Have you ever been suspicious that your system might have been compromised? Integrity checkers like AIDE and Tripwire, as well as related products such as chkrootkit, provide a way to detect a compromised system. But if you run them from within the system, there's no guarantee you're getting faithful results, since -- by definition -- any compromised system can intercept your request to run the programme and provide forged results.

For the truly paranoid, I've put together a bootable CD which lets you check the integrity of your system from outside the system, using AIDE. And it fits in 5MiB.

To do this:

1) Create the CD with the settings of your choosing.
2) Boot the CD on a clean system and initialise the AIDE database (on removable media such as a USB key or floppy)
3) Whenever you want to check the system, simply boot the CD, insert the media containing the AIDE database, and run the integrity checker.

Disclaimer
===========

If you do this, you do it at your own risk. I am not qualified to offer security advice, or to program. You might break your system, or lose data. I'm not joking. I do use this on my own (non-production) system though.

Requirements
=============

You'll need access to the isolinux binary. The script assumes isolinux.bin will be in /usr/lib/syslinux/, but you can easily alter that. Use the syslinux package in Debian, or visit syslinux.zytor.com.

You'll also need some Debian packages, which you can download even if you don't have Debian. These are 'aide' and 'busybox-static'.

Finally, you'll need a customised kernel. Again, not using Debian isn't fatal, although it will complicate things (I explain more about this in the next section). The script isn't currently set up to handle module loading, so module loading should be disabled in whatever kernel you use.

Creating the CD
================

To create the CD, run the script at the end of this article. You should customise it first, to ensure the defaults are the right ones for your system.

At the very least, you may need to replace the device the CD boots off. I have hardcoded this as '/dev/hdc' at line 420 of the script. You may also need to add devices around lines 152 and 391.

You'll probably also want to check FSDEV (the filesystem to be checked), DBDEV (the removable device you'll store the AIDE database on) and MBDEV (the device containing the master boot record for your machine).

Finally, you might want to tweak the settings in the etc/aide/aide.conf file referred to in the script. By default, the only change to the script supplied by the Debian folks is that the path to the AIDE database is altered. In all likelihood you will also want to enable or disable some of the default checks.

>>> Digression for non-Debian users:

The script is designed to run on a Debian installation, but only two changes should be required to make it run elsewhere.

Firstly, you need to change the 'apt-get' command to a 'wget' command with the correct path. The packages used -- busybox-static and aide -- are available from Debian mirrors.

And secondly, you need to find some other way to add your kernel of choice to the CD. Currently, I do this:

1. Install http://www.backports.org/debian/dists/stable/kernel-source-2.4.27/binary-i386/kernel-source-2.4.27_2.4.27-8_all.deb
2. tar -xvjf /usr/src/kernel-source-2.4.27.tar.bz2
3. cd kernel-source-2.4.27
4. make menuconfig # (or copy the config at the end of this file to .config, then make appropriate changes for your system)
5. make-kpkg kernel_image
6. make sure the KERNEL variable in the script points to the resulting binary (usually it is dumped in /usr/src by make-kpkg).
7. In the script, extract the necessary files from the .deb using 'ar' and 'tar' (lines 439 and 440 of the script).

>>> End of digression.

Note that when the script has finished running (and assuming it works) you need to manually burn the ISO it generates to CD using cdrecord or a CD burning package with a GUI interface. 'cdrecord -speed=4 -dev=0,0,0 -blank=fast /tmp/aide.iso' works for me with a CD-RW in the first CD drive.

BOOTING THE CD THE FIRST TIME
==============================

On an uncompromised system, insert the CD-ROM and the media you plan to store your AIDE database on (a USB key or floppy, for example), then reboot the system. Assuming your system is set up to boot from CD (check your BIOS setup if not) you should be dumped to a command line. If everything goes according to plan, you can then type the 'run_aide' command to create an aide.db file on your removable media, as well as copies of the bootsector and master boot record.

run_aide optionally takes arguments so that you can alter the filesystem to be checked, device used for storage of aide.db, and device containing the Master Boot Record. See the usage() function in the run_aide script.

Note for the super-careful: If you want to be 99.9% sure your system is clean, download ISOs rather than doing net-based installs. Then check the MD5 checksums of the ISOs on a couple of different machines running different distros, comparing to what the distro-maker says they should be. Then, if everything is okay, do a minimal install. This is your clean system.

