
||||
toggle_deinterlacing=D
|
||||
osd_none=
|
||||
osd_seek=
|
||||
osd_timer=
|
||||
osd_total=
|
||||
denoise_none=
|
||||
denoise_normal=
|
||||
denoise_soft=
|
||||
unsharp_off=
|
||||
blur=
|
||||
sharpen=
|
||||
size_50=
|
||||
size_75=
|
||||
size_100=Ctrl+1
|
||||
size_125=
|
||||
size_150=
|
||||
size_175=
|
||||
size_200=Ctrl+2
|
||||
size_300=
|
||||
size_400=
|
||||
deinterlace_none=
|
||||
deinterlace_l5=
|
||||
deinterlace_yadif0=
|
||||
deinterlace_yadif1=
|
||||
deinterlace_lb=
|
||||
deinterlace_kern=
|
||||
channels_stereo=
|
||||
channels_surround=
|
||||
channels_ful51=
|
||||
channels_ful61=
|
||||
channels_ful71=
|
||||
stereo=
|
||||
left_channel=
|
||||
right_channel=
|
||||
mono=
|
||||
reverse_channels=
|
||||
aspect_detect=
|
||||
aspect_1%3A1=
|
||||
aspect_3%3A2=
|
||||
aspect_4%3A3=
|
||||
aspect_5%3A4=
|
||||
aspect_14%3A9=
|
||||
aspect_14%3A10=
|
||||
aspect_16%3A9=
|
||||
aspect_16%3A10=
|
||||
aspect_2.35%3A1=
|
||||
aspect_none=
|
||||
rotate_none=
|
||||
rotate_clockwise_flip=
|
||||
rotate_clockwise=
|
||||
rotate_counterclockwise=
|
||||
rotate_counterclockwise_flip=
|
||||
on_top_always=
|
||||
on_top_never=
|
||||
on_top_playing=
|
||||
toggle_stay_on_top=
|
||||
cc_none=
|
||||
cc_ch_1=
|
||||
cc_ch_2=
|
||||
cc_ch_3=
|
||||
cc_ch_4=
|
||||
sub_fps_none=
|
||||
sub_fps_23976=
|
||||
sub_fps_24=
|
||||
sub_fps_25=
|
||||
sub_fps_29970=
|
||||
sub_fps_30=
|
||||
dvdnav_up=Shift+Up
|
||||
dvdnav_down=Shift+Down
|
||||
dvdnav_left=Shift+Left
|
||||
dvdnav_right=Shift+Right
|
||||
dvdnav_menu=Shift+Return
|
||||
dvdnav_select=Return
|
||||
dvdnav_prev=Shift+Esc
|
||||
dvdnav_mouse=
|
||||
disc_menu=
|
||||
speed_menu=
|
||||
ab_menu=
|
||||
videotrack_menu=
|
||||
videosize_menu=
|
||||
zoom_menu=
|
||||
aspect_menu=
|
||||
deinterlace_menu=
|
||||
videofilter_menu=
|
||||
denoise_menu=
|
||||
unsharp_menu=
|
||||
rotate_menu=
|
||||
ontop_menu=
|
||||
audiotrack_menu=
|
||||
audiofilter_menu=
|
||||
audiochannels_menu=
|
||||
stereomode_menu=
|
||||
subtitlestrack_menu=
|
||||
subfps_menu=
|
||||
closed_captions_menu=
|
||||
titles_menu=
|
||||
chapters_menu=
|
||||
angles_menu=
|
||||
programtrack_menu=
|
||||
osd_menu=
|
||||
quit=Ctrl+Q
|
||||
show_tray_icon=
|
||||
restore\hide=
|
||||
pl_open=
|
||||
pl_save=
|
||||
pl_play=
|
||||
pl_next=N
|
||||
pl_prev=P
|
||||
pl_move_up=
|
||||
pl_move_down=
|
||||
pl_repeat=
|
||||
pl_shuffle=
|
||||
pl_add_current=
|
||||
pl_add_files=
|
||||
pl_add_directory=
|
||||
pl_add_urls=
|
||||
pl_remove_selected=
|
||||
pl_remove_all=
|
||||
pl_edit=
|
||||
toggle_video_info=
|
||||
toggle_frame_counter=
|
||||
edit_main_toolbar=
|
||||
edit_control1=
|
||||
edit_control2=
|
||||
edit_floating_control=
|
||||
show_main_toolbar=F5
|
||||
show_language_toolbar=F6
|
||||
|
||||
[%General]
|
||||
config_version=4
|
||||
mplayer_bin=mplayer2
|
||||
driver\vo=xv
|
||||
driver\audio_output=alsa
|
||||
use_screenshot=true
|
||||
screenshot_folder=/home/gentoo/Pictures/smplayer_screenshots
|
||||
dont_remember_media_settings=false
|
||||
dont_remember_time_pos=false
|
||||
audio_lang=
|
||||
subtitle_lang=
|
||||
use_direct_rendering=false
|
||||
use_double_buffer=true
|
||||
use_soft_video_eq=false
|
||||
use_slices=false
|
||||
autoq=6
|
||||
add_blackborders_on_fullscreen=false
|
||||
disable_screensaver=true
|
||||
vdpau_ffh264vdpau=true
|
||||
vdpau_ffmpeg12vdpau=true
|
||||
vdpau_ffwmv3vdpau=true
|
||||
vdpau_ffvc1vdpau=true
|
||||
vdpau_ffodivxvdpau=false
|
||||
vdpau_disable_video_filters=true
|
||||
use_soft_vol=true
|
||||
softvol_max=110
|
||||
use_scaletempo=-1
|
||||
use_hwac3=false
|
||||
use_audio_equalizer=true
|
||||
global_volume=true
|
||||
volume=50
|
||||
mute=false
|
||||
autosync=false
|
||||
autosync_factor=100
|
||||
use_mc=false
|
||||
mc_value=0
|
||||
osd=0
|
||||
osd_delay=2200
|
||||
file_settings_method=hash
|
||||
|
||||
[drives]
|
||||
dvd_device=
|
||||
cdrom_device=/dev/cdrom
|
||||
vcd_initial_title=2
|
||||
use_dvdnav=false
|
||||
|
||||
[performance]
|
||||
priority=2
|
||||
frame_drop=false
|
||||
hard_frame_drop=false
|
||||
coreavc=false
|
||||
h264_skip_loop_filter=1
|
||||
HD_height=720
|
||||
fast_audio_change=-1
|
||||
threads=1
|
||||
cache_for_files=2048
|
||||
cache_for_streams=2048
|
||||
cache_for_dvds=0
|
||||
cache_for_vcds=1024
|
||||
cache_for_audiocds=1024
|
||||
cache_for_tv=3000
|
||||
|
||||
[youtube]
|
||||
quality=22
|
||||
user_agent=
|
||||
|
||||
[subtitles]
|
||||
font_file=
|
||||
font_name=
|
||||
use_fontconfig=false
|
||||
subcp=ISO-8859-1
|
||||
use_enca=false
|
||||
enca_lang=
|
||||
font_autoscale=1
|
||||
subfuzziness=1
|
||||
autoload_sub=true
|
||||
use_ass_subtitles=true
|
||||
ass_line_spacing=0
|
||||
use_forced_subs_only=false
|
||||
sub_visibility=true
|
||||
subtitles_on_screenshots=false
|
||||
use_new_sub_commands=-1
|
||||
change_sub_scale_should_restart=-1
|
||||
fast_load_sub=true
|
||||
styles\fontname=Arial
|
||||
styles\fontsize=20
|
||||
styles\primarycolor=4294967295
|
||||
styles\backcolor=4278190080
|
||||
styles\outlinecolor=4278190080
|
||||
styles\bold=false
|
||||
styles\italic=false
|
||||
styles\halignment=2
|
||||
styles\valignment=0
|
||||
styles\borderstyle=1
|
||||
styles\outline=1
|
||||
styles\shadow=2
|
||||
styles\marginl=20
|
||||
styles\marginr=20
|
||||
styles\marginv=8
|
||||
force_ass_styles=false
|
||||
user_forced_ass_style=
|
||||
freetype_support=true
|
||||
|
||||
[advanced]
|
||||
color_key=20202
|
||||
use_mplayer_window=false
|
||||
monitor_aspect=
|
||||
use_idx=false
|
||||
mplayer_additional_options=
|
||||
mplayer_additional_video_filters=
|
||||
mplayer_additional_audio_filters=
|
||||
log_mplayer=true
|
||||
verbose_log=false
|
||||
autosave_mplayer_log=false
|
