OXYGEN - December 2000
Updated 29 December 2000
IMPORTANT INFORMATION
Read this document! It details items which will trip up new users to
Oxygen, especially those who have used LRP in the past.
FURTHER DOCUMENTATION
After logging in as root, look in /root for more documentation.
Other places to look include the directories in /usr/share/doc
(including, in particular, /usr/share/doc/oxygen-Dec.2000).
Very important: read the documentation located in syslinux.cfg:
this documentation explains all of the new parameters available
to configure the booting Oxygen kernel and system.
PRINCIPLES
Oxygen was developed for many reasons. Some of the goals I had
during development were:
* Create packages for all manner of network security tools and
system rescue tools.
* Create a "base" disk with add-on disks which could customize
a particular installation.
* Add ability to load packages over the network in any number of ways.
* Replace lrcfg and lrpkg with something much more powerful.
* Make adding modules much easier.
SCENARIOS
* Internet Firewall
Boot with the boot disk, and then use the Firewall Disk as a second disk.
Configure Seattle Firewall (seawall) to your desires.
* Rescuing a Full Linux Distribution (such as Red Hat or Debian)
Boot with the boot disk, and then use the System Rescue Disk as a second disk.
* Network Security Testing
Boot with the boot disk, and then use the Network Tools Disk (or disks)
as data disks.
DISK VOLUMES ET AL
The /var/log directory is now in a volume by itself, with a
default (and configurable) size of 2 megabytes. This prevents
overflowing logs from shutting down your Oxygen system.
The /tmp directory can optionally be a volume of its own also;
the default is for /tmp to be just one more part of the / volume.
To mount a 1.68M floppy - such as any of the Oxygen disks, or most
Eiger and LRP disks - just use the command:
mount /mnt
It is preconfigured for mounting a 1.68M disk from the boot volume.
Similarly, to mount a 1.44M disk, use:
mount /dos
This is also preconfigured for mounting from the boot volume, but for
1.44M disks.
BASE PACKAGE DESCRIPTIONS/CONTENTS
usr.lrp - /usr
doc.lrp - /usr/share/doc
home.lrp - /root and /home
etc.lrp - /etc
modules.lrp - /lib/modules and configuration files in /etc
local.lrp - /usr/local
log.lrp - /var/adm and /var/log
There may be other packages loaded, including from the boot diskette
itself; these are additional programs added to the base system.
SPACE CONSTRAINTS
There are a number of things that are included to make life simpler,
or to make Oxygen more powerful, that can be eliminated in specific
situations to free up space:
* snarf - this program is used to download packages via FTP, HTTP,
and GOPHER protocols.
* acfg - this is the full-screen menu-based configuration utility.
Once you know how things work, this could be gotten rid of.
* Excess modules - the common modules are included; erase those you
don't need and back up modules.lrp. Be sure to look for modules
in /lib/modules and in /var/boot/modules.
* doc.lrp - this can be erased from the disk if you don't need anything
in /usr/share/doc. Just keep a copy, just in case.
* This file - once you've printed it, or no longer need it, this file
could be erased.
* tftp - this file is a tftp client used particularly to download
packages via TFTP.
* ssmtp - this program is used to send mail FROM the Oxygen system;
it receives no mail. If you're not going to send mail, erase this.
* dhcpcd - a DHCP agent. If you don't need DHCP (client!) erase this.
* micro_httpd - a web server. If you have no need, delete this.
If you don't want the web server, erase everything in /var/www too.
* fdformat - a MSDOS FAT-16 disk formatter. This is used to create
MSDOS-format diskettes for use with Oxygen - it can create large
format disks (such as 1.68M and others).
* syslinux and ldlinux.sys - these are used to make a DOS disk bootable
with Linux. They are used to create Oxygen boot disks.
* iselect - this is used as a menu program for configuration, and
and possibly other things in the future. This, at last look,
was a package on the boot disk; it can be removed if desired.
* /bin/unconfigured.sh* and /bin/setup.sh* - once configuration
is done, these files are no longer necessary. They can be removed.
After deleting things that are undesired, remember to back up the
appropriate packages.
MODULES
If you have a module that needs to be loaded, put the appropriate
module (a *.o file) on one of the disks used during booting, and
that module will be loaded during the boot. After booting, if it
works and has the right parameters, backup the modules.lrp package
to disk, and you will be set - don't forget to delete the original
*.o file from the floppy disk (not from modules.lrp!).
Note well that the modules are *NOT* loaded in any specific order;
they will probably be loaded in alphabetical order, but that
is not guaranteed.
SECURITY
Oxygen should be more secure than most other LRP variants; however,
there are some things you MUST do - otherwise, Oxygen will NOT be
secure.
Do the following:
* Give GOOD passwords to root and lrp:
# passwd root
# passwd lrp
* Go through /etc/inetd.conf and delete anything not needed there.
* Delete the following binaries from the system if not desired:
- snarf: a FTP/HTTP/GOPHER file getter - used to load packages
over the network.
- ssmtp: a Simple SMTP agent - used to send mail. It does NOT
receive mail.
- dhcpcd: a DHCP agent - if you don't use DHCP, save yourself
the space and another network hassle. Delete /etc/dhcpcd too.
- micro_httpd: a web server - used for documentation, and for help.
