custom cd loads

fedora fedora at packetstorm.org
Fri Nov 28 00:36:57 UTC 2003 

Well the kind of customizations i did with RH8 and 9 were as follows:

1. Create a core load of only the baseline rpms needed to boot and put on 
the network. 
2. Replace old rpms with new ones, rerun genhdlist to reflect the changes
3. Install the test load on system and run bastille-linux against it, 
record the changes and apply them via ks.cfg into the core load.
4. Add extra ks.cfg options from other security sources to complete the 
core load hardening.

Now lets say I am making a secondary dns server. I copy the core load 
over to another directory, call it sec-dns-load, add the rpms for bind and 
snort, update the ks.cfg to reflect the 
rpms and have it copy my secondary configs over the default rpm configs. 

I rebuild using anaconda and burn the cd. I can now go to any one of our 
pcs in the warehouse (since they are all from the same manufacturer and 
load spec), insert the cd and have the entire system rebuilt in under 6 
minutes. Then I restore from backup any changes made since the last load 
update.

Ive done this with dns, sendmail, ftp, web, squid and other server 
configurations and its worked great. Plus since its all automagic, any 
tech can read my one page procedural document and restore service without 
having to page my lazy butt back into work :)

I learned the basic procedure from a Linux Journal by Brett Schwarz and 
then added my own procedures into the mix. So what I am looking for is 
another baseline doc to build ISOs similar to mr Swarz's so I can begin 
rebuilding my loads to reflect the changes made in Fedora.

thanks,

Greg

On Thu, 27 Nov 2003, Alexandre Strube wrote:

> Em Qua, 2003-11-26 às 15:05, fedora escreveu:
> > ive been making my own customized isos since RH8 using the example from 
> > Brett Schwarz article in the Linux Journal. Some mods were necessary for 
> > RH9 to work but still no big problems.
> > Now I am wanting to start migrating my work to Fedora but I am looking for 
> > some set of procedures to do this. Anyone have a good set they want to 
> > publish or a link to a good site?
> 
> What kind of customization? I REALLY wish to make a updated iso, so
> every time I install it on a client, I do not need to download 200mb of
> updated packages...
> 
> It's like installing a boxed norton antivirus... You always have to
> update everything before running.... quite different from
> www.freeav.com, where the executable at the site is always up-to-date...
> 
>

More information about the users mailing list