either grab some stage2 or build it yourself
cd /data/kernels/ wget http://mirrors.2f30.org/sabotage/sabotage-1.1.19-x86_64-rootfs-stage2-e0b6285a.tar.xz
cd /data/guests/ mkdir sabotage/ cd sabotage/
sparse file right below the 8589934591
bytes limit for tar and ustar formats: 8192 - 1 MiB
dd if=/dev/zero of=sabotage.reiser4 bs=1M count=0 seek=8191 #or even better, just one block of 4K behind # 8589934591 - 4096 #dd if=/dev/zero of=sabotage.reiser4 bs=8589930496 count=0 seek=1 mkfs.reiser4 -fy sabotage.reiser4 mkdir lala/ mount sabotage.reiser4 lala/ #mkfs.ext4... #tune2fs -O ^metadata_csum sabotage.reiser4
LVM2 thin-provisioning
mkfs.ext4 /dev/drbd2 tune2fs -O ^metadata_csum /dev/drbd2 mkdir lala/ mount /dev/drbd2 lala/
tar xJf /data/kernels/sabotage-1.1.19-x86_64-rootfs-stage2-e0b6285a.tar.xz -C lala/ vi lala/etc/fstab /dev/xvda1 / reiser4 defaults 0 1 cp -R lala/etc/service/ttyS0/ lala/etc/service/hvc0/ vi lala/etc/service/hvc0/run exec getty -L 38400 hvc0 xterm #linux mkdir lala/lib/modules/ tar xzf /data/kernels/5.2.21.domureiser4.modules.tar.gz -C lala/lib/modules/
remove hwclock and that hotplug thing line 23
vi lala/etc/rc.boot (remove hwclock) #echo /sbin/mdev > /proc/sys/kernel/hotplug (get rid of the `/tmp/` write-test condition right after rw=true) vi lala/etc/rc.shutdown (remove hwclock there also) echo modprobe tmem > lala/etc/rc.modules chmod +x lala/etc/rc.modules vi lala/etc/rc.local do_static_ip=true ... if=eth0 ip=x.x.x.x nm=255.255.255.0 gw=x.x.x.x ... echo -n sshd... /bin/sshd && echo done vi lala/etc/profile TZ="Europe/Moscow" TZ="Europe/Paris" ... case "$-" in *i*) alias ll='ls -alhF --color=auto' alias cp='cp -i' alias mv='mv -i' alias rm='rm -i' ;; esac du -sh lala/ #reiser4: 454M #ext4: 174M rm -f lala/root/.ash_history
default password is sabotage but that’s already too complicated to remember
ls -lhF lala/etc/shadow mv lala/etc/shadow lala/etc/shadow.dist echo root:*:15082:0::::: > lala/etc/shadow chmod 400 lala/etc/shadow chroot lala/ passwd -d root umount lala/ rmdir lala/
ls -lhF /data/kernels/*vmlinuz* vi sabotage
INTERNAL NETWORK br0
kernel = "/data/kernels/5.2.21.domureiser4.vmlinuz" root = "/dev/xvda1 ro console=hvc0 mitigations=off" name = "sabotage" vcpus = 3 maxvcpus = 8 memory = 7168 disk = ['tap:tapdisk:aio:/root/guests/sabotage/sabotage.reiser4,xvda1,w'] vif = [ 'bridge=br0, vifname=sabotage.0' ] type = "pvh" #extra = "init=/bin/bash" #disk = ['tap:tapdisk:aio:/data/guests/sabotage/sabotage.ext4,xvda1,w'] #disk = ['phy:/dev/vdisks/thin1,xvda1,w'] xl create sabotage -c lsmod | grep tmem free -m
You can now proceed with post-installation as such
mount -o remount,rw /
install a few packages
ping -c3 opendns.com #butch search ksh #butch install mksh butch install openssh #butch-install-service openssh /var/service/openssh/run #rm -f /var/service/openssh/down #butch install htop vi /etc/ssh/sshd_config (remove UsePrivilegeSeparation) (remove /etc/ssh/ssh_host_rsa_key) ... Subsystem sftp /opt/openssh/lib/ssh/sftp-server
generate some host keys otherwise the daemon won’t start
ssh-keygen -q -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -C "root@sabotage" -N ""
and eventually further setup your environment and MKSH
or just make a template out of it
sync rm -f .ash_history ^] xl shu sabotage cd ../ newtemplate.bash sabotage
You’re now ready to reboot and switch to read-only mode.
reboot
your system should be read-only but /var/
and /tmp/
mount ps auxww | grep ssh
fix that
/etc/rc.boot: line 23: can't create /proc/sys/kernel/hotplug: nonexistent directory
To create a user, it’s a bit specific.
adduser -s /bin/sh -G GROUPNAME -D USERNAME # -D Don't assign a password chmod 700 /home/USERNAME/
http://mirrors.2f30.org/sabotage/
Runit tools in busybox - up to the task? https://busybox.net/kill_it_with_fire.txt