LAST MINUTE NOTES FOR ANUBIS-LINUX 2 NINE =-=-=-=-=-=-=-=-=-=- Changes in AL2 Nine: =-=-=-=-=-=-=-=-=-=- * Added: - KolourPaint, 'cos you never know when you're bored - KompoZer, for your web page building needs - gcc-doc, for those who need it - p0f, a "passive OS fingerprinting tool" - James Molloy's Kernel Tutorial - freeglut3, libglu1-mesa, libglu1-mesa-dev, libglut3-dev for OpenGL programming - x11proto-xf86vidmode-dev, x11proto-gl-dev, libxxf86vm-dev, libxmu-dev for a similar reason - libopenal-dev, the open audio library, useful for game programmers - some NeHe OpenGL base code to help get people started in games programming - as31, Intel 8031/8051 Assembler, 'cos you never know when you're bored - Pidgin, if only for proxy support - ArmagetronAd game, 'cos you know by now - Allegro, SDL and Minifmod non-free, for game developers, good luck and have fun! * Updated: - kdm (security hotfix) - ht (which nobody uses) - gcc-4.4, gcc-4.4-multilib, g++-4.4, g++-4.4-multilib, binutils, binutils-multiarch - very minor corrections/additions to own docs - libgl1-mesa-dev * Removed: - gXX-4.3 from x86 version, sorry for leaving them in - Kopete (replaced by Pidgin) - Splashy went to visit the bit bucket and never returned * Fixed/Re-Config'd: - 2.6.31 KK6 kernel now recognises both SquashFS-Lzma 3.4 and SquashFS 4.0 filesystems (use -t squashfs4) - no more firewall locale errors (and I still don't understand what do locales do in a firewall script) - removed avahi-daemon from startup, since it was blocked anyway by the firewall - added custom configurations for Krusader's embedded editor (got to love those file Tabs) - F12 key no longer ejects the optical drive tray (this disrupted Qemulator) - FascistFirewall=true in Vidalia's configuration, since Guarddog blocks plenty (that FascistFirewall setting always makes me grin) - MAptNotify replaced by TorK button, even if you want to use Synaptic you still don't need that Mapt thing which slows down KDE at hard drive boot (in my experience at least) - added Lenny Backports to Apt, because I just realised they rock - fixed that pesky udevinfo warning message - fixed the "dpkg --print-installation-architecture is obsolete" warning message - finally fixed the "blind" bookmarks problem in Firefox * Trivia: - lol Vim takes 30 MB's to install. no, funk you! - GDC might find its way into future versions, for those who don't know it's about the D "systems programming language" (as described on its site), the proud successor of C - GParted not upgraded because it was too big, and all I could see new was Ext4 support - Wine still doesn't start Win32 programs marked as executable (please unmark them, or use right-click menu) =-=-=-=-=-=-=-=-=-=-= Changes in AL2 Eight: =-=-=-=-=-=-=-=-=-=-= * Added: - gcc-4.4-multilib, g++-4.4-multilib, binutils-multiarch (now you can cross-compile, ain't that exciting) - Bran's Kernel Development Tutorial and GCC inline ASM tutorials (in Section 2 and no) - several miscellaneous additions in Section 1 - a dumb filesystem cleaner script, useful for those who remaster AL - BrutalChess, for those who wish to put their Nvidia graphics card, and mind, to good use - Showfoto (because Gwenview didn't cut it) - libgl1-mesa-dev, libglu1-mesa-dev for OpenGL programming capability - 7-Zip 9.10, localepurge, dash, myspell-en-us, myspell-en-gb - lfhex - a new Spartan hex editor - tons more extensions to Firefox, but no more icons in bookmarks [BUG] - a56, the Motorola DSP560001 assembler, 'cause you never know - aircrack-ng (deja-vu, I thought I've added it before to AL) - fwlogwatch for easier viewing of /var/messages firewall DROP's and ABORT's - Selinux HowTo's in Section 3, which I should really read someday - finally, after all this time, I installed the Linux version of EG - KSystemLog and nvidia-kernel startup script - Beyond Linux From Scratch and Hardened Linux From Scratch books - kate-plugins * Updated: - secure-delete, gcc-4.4, g++-4.4, binutils, coreutils, yasm, cpp - gcc, gcc-multilib, g++, g++-multilib (not a typo, and don't ask how) - KDbg, Wireshark, tshark, iptstate, snort, Knmap, nmap, x11-common - Wine, locales, iptables, kismet - chkrootkit, lynis, rkhunter, mc, PackEth - small additions/corrections to my Bash Newbie tutorial - ISO creation script slightly easier to work with - Linux From Scratch book * Removed: - Gwenview * Fixed/Re-Config'd: - increased max ramdisk size for LiveCD - increased max cache size for apt-get - added custom configurations for Krusader, KWrite, Kate and Audacious - added my personalised configuration for Firefox, which you'll either love or hate with profound passion - spellcheck is back in Firefox - overpopulated the desktop with