||||
mplayer_log_saveto=
|
||||
log_smplayer=true
|
||||
log_filter=.*
|
||||
save_smplayer_log=false
|
||||
repaint_video_background=false
|
||||
use_edl_files=true
|
||||
prefer_ipv4=true
|
||||
use_short_pathnames=false
|
||||
change_video_equalizer_on_startup=true
|
||||
use_pausing_keep_force=true
|
||||
correct_pts=-1
|
||||
actions_to_run=
|
||||
show_tag_in_window_title=true
|
||||
time_to_kill_mplayer=1000
|
||||
|
||||
[gui]
|
||||
fullscreen=false
|
||||
start_in_fullscreen=false
|
||||
compact_mode=false
|
||||
stay_on_top=0
|
||||
size_factor=100
|
||||
resize_method=0
|
||||
style=
|
||||
move_when_dragging=false
|
||||
mouse_left_click_function=dvdnav_mouse
|
||||
mouse_right_click_function=show_context_menu
|
||||
mouse_double_click_function=fullscreen
|
||||
mouse_middle_click_function=mute
|
||||
mouse_xbutton1_click_function=
|
||||
mouse_xbutton2_click_function=
|
||||
mouse_wheel_function=2
|
||||
wheel_function_cycle=30
|
||||
wheel_function_seeking_reverse=false
|
||||
seeking1=10
|
||||
seeking2=60
|
||||
seeking3=600
|
||||
seeking4=30
|
||||
update_while_seeking=false
|
||||
time_slider_drag_delay=100
|
||||
relative_seeking=false
|
||||
precise_seeking=true
|
||||
reset_stop=false
|
||||
language=
|
||||
iconset=
|
||||
balloon_count=5
|
||||
restore_pos_after_fullscreen=false
|
||||
save_window_size_on_exit=true
|
||||
close_on_finish=false
|
||||
default_font=
|
||||
pause_when_hidden=false
|
||||
allow_video_movement=false
|
||||
gui=DefaultGUI
|
||||
gui_minimum_width=0
|
||||
default_size=@Size(683 509)
|
||||
hide_video_window_on_audio_files=true
|
||||
report_mplayer_crashes=true
|
||||
reported_mplayer_is_old=false
|
||||
auto_add_to_playlist=true
|
||||
add_to_playlist_consecutive_files=false
|
||||
|
||||
[tv]
|
||||
check_channels_conf_on_startup=true
|
||||
initial_tv_deinterlace=4
|
||||
last_dvb_channel=
|
||||
last_tv_channel=
|
||||
|
||||
[directories]
|
||||
latest_dir=/home/gentoo
|
||||
last_dvd_directory=
|
||||
save_dirs=true
|
||||
|
||||
[defaults]
|
||||
initial_sub_scale=5
|
||||
initial_sub_scale_ass=1
|
||||
initial_volume=40
|
||||
initial_contrast=0
|
||||
initial_brightness=0
|
||||
initial_hue=0
|
||||
initial_saturation=0
|
||||
initial_gamma=0
|
||||
initial_audio_equalizer=0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
||||
initial_zoom_factor=1
|
||||
initial_sub_pos=100
|
||||
initial_volnorm=false
|
||||
initial_postprocessing=false
|
||||
initial_deinterlace=0
|
||||
initial_audio_channels=2
|
||||
initial_stereo_mode=0
|
||||
initial_audio_track=1
|
||||
initial_subtitle_track=1
|
||||
|
||||
[mplayer_info]
|
||||
mplayer_detected_version=-1
|
||||
mplayer_user_supplied_version=-1
|
||||
is_mplayer2=false
|
||||
mplayer2_detected_version=
|
||||
|
||||
[instances]
|
||||
single_instance_enabled=true
|
||||
|
||||
[floating_control]
|
||||
margin=0
|
||||
width=70
|
||||
animated=true
|
||||
display_in_compact_mode=false
|
||||
bypass_window_manager=true
|
||||
|
||||
[history]
|
||||
recents=@Invalid()
|
||||
recents\max_items=10
|
||||
urls=@Invalid()
|
||||
urls\max_items=50
|
||||
|
||||
[filter_options]
|
||||
blur=lc:-1.5
|
||||
deblock=vb/hb
|
||||
denoise_normal=
|
||||
denoise_soft=2:1:2
|
||||
gradfun=
|
||||
noise=9ah:5ah
|
||||
sharpen=lc:1.5
|
||||
volnorm=1
|
||||
|
||||
[default_gui]
|
||||
video_info=false
|
||||
frame_counter=false
|
||||
fullscreen_toolbar1_was_visible=false
|
||||
fullscreen_toolbar2_was_visible=false
|
||||
compact_toolbar1_was_visible=false
|
||||
compact_toolbar2_was_visible=false
|
||||
pos=@Point(0 31)
|
||||
size=@Size(683 509)
|
||||
toolbars_state=@ByteArray(\0\0\0\xff\0\0\x12\xc4\xfd\0\0\0\x1\0\0\0\x3\0\0\0\0\0\0\0\0\xfc\x1\0\0\0\x1\xfb\0\0\0\x18\0p\0l\0\x61\0y\0l\0i\0s\0t\0\x64\0o\0\x63\0k\x2\0\0\0\0\0\0\0\0\0\0\0\x64\0\0\0\x1e\0\0\x2\xab\0\0\x1\x88\0\0\0\x4\0\0\0\x4\0\0\0\b\0\0\0\b\xfc\0\0\0\x2\0\0\0\x2\0\0\0\x2\0\0\0\x10\0t\0o\0o\0l\0\x62\0\x61\0r\0\x31\x1\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\x10\0t\0o\0o\0l\0\x62\0\x61\0r\0\x32\x1\0\0\x1\x9b\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\x3\0\0\0\x2\0\0\0\x1a\0\x63\0o\0n\0t\0r\0o\0l\0w\0i\0\x64\0g\0\x65\0t\x1\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0$\0\x63\0o\0n\0t\0r\0o\0l\0w\0i\0\x64\0g\0\x65\0t\0_\0m\0i\0n\0i\0\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0)
|
||||
actions\toolbar1=open_file, open_url, favorites_menu, separator, screenshot, separator, show_file_properties, show_playlist, show_tube_browser, separator, show_preferences, separator, play_prev, play_next
|
||||
actions\controlwidget=play, pause_and_frame_step, stop, separator, rewindbutton_action, timeslider_action, forwardbutton_action, separator, fullscreen, mute, volumeslider_action
|
||||
actions\controlwidget_mini=play_or_pause, stop, separator, rewind1, timeslider_action, forward1, separator, mute, volumeslider_action
|
||||
actions\floating_control=play, pause, stop, separator, rewindbutton_action, timeslider_action, forwardbutton_action, separator, fullscreen, mute, volumeslider_action, separator, timelabel_action
|
||||
actions\toolbar1_version=1
|
||||
|
||||
[base_gui_plus]
|
||||
show_tray_icon=false
|
||||
mainwindow_visible=true
|
||||
trayicon_playlist_was_visible=false
|
||||
widgets_size=0
|
||||
fullscreen_playlist_was_visible=false
|
||||
fullscreen_playlist_was_floating=false
|
||||
compact_playlist_was_visible=false
|
||||
ignore_playlist_events=false
|
||||
|
||||
[playlist]
|
||||
repeat=false
|
||||
shuffle=false
|
||||
auto_get_info=false
|
||||
recursive_add_directory=false
|
||||
save_playlist_in_config=true
|
||||
play_files_from_start=true
|
||||
automatically_play_next=true
|
||||
row_spacing=-1
|
||||
latest_dir=
|
||||
|
||||
[playlist_contents]