CHECKING THE SYSTEM
====================

To check your system's integrity, turn your machine off. Ensure your CD is in the drive and insert your removable media. Then turn on the machine. At the prompt, use the 'run_aide' command. It should find the aide.db and boot sector/master boot record files you created on first boot (see last section).

run_aide will compare the contents of your filesystem with the database and let you know of any changes. If there are no changes, you can relax (note that in my experience, you can safely ignore the warnings that you are almost certain to get about dead symlinks).

If there are changes, they may be innocent. If you are happy that any changes are innocent, you can update the database so that it reflects the current state of the filesystem.

Similarly, any changes in boot sectors will be reported, and you will be given the opportunity to update the files on your removable media if you are happy with changes.

USING THE CD IN REAL LIFE
==========================

In real life, I use the CD on a clean system to generate my initial database.

Then whenever I want to add or update packages, I download the packages and put them on removable media (for example: apt-get --download-only install package_name). I then check the MD5 checksums of the .deb files on the target machine and another machine, comparing to those Debian says I should have. This doesn't protect against compromise of the files at source (e.g. on the Debian ftp server) but does protect against compromise on my machine.

I then reboot, boot off the CD and check system integrity. At this point, I haven't installed or updated any binaries, so there should be few changes reported.

When I am happy, I boot back into the target system, and install the packages I have already downloaded. This step is performed without being connected to a network.

Finally, I reboot into the CD again and recheck integrity, this time ensuring I say 'y' when asked whether or not to update the database.

It's an involved process, but I'm pretty darn sure my machine is clean.

HOW THE CD WORKS
=================

The CD boots using syslinux. You put the right syslinux files in /syslinux (within the ISO filesystem) and provide a kernel, and it will boot using an initial ramdisk as the root filesystem.

The initial ramdisk is just a compressed image of an ext2 filesystem, with a very minimal set of utilities (busybox), which does some configuration to mount the real root filesystem (the ISO itself).

The real root filesystem contains (another copy of) busybox and a statically compiled version of AIDE. There are some scripts added to make integrity checking easier.

QUESTIONS/PROBLEMS
===================

E-mail me. I'm on the Wellylug mailing list with the same username as the one I use here, so you can find my address easily enough.

KERNEL CONFIGURATION (99 LINES):
=================================

CONFIG_X86=y
CONFIG_UID16=y
CONFIG_EXPERIMENTAL=y
CONFIG_MPENTIUMIII=y
CONFIG_X86_WP_WORKS_OK=y
CONFIG_X86_INVLPG=y
CONFIG_X86_CMPXCHG=y
CONFIG_X86_XADD=y
CONFIG_X86_BSWAP=y
CONFIG_X86_POPAD_OK=y
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_X86_L1_CACHE_SHIFT=5
CONFIG_X86_HAS_TSC=y
CONFIG_X86_GOOD_APIC=y
CONFIG_X86_PGE=y
CONFIG_X86_USE_PPRO_CHECKSUM=y
CONFIG_X86_F00F_WORKS_OK=y
CONFIG_X86_MSR=y
CONFIG_X86_CPUID=y
CONFIG_NOHIGHMEM=y
CONFIG_MTRR=y
CONFIG_X86_UP_APIC=y
CONFIG_X86_UP_IOAPIC=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
CONFIG_X86_TSC=y
CONFIG_PCI=y
CONFIG_PCI_GOANY=y
CONFIG_PCI_BIOS=y
CONFIG_PCI_DIRECT=y
CONFIG_HOTPLUG=y
CONFIG_SYSVIPC=y
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_SYSCTL=y
CONFIG_KCORE_ELF=y
CONFIG_BINFMT_ELF=y
CONFIG_PM=y
CONFIG_APM=y
CONFIG_OPTIMISE_SIZE=y
CONFIG_PARPORT=y
CONFIG_PARPORT_PC=y
CONFIG_PARPORT_PC_CML1=y
CONFIG_PARPORT_1284=y
CONFIG_BLK_DEV_FD=y
CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=4096
CONFIG_BLK_DEV_INITRD=y
CONFIG_IDE=y
CONFIG_BLK_DEV_IDE=y
CONFIG_BLK_DEV_IDEDISK=y
CONFIG_BLK_DEV_IDECD=y
CONFIG_BLK_DEV_IDEPCI=y
CONFIG_IDEPCI_SHARE_IRQ=y
CONFIG_BLK_DEV_IDEDMA_PCI=y
CONFIG_BLK_DEV_IDEDMA=y
CONFIG_BLK_DEV_VIA82CXXX=y
CONFIG_SCSI=y
CONFIG_BLK_DEV_SD=y
CONFIG_SD_EXTRA_DEVS=40
CONFIG_CHR_DEV_SG=y
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_SERIAL=y
CONFIG_UNIX98_PTYS=y
CONFIG_UNIX98_PTY_COUNT=256
CONFIG_PRINTER=y
CONFIG_EXT3_FS=y
CONFIG_JBD=y
CONFIG_FAT_FS=y
CONFIG_MSDOS_FS=y
CONFIG_VFAT_FS=y
CONFIG_TMPFS=y
CONFIG_RAMFS=y
CONFIG_ISO9660_FS=y
CONFIG_JOLIET=y
CONFIG_ZISOFS=y
CONFIG_PROC_FS=y
CONFIG_DEVPTS_FS=y
CONFIG_EXT2_FS=y
CONFIG_EXT2_FS_XATTR=y
CONFIG_ZISOFS_FS=y
CONFIG_FS_MBCACHE=y
CONFIG_MSDOS_PARTITION=y
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="cp437"
CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_ISO8859_15=y
CONFIG_NLS_UTF8=y
CONFIG_VGA_CONSOLE=y
CONFIG_VIDEO_SELECT=y
CONFIG_USB=y
CONFIG_USB_DEVICEFS=y
CONFIG_USB_UHCI=y
CONFIG_USB_STORAGE=y
CONFIG_LOG_BUF_SHIFT=0
CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=y