icons, apologies in advance - some ISO file crazy permissions fixed (keyword is "some") * Trivia: - kernel remains good old 2.6.31 - not upgraded yet because I don't see the point - Wine still won't be invoked for Win32 binaries with "executable" permission set [BUG] - the current custom kernel won't recognise Squashfs 4.0 filesystems, I will fix this when I have more time [LIE] - drvr=xvesa doesn't run anymore (in x86 at least), this will be fixed as soon as I understand what's going on =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Changes in AL2 Seven (Ex Alpha 7): =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * Added: - secure-delete tools for "just-in-time" wiping of certain vulnerable areas - TorK, an alternative to Vidalia - DosBox, Wine's counterpart for running old DOS programs - Ophcrack GUI, and CLI - Aufs is back (in the kernel at least) - Audacious (stable) for your music listening pleasure - kismet, for wireless forensics - uncrustify, source code "beautifier" - nvidia-xconfig, and Nvidia card support included by default in this version of AL - AFV's OpenGL 1.0 HTML manpages - a bit dusty but still very helpful - parted and Qtparted - and now we have 5 programs doing the same thing! - rdd, the "special purposes" dd utility - Gecko 1.0.0 for Wine now included by default (it's the thing that helps Win32 apps display HTML) - openssh-server (sshd) from Stable, I figured some people would want this included; (SSH daemon was disabled from all runlevels - so you must start it manually) * Updated: - kernel to Debian 2.6.31-1 - Wireshark/tshark (custom re-build, because the Debian boys messed up the deps - x64 version only) - Wine updated to WineHQ's 1.1.33 Lenny (reason the same as above, plus Debian is way behind) - btrfs-tools to 0.19-6 (and the kernel's Btrfs code is still marked "0.16" but whatever right?) - chkrootkit, rkhunter, lynis forensics tools - Vidalia and Tor - Firefox, macchanger, PackEth - mdadm, dosfstools, gnu-fdisk, bash, p7zip-full - Selinux again - Cryptsetup, so no more udevsettle error - my own docs again (no major updates though) * Removed: - cd's outdated disk encryption HowTo from Section 03 - Klamav/Clamav - sorry. then again, why don't you DIY? :) AL is all about that. - deleted these in a desperate attempt to secure some free space: -> /etc/ndiswrapper/* -> /var/cache/debconf/* - temporarily removed these, until more space can be found (some of these will also be updated in the future version of AL - whenever that arrives) -> /01/02/CPU/Intel Manuals * Fixed/Re-Config'd: - kernel config'd with builtin Broadcom and Atheros support, such wireless cards should work now, if they didn't in previous releases - Privoxy config can now be changed while running the LiveCD - tweaked KPowersave so that it doesn't try to suspend to RAM/disk on laptop lid close - removed splash option by default, looks uglier but the better awareness is worth it * Trivia: - Sorry about the boot errors, but they're 1) harmless and 2) a PITA to fix. I'd like to highlight the rc.firewall warnings: they are related to Locale settings, different geo zones, and fonts - and so the firewall itself is functioning flawlessly. The warnings are due to incompat between the installed setlocale, thing, and the "firewall config" generator - which is Guarddog. I don't know why locale settings are written to a bloody firewall rules script but whatever. I won't go and recompile Guarddog just because of this... yet. - You have an alternative to Vidalia that you can try out (TorK) - but beware. If you set up TorK so that your machine functions as a (exit) relay in the Tor network, the firewall will be completely disabled. Because in AL, the iptables/Guarddog firewall will by default only permit ports 53, 80/8080/8888, 443 and 21 (DNS, HTTP, HTTPS and FTP, respectively). So if you start NAVALE or iptstate and see crazy foreign port numbers of the likes of 9001 (yes it's over nine thousand!) the you have a minor problem. - Be careful when you run NAVALE (NetActView AL Edition) as regular user, because if you try to shut down a process for which the PID isn't accessible and is marked by an asterisk, NAVALE will sometimes shut down the X session. - Due to an unknown problem, NAVALE cannot restart itself as root app. Sorry. - I found some coding errors in the CSFP utilities. Fixing the bug in the old versions (1, 2 and P) would've made them incompatible with the buggy releases. Basically, inside the program, "sha512sum" is added to the actual checksum and they're encrypted together. All in all, I proved that I am lame with pointers, because under close inspection it's clear everything gets messed up. The CSFP utils can be considered