When removing micro_httpd, make sure to comment out the line
in inetd.conf and restart inetd.conf:
# kill -HUP `cat /var/run/inetd.pid`
To make any changes "stick" you'll have to back up root.lrp,
usr.lrp, and perhaps etc.lrp as well...
* Delete packages from your data disks that you don't need. In
particular, note the following:
- replace telnet.lrp and telnetd.lrp with ssh.lrp. Telnet
transmits passwords in the clear across the network. ssh
is more secure as passwords are passed encrypted at all times.
- if you are using Oxygen as a firewall, *DON'T* use one of the
network tools disks (unmodified) to load with. These are tools
good for network administrators....... and system crackers.
- If you aren't going to make data disks under Oxygen, then you
can remove syslinux, fdformat, and mkfs.msdos too.
* Configure Linux capabilities using lcap:
PACKAGES
The graphical interface is pretty simple; the command line usages
are detailed below:
apkg -c <pkg> [ <dir> ]
Create a package <pkg>.lrp in the current directory, or in <dir>
if specified. If <pkg>.list or <pkg>.lis exists in <dir>, then use
that as a list of files instead of whatever might be in /var/lib/lrpkg.
apkg -b <pkg>
Backup package - without checking space constraints. It will back up
to /mnt, and will mount the disk associated with /mnt if necessary - and
will return the "mount" back to its original state (mounted or unmounted)
after completing. So if the disk isn't mounted when you start, it won't
be when you finish.
Thus, you can insert disk, type "apkg -b mypkg", then remove the disk
when the drive is done.
apkg -l [ <pkg> ... <pkgN> ]
List packages loaded in current system, or list files for package(s)
listed.
apkg -k <pkg1> ... <pkgN>
List contents of package file or files <pkg>.
apkg -i <pkg1> ... <pkgN>
Install package or packages into current system.
apkg -r <pkg>
Remove <pkg> from current system.
TELNET SUPPORT
Telnet was removed for security reasons (both client and server);
both are available on the Network Tools Disk. SSH is loaded from
the firewall disk.
UNATTENDED OPERATION
There are many options designed to make the system easier to use, many
of which require prompting the user. To remove all of these and set the
system up for unattended operation, the syslinux.cfg file must be edited:
1. The APPEND= line:
1. Remove DISKWAIT option from APPEND= line
2. Remove any PKGPATH=ask:// or PKGPATH=query:// entries
3. Change VGA= to a specific setting (instead of ASK) or remove
2. Global options:
2. Set value of TIMEOUT to something better (10 seconds?)
Also, during a system boot:
1. Make sure system is configured (answer "Y" to configure now?)
2. Make sure system is set up (answer "Y" to set up now?)
3. Back up root.lrp once system is up
USERS
There is a 'lrp' user, with no password. Change the password to whatever
you like, but do it soon.
The root user too, has no password.
FIREWALL DISK
The firewall disk is a *SNAPSHOT* of current operations - so it may or may
not be operational at any given time. All of the packages should be okay
except for brick.lrp (my firewall work).
SYSLINUX.CFG
The parameter LRP= is once again supported; if it is found, then the
packages listed will be loaded. The system packages (etc.lrp, modules.lrp,
local.lrp, log.lrp) will be loaded no matter what the contents of the
LRP= parameter are.
The packages listed in the LRP= parameter are the only ones loaded, with
the exception of the system packages (which are always loaded).
If no LRP= parameter is found, then all packages on the disk will be loaded;
this is the way the Oxygen distribution is set up.
The parameter PKGPATH= is the same as elsewhere, though new to LRP: insert
the locations of data disks in the same number of disks you have.
For example, if you have two data disks (besides the first boot disk), and
all of them will be loaded from your first floppy drive, and all are 1.68M
DOS-formatted disks, use this:
PKGPATH=/dev/fd0u1680:msdos,/dev/fd0u1680:msdos
The DISKWAIT parameter is used to cause the system to prompt for new disks
during the boot process; it is a switch, and is either present (prompt) or
not (don't prompt).
COMMANDS
Many commands have been added, many of them courtesy of busybox, and
many due to Charles Steinkuehler:
sort
xargs
which
diff
chroot
wc
wget
basename
dirname
tr
ping
nslookup
fdformat
charconv
Many commands have been shifted from /bin/POSIXness to /bin/busybox,
and thus have the potential of acting differently, or with enhancements:
uname
grep
id
head
tail
hostname
basename
dirname
Several new commands were created:
mkram <ramdevice> <megabytes> [ <mount> ]
Create RAM disk, and optionally mount it.
BOOT-TIME CONFIGURATION FILES FOR DAEMONS
The boot configuration files have been put into /etc/rc.config.d, with
the exception of /etc/network, which is a link to /etc/rc.config.d/network.
ALL of these files are sourced for each daemon that runs and is configured
to use them; this allows the firewall daemon to refuse to run if networking
is turned off, and the same for dhclient, syslog, etc.
To use the configuration system properly, you should do the following in the
startup scripts for your daemons:
RCF=/etc/rc.config
[ -f $RCF ] && . $RCF
[ "$DAEMON" = "0" ] && exit 0
....where DAEMON is replaced by your daemon name - such as DHCLIENT, NTP,
SYSLOGD, KLOGD, etc. However, there is much more you can do.
Download Latest Version
Bering-uClibc_7.5.1-beta1_i486_isolinux_vga.iso (166.7 MB)