THE SCRIPT (484 LINES):
========================

#!/bin/sh
#Creates a bootable CD which will run aide using a database found on a specified volume
#(e.g. floppy, USB key or CD-ROM)

#USER-DEFINABLE VARIABLES

#Location used to prepare iso (iso will be copied
#to the directory one level above this location.
#If left blank, a random temporary file will be
#created, and the iso will appear in the /tmp
#directory (at least on Debian).
TMPISODIR=
#Location where necessary .deb files are stored
#(kernel .deb may be stored elsewhere)
DEBARVDIR=/home/ct/aidecddebs
#Location where kernel .deb file is stored
KERNEL=/usr/src/kernel-image-2.4.27_bootdisk_i386.deb
#No longer used
#FSSIZE=20000
#Size of the initial ramdisk, in MB
RDSIZE=4
#Device the AIDE database and bootsector copies
#will be found on (default can be changed when
#running AIDE).
DBDEV=/dev/sda1
#Device AIDE is checking (default can be changed
#when running AIDE). The first 512 bytes of this
#device (boot sector) will also be checked for
#integrity.
FSDEV=/dev/hda2
#Device containing Master Boot Record.
MBDEV=/dev/hda
#Default printer device. A printer is not required,
#but if it is, specifying it here will make it possible
#to print to it using the 'lpr' script.
#You may also need to add the correct device to
#the section titled "Add Devices for iso filesystem"
PRINTERDEV=/dev/lp0
#Maximum width of lines to be sent to the printer.
#The 'lpr' script will wrap at this width.
PRINTWIDTH=70

#End of user-definable variables

# Function to set up loop device

dolosetup()
{
file=$1
shift
until losetup $1 $file; do
shift
if [ "$1" == "" ]; then
return
fi
done
loopdev=$1
}

# Are you root?

if [ $UID -ne 0 ]; then
echo 'Must be root to run this script'
exit 1
fi

# Download .deb files
# If you have a non-Debian system, this could be changed
# to wget the required files.

echo 'Downloading files...'

apt-get --download-only install aide busybox-static

# Set up temp directory

echo 'Setting up temporary directory for ISO creation'

if [ "$TMPISODIR" == "" ]; then
tmpfile=$(tempfile)
rm "$tmpfile"
TMPISODIR="$tmpfile"
fi;

if [ ! -d "$TMPISODIR" ]; then
mkdir "$TMPISODIR";
if [ $? -ne 0 ]; then
echo "Failed trying to creating temporary directory to prepare ISO file ($TMPISODIR). Exiting."
exit 1
fi
fi;

echo "Temporary directory for ISO file creation: $TMPISODIR"

cd "$TMPISODIR"