a great problem if you don't trust your users and you install AL on a publicly available machine. The current CSFP tools are pending partial removal - soon only the source will be available in /ANUBIS and they won't be installed by default. - Selinux is enabled by default, but its policy is set to Permissive. This means it will only silently log when it Would've stopped something from happening. Do not set the policy to Enforce. It will deny access to important files, important system utilities, meaning that it'll cripple your OS. The default policy sucks, and it's not even close to "working". Expect a refined config/policy in a future version of AL. Same goes for CSFP, and Snort, and other things. - I wanted to make smem wipe the memory as in Incognito, during reboot and halt; alas there are problems which result in a kernel panic and sometimes a lockdown. I now suspect this has to do with the kernel. Please contact me if you have a fix. - Latest "non experimental" Debian kernel is 2.6.31-2 at the time of this writing. I've made some changes to the current kernel (2.6.31-1) and it'd be a royal pain to import them to 2.6.31-2 - I'm not proficient with patch utilities, no thank you. 2.6.32 will soon become the new Sid kernel, probably on the very day I finished uploading the distro ey? ;) - So I included Nvidia support by default. What about Ati? Not yet, sorry. You may expect it for 2.0 final though. Then again, maybe it's wiser not to wait and add it by yourself. You can do it! Just rtfm and use the provided tools. :) =-=-=-=-=-=-=-=-=-=-=-= Changes in AL2 Alpha-6: =-=-=-=-=-=-=-=-=-=-=-= * Added: - NetActView "Kill PID" Edition (and Gksu for compat.) - run as root for best results - AL Paranoid User's Book [beta] - gpm - mouse daemon for textmode, I hope runlevel 2 MC fans will appreciate * Updated: - some bookmarks * Removed: - some docs from Secu/Insecu because they r34k'd * Fixed/Re-Config'd: - populated Desktop with loads of links - Privoxy to mangle the User Agent and Referrer header - tiny typos fixed in own docs * Trivia: - I'm aware that mksquashfs-lzma tools are available, and so are Lzma patches for kernel 2.6.31 and SquashFS 4.0 - but I decided to release Alpha 6 without the upgrades. I tested the new tools. they created a filesystem a couple MB larger than the old 3.4/Lzma tools. the new kernel is also bound to be problematical. last time I checked, Btrfs' version in the source was still "0.16", which is false, because ONLY the 0.18 version tools work with it. I'll be waiting for kernel 2.6.32/3, and for more people to start using this distro. =-=-=-=-=-=-=-=-=-=-=-= Changes in AL2 Alpha-5: =-=-=-=-=-=-=-=-=-=-=-= * Added: - Vidalia, the Tor configuration utility - important docs concerning Internet censorship, and Tor - Minstall-AL source in Bonus section * Updated: - AL Intro doc * Removed: - all stuff from /usr/share/doc(-base) again... * Fixed/Re-Config'd: - added some more bookmarks * Trivia: - =-=-=-=-=-=-=-=-=-=-=-= Changes in AL2 Alpha-4: =-=-=-=-=-=-=-=-=-=-=-= * Added: - a very interesting paper on cold boots; how DRAM keeps the data for a number of minutes after power-off (and if you're using volume encryption, most oftenly the password will reside in the RAM, by the way). - Beej's example source codes, so that the user won't have to waste time with extracting them from his book - some docs on futexes (C/C++ -> LinuxProg) - in the interest of slightly better security, the K/clamav antivirus was added. this is not something permanent though - it is taking up precious space which may have to be regained for future use. also, signature DB not updated. - my [incomplete] quick tutorial on C(++) programming. when finished it'll hold three chapters: "Basics of C", "Basics of C++" and "Basics of System Programming". * Updated: - Firefox to 3.5.2 ML, udev utilities * Removed: - * Fixed/Re-Config'd: - Klipper so that it doesn't remember the contents of the Clipboard after reboot - added (finally) the Anubis-Linux sites to the bookmarks in Firefox and Konqueror * Trivia: - ever wondered why the csfp progs don't contain the '%' character in the symbol array? so that you add it yourself! and good luck. ;) =-=-=-=-=-=-=-=-=-=-=-= Changes in AL2 Alpha-3: =-=-=-=-=-=-=-=-=-=-=-= * Added: - csfp2 and csfp-paranoid (max password lengths are of 2048 characters now) * Updated: - mdadm, mepis-init, iptables - bash finally at version 4.0 in x64 as well - my own docs again * Removed: - a lot of stuff from /usr/share/doc(-base) - in fact all of it, lol. * Fixed/Re-Config'd: - Guarddog firewall settings can be changed in LiveCD now (without Aufs) - edited Privoxy's /etc/privoxy/config file, adding global actionfile - /var/log/dmesg