XEN/PVH - Sabotage Linux

tested on slack150

Virtual disk

sparse file right below the 8589934591 bytes limit for tar and ustar formats: 8192 - 1 MiB

mkdir -p /data/guests/sabotage/lala/
cd /data/guests/sabotage/

casual sparse-vdisk

dd if=/dev/zero of=sabotage.btrfs bs=1M count=0 seek=8191
dd if=/dev/zero of=sabotage.reiser4 bs=1M count=0 seek=8191

# --or-- even better, just one block of 4K behind
# 8589934591 - 4096
#dd if=/dev/zero of=sabotage.reiser4 bs=8589930496 count=0 seek=1

# btrfs
mkfs.btrfs sabotage.btrfs
mount -o compress=lzo sabotage.btrfs lala/

# reiser4
mkfs.reiser4 --discard --force --yes sabotage.reiser4
mount sabotage.reiser4 lala/

# ext4
dd if=/dev/zero of=sabotage.ext4 bs=1M count=0 seek=8191
mkfs.ext4 sabotage.ext4
#dumpe2fs sabotage.ext4 | grep features
#tune2fs -O ^metadata_csum sabotage.ext4

dnc-based

grep minor /etc/drbd.d/*.res
dnc-new-resource-template.bash pmr3 pmr1 2001 sabotage2023
mkfs.reiser4 --discard --yes /dev/drbd/by-res/sabotage2023/0

ready

mount sabotage.reiser4 lala/
mount /dev/drbd/by-res/sabotage2023/0 lala/

Deploy core/stage1 binaries

assuming you’ve got a rootfs tarball already

mkdir -p /data_local/kernels/sabotage/
cd /data_local/kernels/sabotage/

wget https://lab.nethence.com/sabotage-stage1.tar.gz
tar xzSf sabotage-stage1.tar.gz
mv sabotage-stage1/* /data/guests/sabotage/lala/
rmdir sabotage-stage1/

    cd /data/guests/sabotage/
    cp -pi lala/etc/fstab lala/etc/fstab.dist
    vi lala/etc/fstab

    /dev/xvda1 / reiser4 defaults 0 1
    #/dev/xvda1 / btrfs defaults 0 1

    proc                   /proc         proc      defaults            0      0
    devpts                 /dev/pts      devpts    defaults            0      0
    shm                    /dev/shm      tmpfs     nodev,nosuid        0      0

    mv lala/etc/service/ttyS0/ lala/etc/service/hvc0/
    sed -i 's/ttyS0/hvc0/g' lala/etc/service/hvc0/run

also see sabotage-cloud ==> cloud image tuning

assuming some XEN DomU-capable kernel in da place. otherwise grab our kernel builds.

mkdir lala/lib/modules/
tar xzf /data/kernels/5.2.21.domureiser4.modules.tar.gz -C lala/lib/modules/

ls -lF lala/etc/rc.modules # no exist
echo modprobe tmem > lala/etc/rc.modules
chmod +x lala/etc/rc.modules

cp -pi lala/etc/rc.local lala/etc/rc.local.dist
chmod -x lala/etc/rc.local.dist
vi lala/etc/rc.local

    do_static_ip=true

    if=eth0
    ip=10.1.1.9
    nm=255.255.255.0
    gw=10.1.1.254

mv lala/etc/resolv.conf lala/etc/resolv.conf.dist
vi lala/etc/resolv.conf

nameserver 208.67.222.220
nameserver 208.67.222.222

du -sh lala/
# v1.1.19 ext4 174M
# v1.1.19 reiser4 454M
# v1.1.24 ext4 293M
# v1.1.24 reiser4 789M
# v1.1.24 btrfs 328M
# 554M reiser4 on thin/drbd

enable that alternative SSH daemon at boot-time

cat lala/var/service/dropbear/run # note that's RSA and DSS host keys
ls -lF lala/var/service/dropbear/down
rm -f lala/var/service/dropbear/down

ls -lF lala/etc/shells # no exist
echo /bin/ash >> lala/etc/shells

and you’re done

umount lala/
rmdir lala/

Guest skeleton

assuming a domU kernel, as stated above

ls -lhF /data/kernels/5.2.21.domureiser4.vmlinuz
vi sabotage

kernel = "/data/kernels/5.2.21.domureiser4.vmlinuz"
root = "/dev/xvda1 ro console=hvc0 mitigations=off"
#extra = "init=/bin/mksh"
name = "sabotage"
vcpus = 2
memory = 1024
#disk = ['tap:tapdisk:aio:/data/guests/sabotage/sabotage.reiser4,xvda1,w']
#disk = ['tap:tapdisk:aio:/data/guests/sabotage/sabotage.btrfs,xvda1,w']
disk = ['phy:/dev/drbd/by-res/sabotage2023/0,xvda1,w']
vif = [ 'bridge=guestbr0, vifname=sabotage0',
    'bridge=guestbr0, vifname=sabotage1' ]
type = "pvh"

xl create sabotage -c

lsmod | grep tmem
free -m

System preparation

see sabotage

Template-ready

eventually make a template out of it

sync
rm -f .ash_history
^]

xl shu sabotage
cd ../
newtemplate.bash sabotage

Additional notes

just a chroot

in case you just want a chroot instead of a XEN guest

mkdir lala/
mount saboage.ext4 lala/
    mount -o bind /dev/ lala/dev/
    mount -o bind /dev/pts/ lala/dev/pts/
    mount -o bind /proc/ lala/proc/
    mount -o bind /sys/ lala/sys/
chroot lala/ /bin/mksh

and once you’re done

umount -R lala/

read-only boot

eventually mount the system read-write

mount
mount -o remount,rw /
#-n

TODO

Additional notes

To create a user, it’s a bit specific.

adduser -s /bin/sh -G GROUPNAME -D USERNAME
# -D              Don't assign a password
chmod 700 /home/USERNAME/

Troubleshooting

/etc/rc.boot: line 23: can't create /proc/sys/kernel/hotplug: nonexistent directory

==> comment that one out

/etc/ssh/sshd_config line 6: Deprecated option UsePrivilegeSeparation

==> remove that line

Deprecated

Subsystem sftp /opt/openssh/lib/ssh/sftp-server

Resources

home page

http://sabo.xyz/

https://sabotage-linux.github.io/

https://sabotage-linux.neocities.org/

news

https://sabotage-linux.neocities.org/blog/11/

code repos

https://github.com/sabotage-linux/sabotage

https://codeberg.org/sabotage-linux/sabotage/

download

Index of /sabotage/ http://mirrors.2f30.org/sabotage/

Index of /pub/sabotage/ http://ftp.barfooze.de/pub/sabotage/

misc

Runit tools in busybox - up to the task? https://busybox.net/kill_it_with_fire.txt

history

https://github.com/leahneukirchen/sabotage

https://github.com/pikhq/sabotage

https://github.com/rofl0r

https://www.openwall.com/lists/sabotage/


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2023 Pierre-Philipp Braun