# Create/populate root file system
echo 'Copying/creating files for root file system'

mkdir -p bin dev etc proc root tmp sbin usr/bin usr/sbin lib usr/lib dev \
etc boot isolinux tmpmnt var/aide usr/local/bin usr/local/sbin


for deb in {aide_0.8-2,busybox-static_0.60.5-2.2}_i386.deb; do
ar -x "$DEBARVDIR"/"$deb" data.tar.gz
tar -p -xzf data.tar.gz
rm data.tar.gz
done

# We need to change the paths to the aide db files because
# we pivot_root into the filesystem we want to test and
# put the iso root fs into /tmp.
cp etc/aide/aide.conf etc/aide/aide.conf.old
sed -e 's$^\(database=file:\)\(.\)$\1/tmp\2$' \
-e 's$^\(database_out=file:\)\(.*\)$\1/tmp\2$' etc/aide/aide.conf.old \
> etc/aide/aide.conf
rm -f etc/aide/aide.conf.old

cd bin
ln -s busybox ash
ln -s busybox cd
ln -s busybox sh
ln -s busybox echo
ln -s busybox chroot

cd ../sbin

ln -s ../bin/busybox init
ln -s ../bin/busybox linuxrc

cd ../etc

cat < inittab
::sysinit:/etc/init.d/rcS
::respawn:-/bin/ash
tty2::respawn:-/bin/ash
EOF

mkdir init.d

cat < init.d/rcS
#!/bin/sh
export PATH=/bin:/sbin:/usr/bin:/usr/sbin
busybox echo "Made it!!!"
mount -t proc proc /proc
EOF

chmod a+x init.d/rcS

cd ../dev
# Add Devices for iso filesystem
mknod console c 5 1
mknod hda b 3 0
mknod hda1 b 3 1
mknod hda2 b 3 2
mknod hda3 b 3 3
mknod hdc b 22 0
mknod sda b 8 0
mknod sda1 b 8 1
mknod lp0 c 6 0
mknod tty c 5 0
mknod null c 1 3
for i in $(seq 0 9); do
mknod tty$i c 4 $i
done;

cd ../usr/bin

# Script to check integrity of filesystem/boot sectors

cat > run_aide << EOF
#!/bin/sh
usage()
{
echo "\$0: Checks the integrity of the filesystem (using AIDE) and bootsectors"
echo "Usage: \$0 [database_device] [filesystem_device] [MBR_device]"
echo "eg. \$0 /dev/sda1 /dev/hda2 /dev/hda"
echo "database_device is where the AIDE database will be found/stored"
echo "filesystem_device is the partition to be checked by AIDE"
echo "MBR_device is the device containing the active Master Boot Record"
echo "The first two devices must be mountable block devices, the third"
echo "device must exist."
exit 1
}

if [ \$# -eq 0 ]; then
DBDEV=$DBDEV
FSDEV=$FSDEV
MBDEV=$MBDEV
elif [ \$# -eq 1 ]; then
DBDEV=\$1
FSDEV=$FSDEV
MBDEV=$MBDEV
elif [ \$# -eq 2 ]; then
DBDEV=\$1
FSDEV=\$2
MBDEV=$MBDEV
else
DBDEV=\$1
FSDEV=\$2
MBDEV=\$3;
fi

if [ ! -b \$DBDEV -o ! -b \$FSDEV -o ! -b \$MBDEV ]; then
usage
fi;
mkdir /tmp/dbdev
# Note that you may want to change the fstype in the next line
mount \$DBDEV -t vfat -o sync /tmp/dbdev || usage
mount \$FSDEV -o ro,noatime,noexec,nodev /mnt || usage
cd /mnt

