celso/systemrescue-recipe
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changed firewall script and config.yaml, modified README

Browse Source
This commit is contained in:
celso 2023-10-23 21:09:38 -03:00
parent 0df368d337
commit 0a3d45ac2c
4 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -1,7 +1,8 @@
My customization recipe for SystemRescue: My customization recipe for SystemRescue:
=================================================== ===================================================
## Dependencies ## Dependencies
squashfs-tools, xorriso (provided by dev-libs/libisoburn package in gentoo GNU/Linux - WARNING: requires zstd USE flag enabled) and squashfs-tools, xorriso (provided by dev-libs/libisoburn package in gentoo GNU/
Linux - WARNING: requires zstd USE flag enabled) and
[sysrescue-customize.sh](https://gitlab.com/systemrescue/systemrescue-sources/-/raw/main/airootfs/usr/share/sysrescue/bin/sysrescue-customize?inline=false) [sysrescue-customize.sh](https://gitlab.com/systemrescue/systemrescue-sources/-/raw/main/airootfs/usr/share/sysrescue/bin/sysrescue-customize?inline=false)
are required to apply these customizations are required to apply these customizations
@ -16,8 +17,8 @@ This recipe adds the following to the custom ISO:
- It adds a settings yaml file which overrides the default settings so the - It adds a settings yaml file which overrides the default settings so the
custom SystemRescue starts with my own preferences, such as a spanish custom SystemRescue starts with my own preferences, such as a spanish
keyboard, it copies the system into RAM (so the boot device can be removed), keyboard, it copies the system into RAM (so the boot device can be removed),
it adds a persistent storage volume (see: [persistent-storage](persistent-storage.md) and it adds a persistent storage volume (see:
for further instructions) and it automatically starts the graphical environment. [persistent-storage](persistent-storage.md) for further instructions).
Please note the ".squashfs-pseudo" file is important to enforce correct Please note the ".squashfs-pseudo" file is important to enforce correct
permissions and ownership on the /root directory and its contents. You should permissions and ownership on the /root directory and its contents. You should

4
iso_add/autorun/open-ssh-port.sh
View File

@ -1,4 +0,0 @@
#!/bin/bash
# Allow incoming and outgoing ssh
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT

12
iso_add/autorun/set-firewall-rules.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/bash
# Allow incoming and outgoing ssh, dns and dhcp
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p udp --dport 53 -j ACCEPT
iptables -I INPUT -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -p udp --dport 68 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -I OUTPUT -p udp --dport 53 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -I OUTPUT -p udp --dport 67 -j ACCEPT

7
iso_add/sysrescue.d/500-settings.yaml
View File

@ -2,7 +2,7 @@ global:
copytoram: true copytoram: true
checksum: false checksum: false
loadsrm: true loadsrm: true
dostartx: true dostartx: false
nofirewall: false nofirewall: false
setkmap: es setkmap: es
cow_label: "PERSISTENCE" cow_label: "PERSISTENCE"
@ -10,10 +10,9 @@ global:
autorun: autorun:
ar_nowait: true ar_nowait: true
exec: exec:
open-ssh-port.sh: set-firewall-rules:
path: "/run/archiso/bootmnt/autorun/open-ssh-port.sh" path: "/run/archiso/bootmnt/autorun/set-firewall-rules.sh"
sysconfig: sysconfig:
bash_history: bash_history:
100: "" 100: ""
timezone: "America/Argentina/Buenos_Aires"