|
||||
count=0
|
||||
current_item=-1
|
||||
modified=false
|
15
tools-hardened/desktop/thuser/.config/user-dirs.dirs
Normal file
15
tools-hardened/desktop/thuser/.config/user-dirs.dirs
Normal file
|
@ -0,0 +1,15 @@
|
|||
# This file is written by xdg-user-dirs-update
|
||||
# If you want to change or add directories, just edit the line you're
|
||||
# interested in. All local changes will be retained on the next run
|
||||
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
|
||||
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
|
||||
# absolute path. No other format is supported.
|
||||
#
|
||||
XDG_DESKTOP_DIR="$HOME/Desktop"
|
||||
XDG_DOWNLOAD_DIR="$HOME/Downloads"
|
||||
XDG_TEMPLATES_DIR="$HOME/Templates"
|
||||
XDG_PUBLICSHARE_DIR="$HOME/Public"
|
||||
XDG_DOCUMENTS_DIR="$HOME/Documents"
|
||||
XDG_MUSIC_DIR="$HOME/Music"
|
||||
XDG_PICTURES_DIR="$HOME/Pictures"
|
||||
XDG_VIDEOS_DIR="$HOME/Videos"
|
1
tools-hardened/desktop/thuser/.config/user-dirs.locale
Normal file
1
tools-hardened/desktop/thuser/.config/user-dirs.locale
Normal file
|
@ -0,0 +1 @@
|
|||
C
|
|
@ -0,0 +1,12 @@
|
|||
[Trash]
|
||||
row=2
|
||||
col=0
|
||||
|
||||
[File System]
|
||||
row=1
|
||||
col=0
|
||||
|
||||
[Home]
|
||||
row=0
|
||||
col=0
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
[Trash]
|
||||
row=2
|
||||
col=0
|
||||
|
||||
[File System]
|
||||
row=1
|
||||
col=0
|
||||
|
||||
[Home]
|
||||
row=0
|
||||
col=0
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
[Trash]
|
||||
row=2
|
||||
col=0
|
||||
|
||||
[File System]
|
||||
row=1
|
||||
col=0
|
||||
|
||||
[Home]
|
||||
row=0
|
||||
col=0
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
[Trash]
|
||||
row=1
|
||||
col=0
|
||||
|
||||
[File System]
|
||||
row=0
|
||||
col=1
|
||||
|
||||
[Home]
|
||||
row=0
|
||||
col=0
|
||||
|
2
tools-hardened/desktop/thuser/.config/xfce4/help.rc
Normal file
2
tools-hardened/desktop/thuser/.config/xfce4/help.rc
Normal file
|
@ -0,0 +1,2 @@
|
|||
auto-online=false
|
||||
|
4
tools-hardened/desktop/thuser/.config/xfce4/helpers.rc
Normal file
4
tools-hardened/desktop/thuser/.config/xfce4/helpers.rc
Normal file
|
@ -0,0 +1,4 @@
|
|||
TerminalEmulator=xfce4-terminal
|
||||
WebBrowser=firefox
|
||||
MailReader=sylpheed
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
UpdateInterval=0
|
||||
TimeScale=0
|
||||
Size=16
|
||||
Mode=0
|
||||
Frame=1
|
||||
Border=1
|
||||
Bars=1
|
||||
TrackedCore=0
|
||||
Command=xfce4-taskmanager
|
||||
InTerminal=0
|
||||
StartupNotification=1
|
||||
ColorMode=0
|
||||
Foreground1=#0000ffff0000
|
||||
Foreground2=#ffff00000000
|
||||
Foreground3=#00000000ffff
|
||||
Background=#ffffffffffff
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
[Desktop Entry]
|
||||
Version=1.0
|
||||
Type=Application
|
||||
Exec=exo-open --launch FileManager %u
|
||||
Icon=system-file-manager
|
||||
StartupNotify=true
|
||||
Terminal=false
|
||||
Categories=Utility;X-XFCE;X-Xfce-Toplevel;
|
||||
OnlyShowIn=XFCE;
|
||||
X-XFCE-MimeType=x-scheme-handler/file;x-scheme-handler/trash;
|
||||
Name=File Manager
|
||||
Comment=Browse the file system
|
||||
X-XFCE-Source=file:///usr/share/applications/exo-file-manager.desktop
|
|
@ -0,0 +1,13 @@
|
|||
[Desktop Entry]
|
||||
Exec=abiword %U
|
||||
Icon=abiword
|
||||
Terminal=false
|
||||
Type=Application
|
||||
Categories=Office;WordProcessor;GNOME;GTK;X-Red-Hat-Base;
|
||||
StartupNotify=true
|
||||
X-Desktop-File-Install-Version=0.9
|
||||
MimeType=application/x-abiword;text/x-abiword;text/x-xml-abiword;text/plain;application/msword;application/rtf;application/vnd.plain;application/xhtml+xml;text/html;application/x-crossmark;application/docbook+xml;application/x-t602;application/vnd.oasis.opendocument.text;application/vnd.oasis.opendocument.text-template;application/vnd.oasis.opendocument.text-web;application/vnd.sun.xml.writer;application/vnd.stardivision.writer;text/vnd.wap.wml;application/wordperfect6;application/wordperfect5.1;application/vnd.wordperfect;application/x-abicollab;
|
||||
Name=AbiWord
|
||||
GenericName=Word Processor
|
||||
Comment=Compose, edit, and view documents
|
||||
X-XFCE-Source=file:///usr/share/applications/abiword.desktop
|
|
@ -0,0 +1,10 @@
|
|||
[Desktop Entry]
|
||||
Name=Sylpheed
|
||||
Comment=E-Mail client
|
||||
Exec=sylpheed
|
||||
Icon=sylpheed
|
||||
MimeType=message/rfc822;x-scheme-handler/mailto;
|
||||
Terminal=false
|
||||
Type=Application
|
||||
Categories=GTK;Network;Email;News;
|
||||
X-XFCE-Source=file:///usr/share/applications/sylpheed.desktop
|
|
@ -0,0 +1,10 @@
|
|||
[Desktop Entry]
|
||||
Name=Aurora
|
||||
Comment=Web Browser
|
||||
Exec=firefox %U
|
||||
Icon=aurora
|
||||
Terminal=false
|
||||
Type=Application
|
||||
MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https;
|
||||
Categories=Network;WebBrowser;
|
||||
X-XFCE-Source=file:///usr/share/applications/firefox.desktop
|
|
@ -0,0 +1,15 @@
|
|||
[Desktop Entry]
|
||||
Version=1.0
|
||||
Name=VLC media player
|
||||
GenericName=Media player
|
||||
Comment=Read, capture, broadcast your multimedia streams
|
||||
Exec=/usr/bin/vlc %U
|
||||
TryExec=/usr/bin/vlc
|
||||
Icon=vlc
|
||||
Terminal=false
|
||||
Type=Application
|
||||
Categories=AudioVideo;Player;Recorder;
|
||||
MimeType=video/dv;video/mpeg;video/x-mpeg;video/msvideo;video/quicktime;video/x-anim;video/x-avi;video/x-ms-asf;video/x-ms-wmv;video/x-msvideo;video/x-nsv;video/x-flc;video/x-fli;video/x-flv;video/vnd.rn-realvideo;video/mp4;video/mp4v-es;video/mp2t;application/ogg;application/x-ogg;video/x-ogm+ogg;audio/x-vorbis+ogg;application/x-matroska;audio/x-matroska;video/x-matroska;video/webm;audio/webm;audio/x-mp3;audio/x-mpeg;audio/mpeg;audio/x-wav;audio/x-mpegurl;audio/x-scpls;audio/x-m4a;audio/x-ms-asf;audio/x-ms-asx;audio/x-ms-wax;application/vnd.rn-realmedia;audio/x-real-audio;audio/x-pn-realaudio;application/x-flac;audio/x-flac;application/x-shockwave-flash;misc/ultravox;audio/vnd.rn-realaudio;audio/x-pn-aiff;audio/x-pn-au;audio/x-pn-wav;audio/x-pn-windows-acm;image/vnd.rn-realpix;audio/x-pn-realaudio-plugin;application/x-extension-mp4;audio/mp4;audio/amr;audio/amr-wb;x-content/video-vcd;x-content/video-svcd;x-content/video-dvd;x-content/audio-cdda;x-content/audio-player;application/xspf+xml;x-scheme-handler/mms;x-scheme-handler/rtmp;x-scheme-handler/rtsp;
|
||||
X-KDE-Protocols=ftp,http,https,mms,rtmp,rtsp,sftp,smb
|
||||
Keywords=Player;Capture;DVD;Audio;Video;Server;Broadcast;
|
||||
X-XFCE-Source=file:///usr/share/applications/vlc.desktop
|
|
@ -0,0 +1,10 @@
|
|||
[Desktop Entry]
|
||||
Name=HexChat IRC
|
||||
Comment=Chat with other people using Internet Relay Chat
|
||||
Exec=hexchat
|
||||
Icon=hexchat
|
||||
Terminal=false
|
||||
Type=Application
|
||||
Categories=Network;
|
||||
StartupNotify=true
|
||||
X-XFCE-Source=file:///usr/share/applications/hexchat.desktop
|
|
@ -0,0 +1,14 @@
|
|||
[Desktop Entry]
|
||||
Version=1.0
|
||||
Name=Ristretto Image Viewer
|
||||
Comment=Look at your images easily
|
||||
GenericName=Image Viewer
|
||||
Exec=ristretto %F
|
||||
Icon=ristretto
|
||||
Terminal=false
|
||||
Type=Application
|
||||
X-MultipleArgs=false
|
||||
Categories=GTK;Graphics;Viewer;
|
||||
StartupNotify=true
|
||||
MimeType=image/png;image/gif;image/jpeg;image/bmp;image/x-pixmap;image/tiff;image/svg+xml;image/x-xpixmap;
|
||||
X-XFCE-Source=file:///usr/share/applications/ristretto.desktop
|
|
@ -0,0 +1,12 @@
|
|||
[Desktop Entry]
|
||||
Version=1.0
|
||||
Type=Application
|
||||
Exec=exo-open --launch TerminalEmulator
|
||||
Icon=utilities-terminal
|
||||
StartupNotify=true
|
||||
Terminal=false
|
||||
Categories=Utility;X-XFCE;X-Xfce-Toplevel;
|
||||
OnlyShowIn=XFCE;
|
||||
Name=Terminal Emulator
|
||||
Comment=Use the command line
|
||||
X-XFCE-Source=file:///usr/share/applications/exo-terminal-emulator.desktop
|
|
@ -0,0 +1,22 @@
|
|||
button-title=Applications Menu
|
||||
button-icon=xfce4-panel-menu
|
||||
show-button-title=true
|
||||
show-button-icon=true
|
||||
launcher-show-name=true
|
||||
launcher-show-description=true
|
||||
hover-switch-category=false
|
||||
category-icon-size=1
|
||||
item-icon-size=2
|
||||
load-hierarchy=false
|
||||
favorites-in-recent=true
|
||||
display-recent-default=false
|
||||
position-search-alternate=false
|
||||
position-commands-alternate=false
|
||||
command-settings=xfce4-settings-manager
