Sniffix.

Sniffix is a remastered knoppix distribution for demo/emergency purposes.
Remastered by: 
Laboratory of Cryptography and Systems Security
Budapest University of Technology and Economics
Dept. of Telecommunications

(This document is only a short intro for geeks interested in rsbac...)

What did I do with knoppix?

1. removed a bunch of unneccessary files
2. made a new kernel with rsbac 1.2.2pre release for testing / emergency
3. modified boot procedures, and started programs

A. Why?

Our goal is to make a bootable live cd with lots of tools, graphical 
front-end etc for academic purposes. We wish to make 5-10 identical cd's, 
put in 10 computers, start them, cut the line to the internet, and use
this 5-10 computer as a test lab for various reasons.

B. How?

Knoppix is good for booting up the computer. Auto setup for all the hardware.
Good. But we need some more. We have to change the kernel. BTW it would be 
great if we could run memtest86 from the same cd. 

Persistent homedir? Booting from knoppix has a major disadvantage: Everything
is lost if we reboot. (/home is in the ramdisk). This can be solved using a 
partition for the home dirs, with knoppix persistent homedir etc.

C. What's on the disk?

We used knoppix remastering howto to change the setup. For the new kernel we 
decided to use isolinux as the cdrom bootloader. On the 'master' directory
we put everything on the isolinux subdir (unpacked knoppix kernel, miniroot.gz
as initrd boot stuff, our kernels, the memtest86 image, isolinux.cfg)
Looking in isolinux.cfg you can see the boot options. 

-Booting:

During the boot knoppix image comes up with a prompt.
"1" (default, loaded with timeout) will load 2.4.20 + rsbac 1.2.2pre kernel
"KO" will load the original knoppix kernel as a boot floppy, so a "knoppix" 
logo and prompt will come up.
"knoppix" etc. are the standard knoppix modes
"M" loads memtest86


After pressing "1" the kernel comes up with the rsbac_delay_init, rsbac_softmode
where rsbac comes up only when the device 99:99 is mounted (never). 
So to turn on rsbac we have to use /usr/local/bin/rsbac_init /dev/ram0 as
 the root device in knoppix is the initrd ramdrive. After initialization 
rsbac is in soft mode, so no enforcement is active, You can set the 'default'
options, and turn on rsbac with switch_module SOFTMODE 0.

After booting the kernel a dialog (/etc/init.d/sniffix-dialog)
comes up. You can choose the role of this computer. It saves this to
/etc/sniffix.bootparam (on the initrd ramdisk), and other scripts such as the
modified xsession uses this to decide what to load. (this scripts are
in /etc/rc2.d , /etc/rc5.d , /etc/init.d (the standard runlevel for knoppix is
5))


"Server1" is a dhcp
server, it loads crontab, inetd with telnetd, starts sshd.
Dhcp is configured for 10.105.2.0/24 , and server 1 is 10.105.2.254.

"Server2" acts like server1 but also copies a crontab script for root. This 
will load periodically a netcat script that uses telnet to log into server1
as a user. Our students will have to intercept the password of this session by 
sniffing the network with a "client-role" computer.

"client for rsbac" is the rsbac demo role for this computer
It does not load xsession currently, but initializes rsbac, then loads
previously set basic settings (setuid right for /usr/sbin/ssh, and for
 /bin/login, in the next version also for /bin/su) (*note* the basic shell
has compiled-in su , so you might have to type /bin/su for rsbac! )
After this you get a shell with rsbac on-line. You can make modification as 
You wish. Most of the modification will be lost at the next reboot
if you do not save them! (to speed up backup_all 
/usr/local/bin/backup_all-noknoppix won't look in /usr and /var 
(except /usr/sbin, etc. look in the script) )

Users:
u: crysys pw: proba (has sudo rights)
u: secoff pw: proba
...

1. Why is this useful for You?

1. You can load a test rsbac client live-image to simply test some rsbac 
setup procedures without risking your live system (If you do not mount
hard drive partitions)

2. You can get some ideas how to make such demo cd for yourself.

Last words:

I publish this image as it might help to someone, but making a public 
demo system is not our main goal: Our main goal is to use this for our goals...


Contact:

Boldizsar Bencsath
Laboratory of Cryptography and Systems Security         
http://www.crysys.hu/
Dept. of Telecommunications
Budapest University of Technology and Economics
H-1111 Budapest, Magyar tudósok körútja 2. I ép. E.429.
email: bencsath.boldizsar@mail2002.crysys.hit.bme.hu