file re-added (although it is regenerated anyway) - KDM now shows "Anubis-Linux" instead of "ANUBIS" * Trivia: - when setting up the firewall, and during boot as well, you will receive "setlocal failed" warnings. I suspect this is due the updated mdadm. nevertheless - the firewall will work just fine, so please ignore these errors, they're in the process of being fixed. =-=-=-=-=-=-=-=-=-=-=-= Changes in AL2 Alpha-2: =-=-=-=-=-=-=-=-=-=-=-= * Added: - tcpdump (for snort), kernel-package, cryptcat, [k]nmap, macchanger - bcc, amideco, awardeco, yasm, csfp1, guidedog, iptstate, dash (apparently) - manpages-dev * Updated: - kernel to Debian's 2.6.30-6 - manpages, coreutils, testdisk, bash, nasm, fasm, snort, htop, zlib1g(-dev) - gdb and KDbg, which are mysteriously missing from Alpha-1, but anyway - packeth, file, hunt, unhide, wicd, dnsutils, procps, tor - chkrootkit, rkhunter, lynis, dosfstools, reiserfsprogs, binfmt-support - fasm and nasm for Win32 - NTCore ExplorerSuite to III (13/06/2009) - SELinux: - checkpolicy, libselinux1, libsemanage1, libsepol1, policycoreutils - python-selinux, python-semanage, python-sepolgen - selinux-policy-src, selinux-utils - Linux From Scratch book to 6.5 final - made substantial additions/corrections to my own docs, but no revamped C book yet * Removed: - BFI and MKBT went in search of Jimmy Hoffa because of their licenses and the fact that their author didn't return my e-mails. And after all, dd, mount and mkfs.msdos render them completely useless. Which makes me wonder what drove me to include them in the first place. Maybe it was the Wine. Oh yay I scored a pun today. :) - some Mepis-original driver packages went in search of tranquillity. * Fixed/Re-Config'd: - greatly refined runlevels, and a lot of useless stuff was disabled: Samba, UML, Exim4 (MTA), OpenBSD Utils, SANED, DirMngr, CUPS, RSync to name most. more of this will follow if I notice any new suspicious LISTEN's. security is important to AL, and I'll try to reinforce it the best I can. after all - AL *is* using insecure unstable software. we must be careful. if you need any of the above, simply enable in /etc/rc5.d/ (after installing). - added Debian Sid repository - changed directories' name in /ANUBIS/ - fixed fasm Win32 configuration problem which wouldn't allow the assembler to locate include files - cleaned up /etc/cron.X/ folders a tad - added Scroogle SSL Search to both Firefox and Konqueror. I'd use them with Tor. ;) * Trivia: - Decided to predominantly use "Anubis-Linux" or "AL" instead of simply "Anubis" because - surprise! - there's an Amiga OS project with a similar name, and an open-source mail client named so as well. ---------------------------------------------------------------------------- ------------ IT'S NOT PERMITTED TO GO BEYOND THIS POINT ------------ ------------ (RELAX FOLKS IT'S ONLY A LAME JOKE) ------------ ---------------------------------------------------------------------------- LAST MINUTE NOTES FOR ANUBIS 2 ALPHA-1 Definitions: ALPHA AND BETA RELEASES. Alpha's are stable releases but which still contain known bugs. Beta's are releases meant for testing only, and with good reason. So do not confuse the two, Alpha's are the "almost-ready" finals. Current problems: * Btrfs may not work for system install. Also, Btrfs-Tools version compatible with Debian's 2.6.30-3 kernel is 0.18-3. A bit of a surprise since the file {linux-source}/fs/btrfs/version.sh suggests that we're dealing with version 0.16. ------------------------------------ Don't forget: you (always) have to first initialize your Btrfs filesystem with "btrfsctl -a" or "btrfsctl -A /dev/whatever" before mount, or you'll receive an error about the kernel not recognizing the format. ------------------------------------ * Ext4 may not work. If you're using an old 2.6.27 kernel, you will definitely not be able to mount a version 1.41.8 Ext4 partition. * Wireless cards may not work. I've upgraded Ndiswrapper to 1.55 but didn't reinstall the Windows drivers (bcwl5); Broadcom and Atheros support kernel built-in but nothing is guaranteed. The final version of AL2 will probably contain a properly configured Ndiswrapper setup. * Installing Nvidia/Ati drivers through Mepis X Window Assistant... guess. Theoretically there should be no problem with Nvidia at least, because the Nvidia kernel module is installed okay. * GParted remains a useful partitioning tool but be advised; it cannot see Ext4 and Btrfs partitions. The disclaimer is as follows: * Btrfs works okay, but I couldn't boot from it. * Ext4 and wireless worked fine for me when testing. * Graphic drivers I didn't test. So there's a fair chance you might not experience any big problems. - RF