|
||||
command-lockscreen=xflock4
|
||||
command-logout=xfce4-session-logout
|
||||
favorites=exo-terminal-emulator.desktop,exo-file-manager.desktop,exo-mail-reader.desktop,exo-web-browser.desktop
|
||||
recent=xfce-backdrop-settings.desktop,xfce-wmtweaks-settings.desktop,xfcecomped.desktop,xfce-wm-settings.desktop,Thunar.desktop,exo-mail-reader.desktop,xfce-display-settings.desktop,galculator.desktop,xfce-keyboard-settings.desktop
|
||||
menu-width=400
|
||||
menu-height=500
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
[Settings]
|
||||
ShowAllProcesses=FALSE
|
||||
MorePrecision=FALSE
|
||||
FullCommandLine=FALSE
|
||||
ShowStatusIcon=TRUE
|
||||
RefreshRate=750
|
||||
ColumnUID=FALSE
|
||||
ColumnPID=TRUE
|
||||
ColumnPPID=FALSE
|
||||
ColumnState=FALSE
|
||||
ColumnVSZ=FALSE
|
||||
ColumnRSS=TRUE
|
||||
ColumnCPU=TRUE
|
||||
ColumnPriority=FALSE
|
||||
SortColumn=0
|
||||
SortType=0
|
||||
WindowWidth=512
|
||||
WindowHeight=465
|
|
@ -0,0 +1,30 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="displays" version="1.0">
|
||||
<property name="Default" type="empty">
|
||||
<property name="HDMI-0" type="string" value="HDMI-0">
|
||||
<property name="Active" type="bool" value="true"/>
|
||||
<property name="Resolution" type="string" value="1600x900"/>
|
||||
<property name="RefreshRate" type="double" value="59.622971"/>
|
||||
<property name="Rotation" type="int" value="0"/>
|
||||
<property name="Reflection" type="string" value="0"/>
|
||||
<property name="Primary" type="bool" value="false"/>
|
||||
<property name="Position" type="empty">
|
||||
<property name="X" type="int" value="0"/>
|
||||
<property name="Y" type="int" value="0"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="DVI-1" type="string" value="Acer 20"">
|
||||
<property name="Active" type="bool" value="false"/>
|
||||
<property name="Resolution" type="string" value="1152x864"/>
|
||||
<property name="RefreshRate" type="double" value="75.000000"/>
|
||||
<property name="Rotation" type="int" value="0"/>
|
||||
<property name="Reflection" type="string" value="0"/>
|
||||
<property name="Primary" type="bool" value="false"/>
|
||||
<property name="Position" type="empty">
|
||||
<property name="X" type="int" value="0"/>
|
||||
<property name="Y" type="int" value="0"/>
|
||||
</property>
|
||||
</property>
|
||||
</property>
|
||||
</channel>
|
|
@ -0,0 +1,7 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="keyboards" version="1.0">
|
||||
<property name="Default" type="empty">
|
||||
<property name="Numlock" type="bool" value="false"/>
|
||||
</property>
|
||||
</channel>
|
|
@ -0,0 +1,9 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="ristretto" version="1.0">
|
||||
<property name="window" type="empty">
|
||||
<property name="navigationbar" type="empty">
|
||||
<property name="position" type="string" value="left"/>
|
||||
</property>
|
||||
</property>
|
||||
</channel>
|
|
@ -0,0 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="thunar" version="1.0">
|
||||
<property name="last-view" type="string" value="ThunarIconView"/>
|
||||
<property name="last-icon-view-zoom-level" type="string" value="THUNAR_ZOOM_LEVEL_NORMAL"/>
|
||||
</channel>
|
|
@ -0,0 +1,9 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="xfce4-appfinder" version="1.0">
|
||||
<property name="last" type="empty">
|
||||
<property name="window-height" type="int" value="400"/>
|
||||
<property name="window-width" type="int" value="400"/>
|
||||
<property name="pane-position" type="int" value="180"/>
|
||||
</property>
|
||||
</channel>
|
|
@ -0,0 +1,41 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="xfce4-desktop" version="1.0">
|
||||
<property name="backdrop" type="empty">
|
||||
<property name="screen0" type="empty">
|
||||
<property name="monitor0" type="empty">
|
||||
<property name="image-path" type="string" value="/usr/share/backgrounds/background.jpg"/>
|
||||
<property name="last-image" type="string" value="/usr/share/backgrounds/background.jpg"/>
|
||||
<property name="last-single-image" type="string" value="/usr/share/backgrounds/background.jpg"/>
|
||||
</property>
|
||||
<property name="monitor1" type="empty">
|
||||
<property name="image-path" type="string" value="/usr/share/backgrounds/xfce/xfce-blue.jpg"/>
|
||||
<property name="last-image" type="string" value="/usr/share/backgrounds/xfce/xfce-blue.jpg"/>
|
||||
<property name="last-single-image" type="string" value="/usr/share/backgrounds/xfce/xfce-blue.jpg"/>
|
||||
</property>
|
||||
</property>
|
||||
</property>
|
||||
<property name="desktop-icons" type="empty">
|
||||
<property name="icon-size" type="uint" value="45"/>
|
||||
<property name="file-icons" type="empty">
|
||||
<property name="show-home" type="bool" value="true"/>
|
||||
<property name="show-filesystem" type="bool" value="true"/>
|
||||
<property name="show-trash" type="bool" value="true"/>
|
||||
<property name="show-removable" type="bool" value="false"/>
|
||||
</property>
|
||||
<property name="single-click" type="bool" value="false"/>
|
||||
<property name="style" type="int" value="2"/>
|
||||
<property name="use-custom-font-size" type="bool" value="false"/>
|
||||
</property>
|
||||
<property name="windowlist-menu" type="empty">
|
||||
<property name="show" type="bool" value="false"/>
|
||||
<property name="show-workspace-names" type="bool" value="false"/>
|
||||
<property name="show-submenus" type="bool" value="true"/>
|
||||
<property name="show-sticky-once" type="bool" value="true"/>
|
||||
<property name="show-icons" type="bool" value="false"/>
|
||||
</property>
|
||||
<property name="desktop-menu" type="empty">
|
||||
<property name="show" type="bool" value="false"/>
|
||||
<property name="show-icons" type="bool" value="true"/>
|
||||
</property>
|
||||
</channel>
|
|
@ -0,0 +1,149 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="xfce4-keyboard-shortcuts" version="1.0">
|
||||
<property name="commands" type="empty">
|
||||
<property name="default" type="empty">
|
||||
<property name="<Alt>F1" type="empty"/>
|
||||
<property name="<Alt>F2" type="empty">
|
||||
<property name="startup-notify" type="empty"/>
|
||||
</property>
|
||||
<property name="<Alt>F3" type="empty">
|
||||
<property name="startup-notify" type="empty"/>
|
||||
</property>
|
||||
<property name="<Control><Alt>Delete" type="empty"/>
|
||||
<property name="XF86Display" type="empty"/>
|
||||
<property name="<Super>p" type="empty"/>
|
||||
<property name="<Control>Escape" type="empty"/>
|
||||
<property name="XF86WWW" type="empty"/>
|
||||
<property name="XF86Mail" type="empty"/>
|
||||
</property>
|
||||
<property name="custom" type="empty">
|
||||
<property name="<Control>Escape" type="string" value="xfdesktop --menu"/>
|
||||
<property name="<Alt>F2" type="string" value="xfce4-appfinder --collapsed"/>
|
||||
<property name="<Alt>F3" type="string" value="xfce4-appfinder"/>
|
||||
<property name="<Alt>F1" type="string" value="xfce4-popup-applicationsmenu"/>
|
||||
<property name="<Control><Alt>Delete" type="string" value="xflock4"/>
|
||||
<property name="XF86Mail" type="string" value="exo-open --launch MailReader"/>
|
||||
<property name="XF86Display" type="string" value="xfce4-display-settings --minimal"/>
|
||||
<property name="XF86WWW" type="string" value="exo-open --launch WebBrowser"/>
|
||||
<property name="<Super>p" type="string" value="xfce4-display-settings --minimal"/>
|
||||
<property name="override" type="bool" value="true"/>
|
||||
<property name="<Primary><Alt>t" type="string" value="xfce4-terminal"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="xfwm4" type="empty">
|
||||
<property name="default" type="empty">
|
||||
<property name="<Alt>Insert" type="empty"/>
|
||||
<property name="Escape" type="empty"/>
|
||||
<property name="Left" type="empty"/>
|
||||
<property name="Right" type="empty"/>
|
||||
<property name="Up" type="empty"/>
|
||||
<property name="Down" type="empty"/>
|
||||
<property name="<Alt>Tab" type="empty"/>
|
||||
<property name="<Alt><Shift>Tab" type="empty"/>
|
||||
<property name="<Alt>Delete" type="empty"/>
|
||||
<property name="<Control><Alt>Down" type="empty"/>
|
||||
<property name="<Control><Alt>Left" type="empty"/>
|
||||
<property name="<Shift><Alt>Page_Down" type="empty"/>
|
||||
<property name="<Alt>F4" type="empty"/>
|
||||
