BlueSky Linux
BSL is a minimal GNU/Linux system running on a 256M solid state drive, 256MB USB memory stick or if necessary, a normal IDE disk. It is optimised to act as a router or a bridge with intrusion detection and an active firewall. The BSL operating system can be installed from CD-ROM or from a USB memory stick on systems that support USB boot.
The USB stick can be built by booting from the CD-ROM and running '/bin/setup'.
Download BSL CD-Installation ISO image here ( 70M ).
Download BSL CD-Installation ISO image here ( 70M ).
Technical Notes:
BSL has three separate filesystems:-
/ (root) is a read/write 128M ext3 filesystem on /dev/hda1 (the smartcard).
It can be treated as a normal disk filesystem as found in standard GNU/Linux installations.
All system configurations are in /etc so a backup is the process of archiving /etc.
The remaining unpartitioned space of the root disk may be used as a scratch area.
/var is a 48M read/write ext3 filesystem on a ramdisk.
Because /var is a ramdisk it must be preserved to the physical media (/dev/hda1) during the
reboot process. The script /etc/rc.d/init/mountfs performs this function. Hard reset of a BSL
system will result in the restoration of the previous /var, not the current one.
/usr is a readonly compressed filesystem consisting of a compressed filesystem image
mounted via the kernel cloop interface.
Update /usr with the following procedure:
BSL runs the following services:-
Webmin: a browser based admin tool.
SSHD : secure shell remote access.
Shorewall: iptables firewall.
Ebtables: bridged firewall. Details here
crond : job scheduler.
syslogd : system logger.
DHCPD : IP address allocation.
IPSEC : VPN tunnelling. (A brief configuration guide is here)
QOS :Traffic shaping.
SnortD : Intrusion detection. (Updated automagically)
Ratrap : Intrusion prevention by watching SNORT logfile /var/log/snort.fifo. (source)
SSHD, CROND, DHCPD, Shorewall and IPSEC VPN are configured via Webmin interface.
Syslog can only be to a remote server - see /etc/syslog.conf
QOS is managed by the script /bin/qos.
Snortd behaviour is controlled by /etc/sysconfig/snortd.conf - no change from the default should be neccessary.
Ratrap has '/etc/sysconfig/ratrap.conf' which will require administration.
The whitelist file '/etc/sysconfig//whitelist' must also be configured to ignore friendly hosts/networks.
It can be treated as a normal disk filesystem as found in standard GNU/Linux installations.
All system configurations are in /etc so a backup is the process of archiving /etc.
The remaining unpartitioned space of the root disk may be used as a scratch area.
Because /var is a ramdisk it must be preserved to the physical media (/dev/hda1) during the
reboot process. The script /etc/rc.d/init/mountfs performs this function. Hard reset of a BSL
system will result in the restoration of the previous /var, not the current one.
mounted via the kernel cloop interface.
Update /usr with the following procedure:
[root@bsl:]~ mount /dev/hda2 /mnt [root@bsl:]~ cp -dpRv /usr /mnt [root@bsl:]~ cd /mntMake changes in /mnt/usr tree then rebuild the image.
[root@bsl:]~ mkisofs -r usr | create_compressed_fs - 65536 > /state/bsl_usr.z [root@bsl:]~ reboot
The whitelist file '/etc/sysconfig//whitelist' must also be configured to ignore friendly hosts/networks.
Kernel config
linux-2.4.31-BSL.tgz: BSL Linux kernel source. (50M)
i386 BSL-kernel.config: The configuration used to build BSL-kernel as run by BSL low end machines.
i586 BSL-kernel.config: The configuration used to build BSL-kernel as run by BSL on Pentiums.
i386 BSL-kernel.config: The configuration used to build BSL-kernel as run by BSL low end machines.
i586 BSL-kernel.config: The configuration used to build BSL-kernel as run by BSL on Pentiums.
Bugfixes and patches:-
None to date. :-)
Linux is a Registered Trademark of Linus Torvalds.
root/at/blueskylinux/dot/net