# AIDE stuff
pivot_root . /mnt/tmp
if [ ! -e /tmp/tmp/dbdev/aide.db ]; then
echo "AIDE: CREATING BASELINE..."
echo "Use space bar to page through output"
echo "Output/errors also recorded in /tmp/aide_report"
/tmp/usr/bin/aide -c /tmp/etc/aide/aide.conf --init > /tmp/tmp/aide_report 2>&1
cd /tmp
/tmp/bin/busybox pivot_root . /tmp/mnt
more /tmp/aide_report
cd /mnt
pivot_root . /mnt/tmp
echo "Copying baseline database to \$DBDEV"
/tmp/bin/busybox cp /tmp/var/lib/aide/aide.db.new /tmp/tmp/dbdev/aide.db
else
echo 'AIDE: CHECKING FILESYSTEM...'
/tmp/bin/busybox cp /tmp/tmp/dbdev/aide.db /tmp/var/lib/aide/aide.db
echo "Use space bar to page through output"
echo "Output/errors also recorded in /tmp/aide_report"
/tmp/usr/bin/aide -c /tmp/etc/aide/aide.conf --check > /tmp/tmp/aide_report 2>&1
cd /tmp
/tmp/bin/busybox pivot_root . /tmp/mnt
more /tmp/aide_report
cd /mnt
pivot_root . /mnt/tmp
read -p "Update the baseline database? (y=yes) " yn
echo ""
if [ "\$yn" = "y" -o "\$yn" = "Y" ]; then
echo "AIDE: UPDATING BASELINE..."
/tmp/usr/bin/aide -c /tmp/etc/aide/aide.conf --update
echo "Copying updated baseline database to \$DBDEV"
/tmp/bin/busybox cp /tmp/var/lib/aide/aide.db.new /tmp/tmp/dbdev/aide.db;
else
echo "No update done.";
fi;
fi
cd /tmp
/tmp/bin/busybox pivot_root . /tmp/mnt

# Check bootsector
changed=0
if [ ! -e /tmp/dbdev/bootsec -o ! -e /tmp/dbdev/mbr ]; then
echo "BOOTSECTORS: MAKING BASELINE COPIES..."
dd if=\$FSDEV of=/tmp/dbdev/bootsec bs=512 count=1
dd if=\$MBDEV of=/tmp/dbdev/mbr bs=512 count=1;
else
echo "BOOTSECTORS: CHECKING..."
dd if=\$FSDEV of=/tmp/bootsec bs=512 count=1
dd if=\$MBDEV of=/tmp/mbr bs=512 count=1
cmp /tmp/dbdev/bootsec /tmp/bootsec > /dev/null 2>&1
retval=\$?
if [ \$retval -eq 1 ]; then
echo "Bootsector of \$FSDEV has changed."
changed=1;
elif [ \$retval -gt 1 ]; then
echo "An error occured checking the bootsector of \$FSDEV.";
fi;
cmp /tmp/dbdev/mbr /tmp/mbr > /dev/null 2>&1
retval=\$?
if [ \$retval -eq 1 ]; then
echo "Master boot record (\$MBDEV) has changed."
changed=1;
elif [ \$retval -gt 1 ]; then
echo "An error occured checking the Master boot record (\$MBDEV).";
fi;
if [ \$changed -eq 1 ]; then
read -p "Update the baseline copies? (y=yes) " yn
echo ""
if [ "\$yn" = "y" -o "\$yn" = "Y" ]; then
echo "BOOTSECTORS: UPDATING BASELINE COPIES..."
dd if=/tmp/bootsec of=/tmp/dbdev/bootsec bs=512 count=1
dd if=/tmp/mbr of=/tmp/dbdev/mbr bs=512 count=1
else
echo "No update done."
fi;
fi;
fi
umount \$DBDEV
umount \$FSDEV

echo "DONE."

EOF

chmod a+x run_aide

# Utility scripts to enable simple printing of plain text files

cat > qadfold << EOF
#!/bin/sh
#Quick and dirty fold: script to read \$lines lines from stdin and
#wrap text at \$linelen characters

OLDIFS="\$IFS"
IFS="\n"

linelen=\$1
lines=\$2

line=1
while [ \$line -le \$lines ]; do
read str
linelen=\$1
i=\$((\$(expr length "\$str") / \$linelen ))
j=0
while [ \$j -le \$i ]; do
subexpr="\$(expr substr "\$str" \$((\$j*\$linelen+1)) "\$linelen")"
printf "%s\\n\\015" "\$subexpr"
j=\$((\$j+1))
done;
line=\$((\$line+1))
done

IFS="\$OLDIFS"

EOF

chmod a+x qadfold

cat > lpr << EOF
#!/bin/sh
#Very basic program to send \$FILETOPRINT to a printer on
#\$DEV ($PRINTERDEV by default). Wraps text at $PRINTWIDTH
#characters.