<property name="<Alt>F6" type="empty"/>
|
||||
<property name="<Alt>F7" type="empty"/>
|
||||
<property name="<Alt>F8" type="empty"/>
|
||||
<property name="<Alt>F9" type="empty"/>
|
||||
<property name="<Alt>F10" type="empty"/>
|
||||
<property name="<Alt>F11" type="empty"/>
|
||||
<property name="<Alt>F12" type="empty"/>
|
||||
<property name="<Control><Shift><Alt>Left" type="empty"/>
|
||||
<property name="<Alt><Control>End" type="empty"/>
|
||||
<property name="<Alt><Control>Home" type="empty"/>
|
||||
<property name="<Control><Shift><Alt>Right" type="empty"/>
|
||||
<property name="<Control><Shift><Alt>Up" type="empty"/>
|
||||
<property name="<Alt><Control>KP_1" type="empty"/>
|
||||
<property name="<Alt><Control>KP_2" type="empty"/>
|
||||
<property name="<Alt><Control>KP_3" type="empty"/>
|
||||
<property name="<Alt><Control>KP_4" type="empty"/>
|
||||
<property name="<Alt><Control>KP_5" type="empty"/>
|
||||
<property name="<Alt><Control>KP_6" type="empty"/>
|
||||
<property name="<Alt><Control>KP_7" type="empty"/>
|
||||
<property name="<Alt><Control>KP_8" type="empty"/>
|
||||
<property name="<Alt><Control>KP_9" type="empty"/>
|
||||
<property name="<Alt>space" type="empty"/>
|
||||
<property name="<Shift><Alt>Page_Up" type="empty"/>
|
||||
<property name="<Control><Alt>Right" type="empty"/>
|
||||
<property name="<Control><Alt>d" type="empty"/>
|
||||
<property name="<Control><Alt>Up" type="empty"/>
|
||||
<property name="<Super>Tab" type="empty"/>
|
||||
<property name="<Control>F1" type="empty"/>
|
||||
<property name="<Control>F2" type="empty"/>
|
||||
<property name="<Control>F3" type="empty"/>
|
||||
<property name="<Control>F4" type="empty"/>
|
||||
<property name="<Control>F5" type="empty"/>
|
||||
<property name="<Control>F6" type="empty"/>
|
||||
<property name="<Control>F7" type="empty"/>
|
||||
<property name="<Control>F8" type="empty"/>
|
||||
<property name="<Control>F9" type="empty"/>
|
||||
<property name="<Control>F10" type="empty"/>
|
||||
<property name="<Control>F11" type="empty"/>
|
||||
<property name="<Control>F12" type="empty"/>
|
||||
</property>
|
||||
<property name="custom" type="empty">
|
||||
<property name="<Control>F3" type="string" value="workspace_3_key"/>
|
||||
<property name="<Control>F4" type="string" value="workspace_4_key"/>
|
||||
<property name="<Control>F5" type="string" value="workspace_5_key"/>
|
||||
<property name="<Control>F6" type="string" value="workspace_6_key"/>
|
||||
<property name="<Control>F7" type="string" value="workspace_7_key"/>
|
||||
<property name="<Control>F8" type="string" value="workspace_8_key"/>
|
||||
<property name="<Control>F9" type="string" value="workspace_9_key"/>
|
||||
<property name="<Alt>Tab" type="string" value="cycle_windows_key"/>
|
||||
<property name="<Control><Alt>Right" type="string" value="right_workspace_key"/>
|
||||
<property name="Left" type="string" value="left_key"/>
|
||||
<property name="<Control><Alt>d" type="string" value="show_desktop_key"/>
|
||||
<property name="<Control><Shift><Alt>Left" type="string" value="move_window_left_key"/>
|
||||
<property name="<Control><Shift><Alt>Right" type="string" value="move_window_right_key"/>
|
||||
<property name="Up" type="string" value="up_key"/>
|
||||
<property name="<Alt>F4" type="string" value="close_window_key"/>
|
||||
<property name="<Alt>F6" type="string" value="stick_window_key"/>
|
||||
<property name="<Control><Alt>Down" type="string" value="down_workspace_key"/>
|
||||
<property name="<Alt>F7" type="string" value="move_window_key"/>
|
||||
<property name="<Alt>F9" type="string" value="hide_window_key"/>
|
||||
<property name="<Alt>F11" type="string" value="fullscreen_key"/>
|
||||
<property name="<Alt>F8" type="string" value="resize_window_key"/>
|
||||
<property name="<Super>Tab" type="string" value="switch_window_key"/>
|
||||
<property name="Escape" type="string" value="cancel_key"/>
|
||||
<property name="<Alt><Control>KP_1" type="string" value="move_window_workspace_1_key"/>
|
||||
<property name="<Alt><Control>KP_2" type="string" value="move_window_workspace_2_key"/>
|
||||
<property name="<Alt><Control>KP_3" type="string" value="move_window_workspace_3_key"/>
|
||||
<property name="<Alt><Control>KP_4" type="string" value="move_window_workspace_4_key"/>
|
||||
<property name="<Alt><Control>KP_5" type="string" value="move_window_workspace_5_key"/>
|
||||
<property name="<Alt><Control>KP_6" type="string" value="move_window_workspace_6_key"/>
|
||||
<property name="Down" type="string" value="down_key"/>
|
||||
<property name="<Control><Shift><Alt>Up" type="string" value="move_window_up_key"/>
|
||||
<property name="<Shift><Alt>Page_Down" type="string" value="lower_window_key"/>
|
||||
<property name="<Alt>F12" type="string" value="above_key"/>
|
||||
<property name="<Alt><Control>KP_8" type="string" value="move_window_workspace_8_key"/>
|
||||
<property name="<Alt><Control>KP_9" type="string" value="move_window_workspace_9_key"/>
|
||||
<property name="Right" type="string" value="right_key"/>
|
||||
<property name="<Alt>F10" type="string" value="maximize_window_key"/>
|
||||
<property name="<Control><Alt>Up" type="string" value="up_workspace_key"/>
|
||||
<property name="<Control>F10" type="string" value="workspace_10_key"/>
|
||||
<property name="<Alt><Control>KP_7" type="string" value="move_window_workspace_7_key"/>
|
||||
<property name="<Alt><Control>End" type="string" value="move_window_next_workspace_key"/>
|
||||
<property name="<Alt>Delete" type="string" value="del_workspace_key"/>
|
||||
<property name="<Control><Alt>Left" type="string" value="left_workspace_key"/>
|
||||
<property name="<Control>F12" type="string" value="workspace_12_key"/>
|
||||
<property name="<Alt>space" type="string" value="popup_menu_key"/>
|
||||
<property name="<Alt><Shift>Tab" type="string" value="cycle_reverse_windows_key"/>
|
||||
<property name="<Shift><Alt>Page_Up" type="string" value="raise_window_key"/>
|
||||
<property name="<Alt>Insert" type="string" value="add_workspace_key"/>
|
||||
<property name="<Alt><Control>Home" type="string" value="move_window_prev_workspace_key"/>
|
||||
<property name="<Control>F2" type="string" value="workspace_2_key"/>
|
||||
<property name="<Control>F1" type="string" value="workspace_1_key"/>
|
||||
<property name="<Control>F11" type="string" value="workspace_11_key"/>
|
||||
<property name="override" type="bool" value="true"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="providers" type="array">
|
||||
<value type="string" value="xfwm4"/>
|
||||
<value type="string" value="commands"/>
|
||||
</property>
|
||||
</channel>
|
|
@ -0,0 +1,25 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="xfce4-mixer" version="1.0">
|
||||
<property name="volume-step-size" type="uint" value="5"/>
|
||||
<property name="active-card" type="string" value="HDAIntelAlsamixer"/>
|
||||
<property name="sound-card" type="string" value="LogitechUSBHeadsetH540Alsamixer"/>
|
||||
<property name="sound-cards" type="empty">
|
||||
<property name="HDAIntelAlsamixer" type="array">
|
||||
<value type="string" value="IEC958 Default PCM"/>
|
||||
<value type="string" value="PCM"/>
|
||||
<value type="string" value="Speaker"/>
|
||||
<value type="string" value="Headphone"/>
|
||||
<value type="string" value="Master"/>
|
||||
</property>
|
||||
<property name="PlaybackDummyOutputPulseAudioMixer" type="array">
|
||||
<value type="string" value="Master"/>
|
||||
</property>
|
||||
<property name="LogitechUSBHeadsetH540Alsamixer" type="array">
|
||||
<value type="string" value="Microphone"/>
|
||||
<value type="string" value="Headphone"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="window-height" type="int" value="468"/>
|
||||
<property name="window-width" type="int" value="601"/>
|
||||
</channel>
|
|
@ -0,0 +1,166 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="xfce4-panel" version="1.0">
|
||||
<property name="configver" type="int" value="2"/>
|
||||
<property name="panels" type="array">
|
||||
<value type="int" value="1"/>
|
||||
<value type="int" value="2"/>
|
||||
<property name="panel-1" type="empty">
|
||||
<property name="position" type="string" value="p=6;x=0;y=0"/>
|
||||
<property name="length" type="uint" value="100"/>
|
||||
<property name="position-locked" type="bool" value="true"/>
|
||||
