diff --git a/README.md b/README.md index 73f548b..1152196 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,10 @@ My customization recipe for SystemRescue: =================================================== ## Dependencies -squashfs-tools, xorriso (provided by dev-libs/libisoburn package in gentoo GNU/Linux - WARNING: requires zstd USE flag enabled) and -[sysrescue-customize.sh](https://gitlab.com/systemrescue/systemrescue-sources/-/raw/main/airootfs/usr/share/sysrescue/bin/sysrescue-customize?inline=false) +squashfs-tools, xorriso (provided by dev-libs/libisoburn package in gentoo GNU/ +Linux - WARNING: requires zstd USE flag enabled) and +[sysrescue-customize.sh](https://gitlab.com/systemrescue/systemrescue-sources/- +/raw/main/airootfs/usr/share/sysrescue/bin/sysrescue-customize?inline=false) are required to apply these customizations ## Description @@ -16,8 +18,8 @@ This recipe adds the following to the custom ISO: - It adds a settings yaml file which overrides the default settings so the custom SystemRescue starts with my own preferences, such as a spanish keyboard, it copies the system into RAM (so the boot device can be removed), - it adds a persistent storage volume (see: [persistent-storage](persistent-storage.md) - for further instructions) and it automatically starts the graphical environment. + and it adds a persistent storage volume (see: [persistent-storage](persistent + -storage.md) for further instructions). Please note the ".squashfs-pseudo" file is important to enforce correct permissions and ownership on the /root directory and its contents. You should diff --git a/iso_add/autorun/open-ssh-port.sh b/iso_add/autorun/open-ssh-port.sh deleted file mode 100755 index 6439ab9..0000000 --- a/iso_add/autorun/open-ssh-port.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -# Allow incoming and outgoing ssh -iptables -A INPUT -p tcp --dport 22 -j ACCEPT -iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT diff --git a/iso_add/autorun/set-firewall-rules.sh b/iso_add/autorun/set-firewall-rules.sh new file mode 100755 index 0000000..3726738 --- /dev/null +++ b/iso_add/autorun/set-firewall-rules.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# Allow incoming and outgoing ssh, dns and dhcp +iptables -I INPUT -p tcp --dport 22 -j ACCEPT +iptables -I OUTPUT -p tcp --dport 22 -j ACCEPT +iptables -I INPUT -p tcp --dport 22 -j ACCEPT +iptables -I INPUT -p udp --dport 53 -j ACCEPT +iptables -I INPUT -p tcp --dport 53 -j ACCEPT +iptables -I INPUT -p udp --dport 68 -j ACCEPT +iptables -I OUTPUT -p tcp --dport 22 -j ACCEPT +iptables -I OUTPUT -p udp --dport 53 -j ACCEPT +iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT +iptables -I OUTPUT -p udp --dport 67 -j ACCEPT diff --git a/iso_add/sysrescue.d/500-settings.yaml b/iso_add/sysrescue.d/500-settings.yaml index 84de329..9cb8a3a 100644 --- a/iso_add/sysrescue.d/500-settings.yaml +++ b/iso_add/sysrescue.d/500-settings.yaml @@ -2,7 +2,7 @@ global: copytoram: true checksum: false loadsrm: true - dostartx: true + dostartx: false nofirewall: false setkmap: es cow_label: "PERSISTENCE" @@ -10,10 +10,9 @@ global: autorun: ar_nowait: true exec: - open-ssh-port.sh: - path: "/run/archiso/bootmnt/autorun/open-ssh-port.sh" + set-firewall-rules: + path: "/run/archiso/bootmnt/autorun/set-firewall-rules.sh" sysconfig: bash_history: 100: "" - timezone: "America/Argentina/Buenos_Aires"