FILETOPRINT=\$1
if [ \$# -lt 2 ]; then
DEV=$PRINTERDEV;
else
DEV=\$2;
fi
echo -ne "\\033E" > \$DEV
lines=\$(wc -l "\$FILETOPRINT")
cat "\$FILETOPRINT" | qadfold $PRINTWIDTH \$lines > \$DEV || echo "Failed"
echo -ne "\\033E" > \$DEV

EOF

chmod a+x lpr

cd ../..

echo 'Done'


# Create initrd filesystem

echo "Creating and mounting initrd filesystem..."

dd if=/dev/zero of=initrd bs=1M count=$RDSIZE

dolosetup initrd /dev/loop*
if [ "$loopdev" == "" ]; then
echo 'losetup failed. Exiting'
exit 1
fi

mke2fs -m 0 -b 1024 $loopdev
mount -t ext2 $loopdev tmpmnt
cd tmpmnt

# Populate initrd filesystem

echo "Populating initrd filesystem..."

mkdir -p {,s}bin dev etc proc tmp

deb=busybox-static_0.60.5-2.2_i386.deb
ar -x "$DEBARVDIR"/"$deb" data.tar.gz
tar -p -xzf data.tar.gz
rm data.tar.gz
rm -rf usr/share/doc
cd bin
for util in ash cat cd cp echo init ln ls mkdir mount pivot_root sh umount; do
ln -s busybox $util
done

cd ../dev

mknod console c 5 1
mknod hda b 3 0
mknod hda1 b 3 1
mknod hda2 b 3 2
mknod hda3 b 3 3
mknod hdc b 22 0
mknod tty c 5 0
mknod null c 1 3
for i in $(seq 0 9); do
mknod tty$i c 4 $i
done;

cd ../etc

cat < fstab
/dev/ram0 / ext2 defaults 0 0
proc /proc proc defaults 0 0
EOF

cd ..

cat > linuxrc << EOF
#!/bin/sh
export PATH=/bin:/sbin:/usr/bin:/usr/sbin
mount -oremount,rw /
mount /proc
mkdir aideroot
mount -t tmpfs tmpfs /aideroot
mkdir /aideroot/iso
mount /dev/hdc /aideroot/iso -t iso9660 -oro
mkdir /aideroot/oldinitrd
mkdir /aideroot/mnt
cd /aideroot
for i in bin lib usr sbin; do
ln -s iso/\$i \$i
done
cd /aideroot/iso
for i in dev etc proc root tmp var; do
cp -a \$i /aideroot/
done
cd /aideroot
pivot_root . /aideroot/oldinitrd
umount /oldinitrd/proc
exec chroot . /sbin/init dev/console 2>&1
EOF
chmod a+x linuxrc

cd ..
ar -x "$KERNEL" data.tar.gz
tar -p -xzf data.tar.gz ./boot*
cd tmpmnt
# NB: Modules disabled in kernel for now
# tar -p -xzf ../data.tar.gz ./lib/modules*
cd ..
rm data.tar.gz

umount $loopdev
losetup -d $loopdev

gzip -9 initrd

# create/copy files for isolinux
echo "Creating/copying files for isolinux"
cd isolinux
cp /usr/lib/syslinux/isolinux.bin .
cp ../boot/vmlinuz-2.4.27 vmlinuz
cp ../boot/System.map-2.4.27 map
cp ../initrd.gz .

cat << EOF > bootmsg.txt
Booting AIDECD
EOF

cat << EOF > isolinux.cfg
LABEL linux
KERNEL vmlinuz
APPEND initrd=initrd.gz root=/dev/ram0 init=/linuxrc
TIMEOUT 30
DISPLAY bootmsg.txt
EOF

# One level above temp dir
cd ../..

# Create ISO
echo "Making ISO. Burn with, e.g.:"
echo "cdrecord -dev=0,0,0 -speed=4 $PWD/aidecd.iso"
echo "(dev and speed will depend on your setup)"
mkisofs -U -r -o aidecd.iso -b isolinux/isolinux.bin -c isolinux/boot.cat \
-no-emul-boot -boot-load-size 4 -boot-info-table "$TMPISODIR"

#TODO: Add chkrootkit? It would need to be statically compiled. All the files it needs
#are in busybox, unless it calls them with exotic options.

Comments:

If you would like to submit a comment, click here.

Submit a Comment:

You must login to post comments