<property name="size" type="uint" value="30"/>
|
||||
<property name="plugin-ids" type="array">
|
||||
<value type="int" value="25"/>
|
||||
<value type="int" value="11"/>
|
||||
<value type="int" value="3"/>
|
||||
<value type="int" value="15"/>
|
||||
<value type="int" value="19"/>
|
||||
<value type="int" value="12"/>
|
||||
<value type="int" value="4"/>
|
||||
<value type="int" value="24"/>
|
||||
<value type="int" value="5"/>
|
||||
<value type="int" value="6"/>
|
||||
<value type="int" value="2"/>
|
||||
</property>
|
||||
<property name="background-style" type="uint" value="0"/>
|
||||
<property name="background-color" type="array">
|
||||
<value type="uint" value="60005"/>
|
||||
<value type="uint" value="2359"/>
|
||||
<value type="uint" value="2359"/>
|
||||
<value type="uint" value="65535"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="panel-2" type="empty">
|
||||
<property name="position" type="string" value="p=10;x=0;y=0"/>
|
||||
<property name="position-locked" type="bool" value="true"/>
|
||||
<property name="plugin-ids" type="array">
|
||||
<value type="int" value="7"/>
|
||||
<value type="int" value="8"/>
|
||||
<value type="int" value="9"/>
|
||||
<value type="int" value="10"/>
|
||||
<value type="int" value="18"/>
|
||||
<value type="int" value="17"/>
|
||||
<value type="int" value="16"/>
|
||||
<value type="int" value="20"/>
|
||||
<value type="int" value="22"/>
|
||||
<value type="int" value="21"/>
|
||||
<value type="int" value="13"/>
|
||||
<value type="int" value="14"/>
|
||||
<value type="int" value="23"/>
|
||||
</property>
|
||||
<property name="background-style" type="uint" value="0"/>
|
||||
<property name="background-color" type="array">
|
||||
<value type="uint" value="5652"/>
|
||||
<value type="uint" value="42812"/>
|
||||
<value type="uint" value="51826"/>
|
||||
<value type="uint" value="65535"/>
|
||||
</property>
|
||||
<property name="autohide" type="bool" value="false"/>
|
||||
<property name="disable-struts" type="bool" value="false"/>
|
||||
<property name="mode" type="uint" value="0"/>
|
||||
<property name="size" type="uint" value="45"/>
|
||||
<property name="nrows" type="uint" value="1"/>
|
||||
<property name="length" type="uint" value="1"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugins" type="empty">
|
||||
<property name="plugin-2" type="string" value="actions">
|
||||
<property name="items" type="array">
|
||||
<value type="string" value="+lock-screen"/>
|
||||
<value type="string" value="-switch-user"/>
|
||||
<value type="string" value="+separator"/>
|
||||
<value type="string" value="-suspend"/>
|
||||
<value type="string" value="-hibernate"/>
|
||||
<value type="string" value="-separator"/>
|
||||
<value type="string" value="+shutdown"/>
|
||||
<value type="string" value="-restart"/>
|
||||
<value type="string" value="+separator"/>
|
||||
<value type="string" value="+logout"/>
|
||||
<value type="string" value="-logout-dialog"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugin-3" type="string" value="tasklist"/>
|
||||
<property name="plugin-15" type="string" value="separator">
|
||||
<property name="expand" type="bool" value="true"/>
|
||||
<property name="style" type="uint" value="0"/>
|
||||
</property>
|
||||
<property name="plugin-4" type="string" value="pager"/>
|
||||
<property name="plugin-5" type="string" value="clock"/>
|
||||
<property name="plugin-6" type="string" value="systray">
|
||||
<property name="names-visible" type="array">
|
||||
<value type="string" value="sylpheed"/>
|
||||
<value type="string" value="vlc"/>
|
||||
<value type="string" value="task manager"/>
|
||||
<value type="string" value="thunar"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugin-7" type="string" value="showdesktop"/>
|
||||
<property name="plugin-8" type="string" value="separator">
|
||||
<property name="style" type="uint" value="1"/>
|
||||
</property>
|
||||
<property name="plugin-9" type="string" value="launcher">
|
||||
<property name="items" type="array">
|
||||
<value type="string" value="13679615611.desktop"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugin-10" type="string" value="launcher">
|
||||
<property name="items" type="array">
|
||||
<value type="string" value="13679615612.desktop"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugin-13" type="string" value="separator">
|
||||
<property name="style" type="uint" value="1"/>
|
||||
</property>
|
||||
<property name="plugin-14" type="string" value="directorymenu">
|
||||
<property name="base-directory" type="string" value="/home/gentoo"/>
|
||||
</property>
|
||||
<property name="plugin-16" type="string" value="launcher">
|
||||
<property name="items" type="array">
|
||||
<value type="string" value="13679616705.desktop"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugin-17" type="string" value="launcher">
|
||||
<property name="items" type="array">
|
||||
<value type="string" value="13954274922.desktop"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugin-18" type="string" value="launcher">
|
||||
<property name="items" type="array">
|
||||
<value type="string" value="13954274581.desktop"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugin-20" type="string" value="launcher">
|
||||
<property name="items" type="array">
|
||||
<value type="string" value="13954275323.desktop"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugin-21" type="string" value="launcher">
|
||||
<property name="items" type="array">
|
||||
<value type="string" value="136796182710.desktop"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugin-22" type="string" value="launcher">
|
||||
<property name="items" type="array">
|
||||
<value type="string" value="13954275454.desktop"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="plugin-23" type="string" value="thunar-tpa"/>
|
||||
<property name="plugin-11" type="string" value="places">
|
||||
<property name="show-button-type" type="int" value="1"/>
|
||||
<property name="button-label" type="string" value=" Places"/>
|
||||
<property name="mount-open-volumes" type="bool" value="true"/>
|
||||
</property>
|
||||
<property name="plugin-24" type="string" value="mixer">
|
||||
<property name="sound-card" type="string" value="HDAATISBAlsamixer"/>
|
||||
<property name="track" type="string" value="Master"/>
|
||||
<property name="command" type="string" value="xfce4-mixer"/>
|
||||
<property name="enable-keyboard-shortcuts" type="bool" value="true"/>
|
||||
</property>
|
||||
<property name="plugin-25" type="string" value="whiskermenu"/>
|
||||
<property name="plugin-12" type="string" value="cpugraph"/>
|
||||
<property name="plugin-19" type="string" value="separator">
|
||||
<property name="style" type="uint" value="2"/>
|
||||
</property>
|
||||
</property>
|
||||
</channel>
|
|
@ -0,0 +1,28 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="xfce4-session" version="1.0">
|
||||
<property name="general" type="empty">
|
||||
<property name="FailsafeSessionName" type="empty"/>
|
||||
<property name="SessionName" type="string" value="Default"/>
|
||||
<property name="SaveOnExit" type="bool" value="false"/>
|
||||
</property>
|
||||
<property name="sessions" type="empty">
|
||||
<property name="Failsafe" type="empty">
|
||||
<property name="IsFailsafe" type="empty"/>
|
||||
<property name="Count" type="empty"/>
|
||||
<property name="Client0_Command" type="empty"/>
|
||||
<property name="Client0_PerScreen" type="empty"/>
|
||||
<property name="Client1_Command" type="empty"/>
|
||||
<property name="Client1_PerScreen" type="empty"/>
|
||||
<property name="Client2_Command" type="empty"/>
|
||||
<property name="Client2_PerScreen" type="empty"/>
|
||||
<property name="Client3_Command" type="empty"/>
|
||||
<property name="Client3_PerScreen" type="empty"/>
|
||||
<property name="Client4_Command" type="empty"/>
|
||||
<property name="Client4_PerScreen" type="empty"/>
|
||||
</property>
|
||||
</property>
|
||||
<property name="splash" type="empty">
|
||||
<property name="Engine" type="empty"/>
|
||||
</property>
|
||||
</channel>
|
|
@ -0,0 +1,82 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="xfwm4" version="1.0">
|
||||
<property name="general" type="empty">
|
||||
<property name="activate_action" type="string" value="bring"/>
|
||||
<property name="borderless_maximize" type="bool" value="true"/>
