Automated Download and Installation of Operating SystemsHave you ever wanted to try Linux but didn't want to take the time to install it or take the risk of wiping out your Windows operating system? Well now you can use a bootable Linux CD. A Linux boot CD allows you to run Linux completely from RAM and CDROM. Alternatively you can run the live CD image from within VMWare or Virtual PC on your MS Windows machine. This will allow you to test the capabilities of Linux before you decide to install it or just let you run a more secure operating system. The Linux distribution comes with standard office tools such as a word processor, spreadsheet, data base and web browser. More interestingly this boot CD can also run multiple virtual machines as shown in the screen shot in diagram 1.
Diagram 1: A screen shot of ADIOS environment with UML
virtual machines
The ADIOS boot CD is part of a larger project to Automate the Download and Installation of Operating Systems to the desktop. In student laboratories a web server was used to deliver operating systems onto the PC. The ADIOS CD allows students to take home a similar environment to what was used within campus laboratories.
There are several bootable Linux CDs available via the Internet (see the list at the end of this article). However the ADIOS boot CD has some advantages that may be of interest to you.
For those of you new to Linux, the ADIOS boot CD can be inspected from a MS Windows system. The autorun on the ADIOS CD will allow you to access some document files (if nothing starts, then open the file autorun.html in your web browser). For example, you should read the installation guide before booting the CD. Next reboot from the CD, select option 1 to run in RAM try this first.
The boot CD comes with a considerable number of document guides to help users new to Linux. Also there is a search engine within the web server running on the Linux operating system. The ADIOS boot CD is not a full installation of the Fedora Core distribution due to the limited space on the CDROM. However you will find that there is more than 2 Giga Bytes of files on the 700MB CDROM, thanks to the use of disc compression. This also means that most of the ADIOS CD is not readable from the standard MS Windows system.
It is recommended that your PC has a minimum memory size of 256MB, although it is possible to run in a limited way with only 128MB of RAM. The Linux kernel version 2.6.17 has been built to support any processor from a 586 through to a Pentium 4. The software will inspect your disc drives and initially connect in a read-only mode to your disc partition. There are many options on starting the boot CD: besides running entirely from RAM, another choice allows you to allocate 356MB of disc space for storing user files, if you have a suitable filesystem. This requires the startup script to find a partition with enough free space and then remounting it read-write.
If you have at least 256 MB of free space on a FAT filesystem you can use run option 2. If you have enough free space to maintain a copy of the ISO image then use run option 7 as well, this will run faster and only requires the CD to boot the image, first you must copy the adios-6.0.iso CD image on the root directory of your MS Windows filesystem. Another option allows you to install the whole CD onto your disc drive, this option requires space of at least 5 Giga bytes for files. If you don't have space, the software will not create the files. Currently the software can write to FAT and EXT filesystems. There are also advanced options to save and restore writable files to floppy or USB storage, select the run level, select the size of files and access system tools. The guru options allow you to use these advanced options. The starting screen is the ADIOS boot CD Menu as shown in diagram 2.
AA DDDDDDD IIII OOOOO SSSSSS
AA A DD D II OO O SS S
AA A DD D II OO O SS
AA A DD D II OO O SSSSSS
AAAAAAAA DD D II OO O S
AA A DD D II OO O SS S
AA A DDDDDDD IIII OOOOO SSSSSS Build 14-June-2006
ADIOS 6.0 Copyright (C) 2006 GNU http://os.cqu.edu.au/adios |
Diagram 2: The ADIOS boot CD menu
If you new press enter or select menu to display the Run Option Menu as shown in diagram 3. This will allow you to configure ADIOS.
ADIOS Live CD Run Option Menu ---------------------------------------------------- 1) Run Linux from CD with /var files in RAM <== TRY THIS FIRST 2) Run Linux from CD with /var loop on DISK (requires 256MB of FAT/EXT3) 3) Run Linux from CD with /var changes saved to (or restored from) USB 4) Run Linux from CD with /var loop on USB (requires 256MB) 5) Run Linux from CD with /var changes saved to (or restored from) DISK 6) Run Linux from RAM and /var files in RAM (requires 1148MB of RAM) 7) Run Linux from DISK and /var files in RAM (requires 700MB of DISK) 8) Run Linux from USB and /var files in RAM (requires 700MB of USB) 9) Allocate (swap.img) loop file on DISK (requires 256MB of FAT/EXT3) d) Change the display resolution (Currently = 1024x768) l) Change the language for Linux (Currently = Australian) r) Change the starting runlevel (Currently = 5) h) Display Help on run options i) Display Copyright License Information (GNU General Public License) m) Display more menu options |
Diagram 3: The ADIOS boot CD run options
The next set of menus you will see are generated by system-config-display (run level 5). Here you will need to know what monitor you have and what resolution to choose. There are generic entries for standard monitors and laptop screens to help you. Most modern system have at least 4MB of video RAM, which will drive 1024x768 pixels with 16 bit colour. In system-config-display use the mouse to select your preferred resolution. If successful, X windows will start. Otherwise you can enter <CTRL><ALT><F2> to login and run system-config-display again. Remember to change the root, super, cso and adios passwords from “12qwaszx”.