|
||||
<property name="box_move" type="bool" value="false"/>
|
||||
<property name="box_resize" type="bool" value="false"/>
|
||||
<property name="button_layout" type="string" value="O|SHMC"/>
|
||||
<property name="button_offset" type="int" value="0"/>
|
||||
<property name="button_spacing" type="int" value="0"/>
|
||||
<property name="click_to_focus" type="bool" value="true"/>
|
||||
<property name="focus_delay" type="int" value="250"/>
|
||||
<property name="cycle_apps_only" type="bool" value="false"/>
|
||||
<property name="cycle_draw_frame" type="bool" value="true"/>
|
||||
<property name="cycle_hidden" type="bool" value="true"/>
|
||||
<property name="cycle_minimum" type="bool" value="true"/>
|
||||
<property name="cycle_workspaces" type="bool" value="false"/>
|
||||
<property name="double_click_time" type="int" value="250"/>
|
||||
<property name="double_click_distance" type="int" value="5"/>
|
||||
<property name="double_click_action" type="string" value="maximize"/>
|
||||
<property name="easy_click" type="string" value="Alt"/>
|
||||
<property name="focus_hint" type="bool" value="true"/>
|
||||
<property name="focus_new" type="bool" value="true"/>
|
||||
<property name="frame_opacity" type="int" value="100"/>
|
||||
<property name="full_width_title" type="bool" value="true"/>
|
||||
<property name="inactive_opacity" type="int" value="100"/>
|
||||
<property name="maximized_offset" type="int" value="0"/>
|
||||
<property name="move_opacity" type="int" value="100"/>
|
||||
<property name="placement_ratio" type="int" value="20"/>
|
||||
<property name="placement_mode" type="string" value="center"/>
|
||||
<property name="popup_opacity" type="int" value="100"/>
|
||||
<property name="mousewheel_rollup" type="bool" value="true"/>
|
||||
<property name="prevent_focus_stealing" type="bool" value="false"/>
|
||||
<property name="raise_delay" type="int" value="250"/>
|
||||
<property name="raise_on_click" type="bool" value="true"/>
|
||||
<property name="raise_on_focus" type="bool" value="false"/>
|
||||
<property name="raise_with_any_button" type="bool" value="true"/>
|
||||
<property name="repeat_urgent_blink" type="bool" value="false"/>
|
||||
<property name="resize_opacity" type="int" value="100"/>
|
||||
<property name="restore_on_move" type="bool" value="true"/>
|
||||
<property name="scroll_workspaces" type="bool" value="true"/>
|
||||
<property name="shadow_delta_height" type="int" value="0"/>
|
||||
<property name="shadow_delta_width" type="int" value="0"/>
|
||||
<property name="shadow_delta_x" type="int" value="0"/>
|
||||
<property name="shadow_delta_y" type="int" value="-3"/>
|
||||
<property name="shadow_opacity" type="int" value="50"/>
|
||||
<property name="show_app_icon" type="bool" value="false"/>
|
||||
<property name="show_dock_shadow" type="bool" value="true"/>
|
||||
<property name="show_frame_shadow" type="bool" value="false"/>
|
||||
<property name="show_popup_shadow" type="bool" value="false"/>
|
||||
<property name="snap_resist" type="bool" value="false"/>
|
||||
<property name="snap_to_border" type="bool" value="true"/>
|
||||
<property name="snap_to_windows" type="bool" value="false"/>
|
||||
<property name="snap_width" type="int" value="10"/>
|
||||
<property name="theme" type="string" value="Default"/>
|
||||
<property name="tile_on_move" type="bool" value="true"/>
|
||||
<property name="title_alignment" type="string" value="center"/>
|
||||
<property name="title_font" type="string" value="Sans Bold 9"/>
|
||||
<property name="title_horizontal_offset" type="int" value="0"/>
|
||||
<property name="title_shadow_active" type="string" value="false"/>
|
||||
<property name="title_shadow_inactive" type="string" value="false"/>
|
||||
<property name="title_vertical_offset_active" type="int" value="0"/>
|
||||
<property name="title_vertical_offset_inactive" type="int" value="0"/>
|
||||
<property name="toggle_workspaces" type="bool" value="false"/>
|
||||
<property name="unredirect_overlays" type="bool" value="true"/>
|
||||
<property name="urgent_blink" type="bool" value="false"/>
|
||||
<property name="use_compositing" type="bool" value="true"/>
|
||||
<property name="workspace_count" type="int" value="4"/>
|
||||
<property name="workspace_names" type="array">
|
||||
<value type="string" value="Workspace 1"/>
|
||||
<value type="string" value="Workspace 2"/>
|
||||
<value type="string" value="Workspace 3"/>
|
||||
<value type="string" value="Workspace 4"/>
|
||||
</property>
|
||||
<property name="wrap_cycle" type="bool" value="true"/>
|
||||
<property name="wrap_layout" type="bool" value="true"/>
|
||||
<property name="wrap_resistance" type="int" value="10"/>
|
||||
<property name="wrap_windows" type="bool" value="true"/>
|
||||
<property name="wrap_workspaces" type="bool" value="false"/>
|
||||
</property>
|
||||
</channel>
|
|
@ -0,0 +1,40 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<channel name="xsettings" version="1.0">
|
||||
<property name="Net" type="empty">
|
||||
<property name="ThemeName" type="string" value="Xfce-dusk"/>
|
||||
<property name="IconThemeName" type="empty"/>
|
||||
<property name="DoubleClickTime" type="empty"/>
|
||||
<property name="DoubleClickDistance" type="empty"/>
|
||||
<property name="DndDragThreshold" type="empty"/>
|
||||
<property name="CursorBlink" type="empty"/>
|
||||
<property name="CursorBlinkTime" type="empty"/>
|
||||
<property name="SoundThemeName" type="empty"/>
|
||||
<property name="EnableEventSounds" type="empty"/>
|
||||
<property name="EnableInputFeedbackSounds" type="empty"/>
|
||||
</property>
|
||||
<property name="Xft" type="empty">
|
||||
<property name="DPI" type="empty"/>
|
||||
<property name="Antialias" type="empty"/>
|
||||
<property name="Hinting" type="empty"/>
|
||||
<property name="HintStyle" type="empty"/>
|
||||
<property name="RGBA" type="empty"/>
|
||||
</property>
|
||||
<property name="Gtk" type="empty">
|
||||
<property name="CanChangeAccels" type="empty"/>
|
||||
<property name="ColorPalette" type="empty"/>
|
||||
<property name="FontName" type="empty"/>
|
||||
<property name="IconSizes" type="empty"/>
|
||||
<property name="KeyThemeName" type="empty"/>
|
||||
<property name="ToolbarStyle" type="empty"/>
|
||||
<property name="ToolbarIconSize" type="empty"/>
|
||||
<property name="IMPreeditStyle" type="empty"/>
|
||||
<property name="IMStatusStyle" type="empty"/>
|
||||
<property name="MenuImages" type="empty"/>
|
||||
<property name="ButtonImages" type="empty"/>
|
||||
<property name="MenuBarAccel" type="empty"/>
|
||||
<property name="CursorThemeName" type="empty"/>
|
||||
<property name="CursorThemeSize" type="empty"/>
|
||||
<property name="IMModule" type="empty"/>
|
||||
</property>
|
||||
</channel>
|
15
tools-hardened/desktop/thuser/.gtkrc-2.0
Normal file
15
tools-hardened/desktop/thuser/.gtkrc-2.0
Normal file
|
@ -0,0 +1,15 @@
|
|||
style "xfdesktop-icon-view" {
|
||||
XfdesktopIconView::label-alpha = 0
|
||||
XfdesktopIconView::cell-spacing = 2
|
||||
XfdesktopIconView::cell-padding = 2
|
||||
XfdesktopIconView::cell-text-width-proportion = 1.8
|
||||
}
|
||||
widget_class "*XfdesktopIconView*" style "xfdesktop-icon-view"
|
||||
|
||||
style "panel-icon-fix" {
|
||||
xthickness = 0
|
||||
ythickness = 0
|
||||
}
|
||||
|
||||
widget "*Xfce*Panel*Button*" style "panel-icon-fix"
|
||||
class "*Xfce*Panel*Button*" style "panel-icon-fix"
|
3
tools-hardened/desktop/thuser/.xinitrc
Normal file
3
tools-hardened/desktop/thuser/.xinitrc
Normal file
|
@ -0,0 +1,3 @@
|
|||
#/bin/bash -l
|
||||
|
||||
/usr/bin/gnome-session
|
11
tools-hardened/desktop/toolchain.sh
Executable file
11
tools-hardened/desktop/toolchain.sh
Executable file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash -l
|
||||
|
||||
source /etc/profile
|
||||
env-update
|
||||
emerge -1q binutils
|
||||
source /etc/profile
|
||||
env-update
|
||||
emerge -1q gcc
|
||||
source /etc/profile
|
||||
env-update
|
||||
emerge -1q glibc
|
15
tools-hardened/desktop/update.sh
Executable file
15
tools-hardened/desktop/update.sh
Executable file
|
@ -0,0 +1,15 @@
|
|||
#!/bin/bash -l
|
||||
|
||||
#Right now we're commenting out the cairo
|
||||
#rebuild to see if it works in glibc.
|
||||
#hacky - for some reason cairo fails to rebuild
|
||||
#unless binutils is rebuilt first. It fails to
|
||||
#find libibirty.
|
||||
source /etc/profile
|
||||
env-update
|
||||
#emerge -q binutils
|
||||
#source /etc/profile
|
||||
#env-update
|
||||
#emerge -1q x11-libs/cairo
|
||||
|
||||
emerge -uvNDq --keep-going --with-bdeps=y world
|
207
tools-hardened/desktop/xfce4-run.sh
Executable file
207
tools-hardened/desktop/xfce4-run.sh
Executable file
|
@ -0,0 +1,207 @@
|
|||
#!/bin/bash
|
||||
|
||||
ARCH=${ARCH:-"amd64"}
|
||||
ROOTFS="th-${ARCH}-xfce4"
|
||||
|
||||
PWD="$(pwd)"
|
||||
STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"
|
||||
LAYMAN="/var/lib/layman"
|
||||
KERNEL_SOURCE="/usr/src/linux-tinhat"
|
||||
|
||||
|
||||
unpack_stage3() {
|
||||
mkdir "${ROOTFS}"
|
||||
tar -x -C "${ROOTFS}" -f "${STAGE3}"
|
||||
}
|
||||
|
||||
mount_dirs() {
|
||||
mkdir "${ROOTFS}"/usr/portage/
|
||||
mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
|
||||
mount --bind /proc/ "${ROOTFS}"/proc/
|
||||
mount --bind /dev/ "${ROOTFS}"/dev/
|
||||
mount --bind /dev/pts "${ROOTFS}"/dev/pts/
|
||||
mount -t tmpfs shm "${ROOTFS}"/dev/shm
|
||||
mount --bind /sys/ "${ROOTFS}"/sys/
|
||||
}
|
||||
|
||||
populate_etc() {
|
||||
cp -f files/fstab "${ROOTFS}"/etc/fstab
|
||||
cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
|
||||
|
||||
rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
|
||||
cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
|
||||
cp -f files/portage/package.xfce4.accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
|
||||
cp -f files/portage/package.xfce4.use "${ROOTFS}"/etc/portage/package.use
|
||||
cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
|
||||
cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
|
||||
}
|
||||
|
||||
rebuild_toolchain() {
|
||||
cp -f toolchain.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/toolchain.sh
|
||||
rm -f "${ROOTFS}"/tmp/toolchain.sh
|
||||
}
|
||||
|
||||
rebuild_world() {
|
||||
cp -f files/xfce4-world "${ROOTFS}"/var/lib/portage/world
|
||||
cp -f rebuild.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/rebuild.sh
|
||||
rm -f "${ROOTFS}"/tmp/rebuild.sh
|
||||
}
|
||||
|
||||
|
||||
update_world() {
|
||||
cp -f files/portage/make.xfce4.2 "${ROOTFS}"/etc/portage/make.conf
|
||||
cp -f update.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/update.sh
|
||||
rm -f "${ROOTFS}"/tmp/update.sh
|
||||
}
|
||||
|
||||
build_kernel() {
|
||||
local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
|
||||
mkdir -p "${ROOTFS}"/boot
|
||||
|
||||
genkernel \
|
||||
--kernel-config=files/kernel-config \
|
||||
--makeopts=-j9 \
|
||||
--static \
|
||||
--symlink \
|
||||
--no-mountboot \
|
||||
--kerneldir="${KERNEL_SOURCE}" \
|
||||
--bootdir="${PWD}"/"${ROOTFS}"/boot/ \
|
||||
all
|
||||
|
||||
#for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
|
||||
# objcopy --strip-unneeded $i
|
||||
#done
|
||||
rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
|
||||
wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
|
||||
tar -x -C "${PWD}"/files -f th-boot.tar.gz
|
||||
cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
|
||||
rm -f "${PWD}"/th-boot.tar.gz
|
||||
}
|
||||
|
||||
setup_initrc() {
|
||||
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
|
||||
chroot "${ROOTFS}"/ rc-update add acpid boot
|
||||
chroot "${ROOTFS}"/ rc-update add alsasound boot
|
||||
chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
|
||||
chroot "${ROOTFS}"/ rc-update add device-mapper boot
|
||||
chroot "${ROOTFS}"/ rc-update add lvm boot
|
||||
chroot "${ROOTFS}"/ rc-update add udev boot
|
||||
chroot "${ROOTFS}"/ rc-update add cupsd default
|
||||
chroot "${ROOTFS}"/ rc-update add cronie default
|
||||
chroot "${ROOTFS}"/ rc-update add net.eth0 default
|
||||
chroot "${ROOTFS}"/ rc-update add postfix default
|
||||
chroot "${ROOTFS}"/ rc-update add sshd default
|
||||
chroot "${ROOTFS}"/ rc-update add xdm default
|
||||
chroot "${ROOTFS}"/ rc-update add avahi-daemon default
|
||||
chroot "${ROOTFS}"/ rc-update add dbus default
|
||||
chroot "${ROOTFS}"/ rc-update add samba default
|
||||
chroot "${ROOTFS}"/ rc-update add syslog-ng default
|
||||
chroot "${ROOTFS}"/ rc-update add udev-postmount default
|
||||
chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
|
||||
chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
|
||||
}
|
||||
|
||||
setup_usergroups() {
|
||||
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
|
||||
|
||||
cp -f passwd.sh "${ROOTFS}"/tmp/
|
||||
chroot "${ROOTFS}"/ /tmp/passwd.sh
|
||||
rm -f "${ROOTFS}"/tmp/passwd.sh
|
||||
|
||||
rm -rf "${ROOTFS}"/etc/skel
|
||||
cp -a thuser "${ROOTFS}"/etc/skel
|
||||
sed -i 's/^\/usr\/*.*/\/usr\/bin\/startxfce4/' "${ROOTFS}"/etc/skel/.xinitrc
|
||||
mkdir -p "${ROOTFS}"/etc/skel/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
|
||||
chmod 700 "${ROOTFS}"/etc/skel/.ssh
|
||||
wget -O "${ROOTFS}"/etc/skel/.config/dconf/user "${DCONF_LOCAL}"
|
||||
wget -O "${ROOTFS}"/etc/skel/.cache/dconf/user "${DCONF_LOCAL}"
|
||||
|
||||
rm -rf "${ROOTFS}"/home/thuser
|
||||
cp -a thuser "${ROOTFS}"/home/thuser
|
||||
sed -i -e 's/^\/usr\/*.*/\/usr\/bin\/startxfce4/' "${ROOTFS}"/home/thuser//.xinitrc
|
||||
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
|
||||
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_gnome3_install.sh
|
||||
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
|
||||
chmod 700 "${ROOTFS}"/home/thuser/.ssh
|
||||
wget -O "${ROOTFS}"/home/thuser/.config/dconf/user "${DCONF_LOCAL}"
|
||||
wget -O "${ROOTFS}"/home/thuser/.cache/dconf/user "${DCONF_LOCAL}"
|
||||
|
||||
chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser
|
||||
sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers
|
||||
sed -i 's/^\/usr\/*.*/\/usr\/bin\/startxfce4/' "${ROOTFS}"/etc/skel/.xinitrc
|
||||
}
|
||||
|
||||
setup_confs() {
|
||||
local IMAGE="http://dev.gentoo.org/~blueness/lilblue/gentoo1600x1200.jpg"
|
||||
|
||||
sed -i 's/^\(DISPLAYMANAGER="\)xdm/\1slim/' "${ROOTFS}"/etc/conf.d/xdm
|
||||
sed -i 's/^\(login.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
|
||||
sed -i '/# login_cmd.*Xsession/ a\login_cmd exec /bin/bash -login ~/.xinitrc' "${ROOTFS}"/etc/slim.conf
|
||||
sed -i 's/^\(sessiondir.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
|
||||
sed -i '/# sessiondir.*/ a\sessiondir /etc/X11/Sessions' "${ROOTFS}"/etc/slim.conf
|
||||
|
||||
wget -O "${ROOTFS}"/usr/share/backgrounds/background.jpg "${IMAGE}"
|
||||
|
||||
sed -i '/^SYNC/d' "${ROOTFS}"/etc/portage/make.conf
|
||||
sed -i '/^GENTOO_MIRRORS/d' "${ROOTFS}"/etc/portage/make.conf
|
||||
sed -i 's/^MAKEOPTS/#MAKEOPTS/' "${ROOTFS}"/etc/portage/make.conf
|
||||
sed -i 's/^exec \/sbin\/*.*/exec \/sbin\/switch_root \/mnt\/tmpfs \/sbin\/init/' configs/init
|
||||
sed -i 's/^clock=\"*.*\"$/clock=\"local\"/' "${ROOTFS}"/etc/conf.d/hwclock
|
||||
|
||||
cp -a files/locale/locale.gen "${ROOTFS}"/etc/
|
||||
chroot "${ROOTFS}"/ locale-gen
|
||||
chroot "${ROOTFS}"/ eselect locale set 3
|
||||
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
|
||||
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
|
||||
# NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1
|
||||
#sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
|
||||
}
|
||||
|
||||
cleanup_dirs() {
|
||||
rm -rf "${ROOTFS}"/tmp/*
|
||||
rm -rf "${ROOTFS}"/var/cache/*
|
||||
rm -rf "${ROOTFS}"/var/log/*
|
||||
rm -rf "${ROOTFS}"/var/tmp/*
|
||||
rm -rf "${ROOTFS}"/etc/resolv.conf
|
||||
rm -rf "${ROOTFS}"/etc/ssh/*key*
|
||||
rm -rf "${ROOTFS}"/root/.viminfo
|
||||
for i in ${ROOTFS}/root/.bash_history ; do >$i; done
|
||||
find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
|
||||
}
|
||||
|
||||
unmount_dirs() {
|
||||
umount "${ROOTFS}"/sys/
|
||||
umount "${ROOTFS}"/dev/shm
|
||||
umount "${ROOTFS}"/dev/pts/
|
||||
umount "${ROOTFS}"/dev/
|
||||
umount "${ROOTFS}"/proc/
|
||||
umount "${ROOTFS}"/usr/portage/
|
||||
|
||||
mkdir "${ROOTFS}"/usr/portage/profiles/
|
||||
echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
|
||||
}
|
||||
|
||||
make_iso() {
|
||||
MYROOT="${ROOTFS}" ./make.sh
|
||||
}
|
||||
|
||||
main() {
|
||||
#unpack_stage3
|
||||
#mount_dirs
|
||||
#populate_etc
|
||||
#rebuild_toolchain
|
||||
#rebuild_world
|
||||
#update_world
|
||||
build_kernel
|
||||
#setup_initrc
|
||||
#setup_usergroups
|
||||
#setup_confs
|
||||
#cleanup_dirs
|
||||
#unmount_dirs
|
||||
#make_iso
|
||||
}
|
||||
|
||||
main > xfce4-"${ARCH}"-build.log 2>&1 &
|
Loading…
Reference in a new issue