Once you have started the boot CD you can start investigating Linux. First login using the user name "adios", with the default password, "12qwaszx". You can select from the KDE or ICE desktop environments. From the desktop popup menu or start button you can choose to set preferences, run games, create office documents, read online documents, connect to other network shares, start virtual machines, and a whole lot more. For those of you who prefer to type commands you can open a command prompt window or X terminal. The boot CD automatically starts a number of services, such as the apache web server. You can list all of the running services using the control panel or by typing the command "service --status-all". Choose one of the web browsers available, such as "firefox" to surf the documentation on the CD. The home page of the web server on the CD is at http://adios.vnet or at http://localhost. Here you will find that the web server has a search engine which will enable you to find what you are looking for faster. Since you are the web administrator you can write your own CGI scripts. Some examples CGI scripts are supplied on the local web site on the CD to get you started.
Diagram 4: UML Virtual Machines connections
The ADIOS boot CD was designed to allow users to run multiple virtual machines which can be configured as a network as shown in diagram 3. The virtual machines are created using User Mode Linux (UML), which is available from http://user-mode-linux.sourceforge.net. The UML virtual machines can utilise Copy-On-Write (COW) technology so that original image is not over-written and this uses less space. The virtual machines start a terminal interface via a virtual console. Each virtual machine can also be accessed via an ICE desktop, by entering the command "startx". These virtual machines can nearly execute all of the same applications and services as the parent system. The virtual machines can be configured to run a web server, a web proxy, a mail gateway, a router, a packet filter or a domain name server. Due to limited memory, the client software should be kept small. Thus, the "firefox" web browser is recommended for the virtual machine. Each virtual machine is connected to the parent system via the first virtual ethernet card on interface "eth0". The parent system can be configured to masquerade all of the virtual machines so that they can surf the external network just like as if you were using the parent system. On the parent a simple shell script "uml_masq" to masquerade the UML virtual machines is built into the parent system, see diagram 4.
Note: The current version
requires you to run a script uml_fix on the parent machine and on the UML virtual
machine after the virtual machines have started. This resets the Maximum Transfer Unit
(mtu) to 1484 bytes for communication between the UML machines. You also need to set
the hardware address, write a simple script to set the last three bytes of the MAC address
the same as the last three bytes of the IP address. For example, check out the
configuration file /etc/uml/rc.local.
# uml_masq - masquerade
# allow IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# reject all new incoming packets
iptables -A INPUT -i eth0 -m state --state NEW \
-j REJECT --reject-with icmp-port-unreachable
iptables -A FORWARD -i eth0 -m state --state NEW \
-j REJECT -- reject-with icmp-port-unreachable
# masquerade virtual internal networks
iptables -t nat -o eth0 -A POSTROUTING -J MASQUERADE
|
Diagram 5: Masquerading UML machines
By default, each virtual machine is able to connect to four virtual ethernet switches and one virtual ethernet hub. This allows you to wire the parent system and virtual machines anyway you like, by enabling network interfaces as needed. For example if you wanted to setup a firewall with a De-Militarised Zone (DMZ) between an Exterior Packet Filter and an Interior Packet Filter, you can (see diagram 5). Each of the UML virtual machines by default is allocated 32MB of RAM, a COW root filesystem file which starts using about 24MB of RAM which could potentially grow to 400MB and a COW swap filesystem which can grow to 64MB. So it is important to remember that even though four virtual machines will run inside of 256MB of real RAM, if you intend to perform tasks which require lots of data storage or swapping, you will require more real physical RAM and/or disc space. For run option 1, the parent machine will allocate about half of its RAM to virtual disk space in the directory /var/tmp and rest of RAM will be used by the parent to run itself and the virtual machines. If your PC does not have adequate RAM the you should use option 2 (described above) where you could allocate a FAT or EXT file of 2GB. However, if you monitor virtual disk usage and limit swapping by not running too many applications within each virtual machine, then your PC should be able to support a web browser in one virtual machine, a web server in another, a web proxy server in another as well as filtering rules and diagnostic tools. The configuration file /etc/uml/uml.conf allows you to change the memory usage, number of virtual machines, number of ethernet switches and hubs. The current version of the uml script allocates RAM to the virtual machines based on the total RAM available.
Diagram 6: A sample virtual network with firewall components.
The ADIOS project home site is at http://os.cqu.edu.au/adios. The primary objective of the project is to automate the download of operating systems in a laboratory environment using a web server. The software uses a web server to install itself onto the workstation, so that the boot CD or diskette is no longer required. The Linux image is downloaded and uses a similar image to one on the ADIOS boot CD. Web servers are very efficient at delivery of large files, in this case operating system images over local area networks. Access control features provided within the web server can limit users on the organisation's network. The boot diskette only requires a command line web client and a simple install script to send requests to a CGI engine on the web server. The web client will download and execute more install scripts. The first task is to download the extra commands required to format disc space and uncompress downloaded operating system images. Storing the client install scripts on the web server allows changes and development of new scripts to be made on the web server. To limit network traffic, downloaded images are stored on the client in another disc or partition. To restore an operating system requires disc-to-disc copying as opposed to copying over the network. Images stored on backup disc partitions can be verified using date, size and checksum information.
The software on the CD is a collection of network administration and management tools, which can be used to setup routing (quagga/zebra), authentication servers (openldap), network management software (net-snmp), web server (apache), proxy server (squid), stateful packet filtering (iptables) and intrusion detection systems (snort). There are some nice diagnostic tools such as ethereal which displays network packets and analyses the IP traffic, nessus which looks at the vulernerability of servers, or top which displays the usage of resources on your PC. The boot CD also comes with shells, compilers and scripting languages such as bash, nasm, C, C++, Perl, Python, PHP and Ruby. To write and modify source code you can open a command prompt X terminal to type in commands. There are several editors available for creating and modifying files.
If your PC system is short of memory, remember that ICEwm uses the less memory than KDE (the X windows desktop environment). Consider not running X windows on the virtual machines. Better still, for those of you who prefer a command prompt interface, select run level 3. Once the system has started you can login as root user. You can start virtual machines by typing "uml". For run level 3, each virtual machine is connected to a virtual console via <ALT><F5> through to <ALT><F12>. The parent machine is accessed via <ALT><F1> through to <ALT><F4>.
Various security systems have been added to the parent boot CD and to the UML virtual machine. For the UML virtual machine you can modify the configuration file uml.conf and choose LIDS or SELinux. The LIDS capabilities are set on or off in the file lids.cap. The lids configuration file lids.conf grants access to files for various applications. See the LIDS home site at http://www.lids.org for documentation. The UML virtual machines can also start SELinux. SELinux support has been added via run option 20 (resize ntfs partition, create EXT3 partition and install ADIOS in its own partition). Documentation and further support for SELinux including how to make X windows work can be obtained from http://www.nsa.gov/selinux/ and the unofficial site http://www.crypt.gen.nz/selinux. A Chief Security Officer user "cso" is able to set the security privileges and user "super" has both "root" and "cso" privileges. ADIOS version 1 had UML support for Rule Security Based Access Control (RSBAC) which provides mandatory access control, a security officer and role based security, for more information see the RSBAC home site at http://www.rsbac.org.
Other useful software sites used to create the ADIOS boot CD are listed below. The Fedora Core distribution is at http://fedora.redhat.com and is mirrored in Australia at http://mirror.aarnet.edu.au/. The User Mode Linux is available from http://user-mode-linux.sourceforge.net. The X windows desktops are at http://www.kde.org, http://www.gnome.org, and http://www.icewm.org. Additional software used on the ADIOS boot CD comes from: the Linux Document Project http://www.ldp.org; The Open Source Network Intrusion Detection System http://www.snort.org; Analysis Console for Intrusion Databases http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html: FreeSwan (IPSec) http://www.freeswan.org; Simple Web Interface System for Humans - Enhanced http://swish-e.org; Busybox http://busybox.net; and http://www.uclibc.org. Other bootable Linux CDs of interest are PuppyLinux http://www.puppylinux.org, KNOPPIX http://www.knoppix.net, and VIRTUAL LINUX http://www.virtual-linux.org. You can find even more by searching at http://www.google.com or other search engine.
Written by Neville Richter, n.richter@cqu.edu.au Copyright GNU Public Licence 2003-2006.