Commit 345a927f authored by amnesia's avatar amnesia

initial source tree import

/home/amnesia is missing, as no clean way to include it is implemented yet.
parents
/*.img
/*.iso
/*.list
/*.packages
/binary
/cache
/chroot/
/config/binary
/config/bootstrap
/config/chroot
/config/common
/config/source
/.stage
/source
config/chroot_local-includes/usr/share/doc/amnesia/Changelog
\ No newline at end of file
config/chroot_local-includes/usr/share/doc/amnesia/TODO
\ No newline at end of file
# -*- mode: sh; -*-
# Configuration file for the Amnesia live system
#
# You'd better never directly edit this file: rather put your custom
# variable assignments in a new file called 'amnesia.local', in the
# same directory as this one. The values found in the '.local' file
# will override the ones from this one.
#
# These configuration files are actually shell scripts, and are
# sourced by various other scripts.
# Supported: gnome|xfce
# Default: gnome
AMNESIA_BASE="gnome"
# Images types to build, as a space-separated list.
# Every element of this list must be a valid argument for "lh_config -b".
# Only iso, usb-hdd and tar are currently supported.
AMNESIA_IMAGES="iso"
# Base for the string that will be passed to "lh_config --bootappend-live"
AMNESIA_APPEND="quiet splash vga=791 live-media=removable live-media-timeout=15 noprompt"
# Refresh the live user's $HOME directory by copying the build system's
# /home/amnesia. See also AMNESIA_HOME_EXCLUDES.
# Supported: yes|no
# Default: no
AMNESIA_REFRESH_HOME="no"
# Patterns to exclude when refreshing /home/amnesia
AMNESIA_HOME_EXCLUDES="/home/amnesia/.bash_history \
/home/amnesia/.dbus/session-bus/* \
/home/amnesia/.gconf/desktop/gnome/peripherals/keyboard/host-* \
/home/amnesia/.kde/cache-* \
/home/amnesia/.kde/socket-* \
/home/amnesia/.kde/tmp-* \
/home/amnesia/.mozilla/firefox/*/bookmarkbackups/* \
/home/amnesia/.mozilla/firefox/*/urlclassifier3.sqlite \
/home/amnesia/.nautilus/metafiles/ \
/home/amnesia/.nautilus/saved-session-* \
/home/amnesia/.xsession-errors"
### You should not have to change anything bellow this line ####################
# Compute the current Amnesia's version once for all
AMNESIA_TODAY="`date '+%Y%m%d'`"
# -*- mode: sh; -*-
#AMNESIA_IMAGES="iso tar usb-hdd"
AMNESIA_IMAGES="tar"
APT::Default-Release "stable";
Package: firmware-linux
Pin: release a=lenny-backports
Pin-Priority: 999
Package: kvkbd
Pin: release a=lenny-backports
Pin-Priority: 999
Package: *
Pin: release a=stable
Pin-Priority: 900
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Package: *
Pin: release o=Debian
Pin-Priority: -10
#! /bin/sh
# Change the root password to "amnesia"
echo "I: update password"
echo "root:amnesia" | chpasswd
# Change the autogenerated user password to "amnesia"
plain_password="amnesia"
password=$(echo "${plain_password}" | mkpasswd -s)
sed -i -e 's/\(user_crypted=\)\(.*\)\( #.*\)/\1\"'${password}'\"\3/' /usr/share/initramfs-tools/scripts/live-bottom/10adduser
update-initramfs -tu -kall
#! /bin/sh
echo "
iface lo inet loopback" >>/etc/network/interfaces
#!/bin/sh
# We don't want to swap to the local machine
rm -f /usr/share/initramfs-tools/scripts/live-bottom/13swap
#!/bin/sh
splashy_config --set-theme moreblue-orbit
update-initramfs -u -k all
#!/bin/sh
apt-get remove --yes --purge epiphany-browser epiphany-browser-data epiphany-extensions epiphany-gecko
\ No newline at end of file
#!/bin/sh
chown -R 1000:1000 /home/amnesia
#!/bin/sh
# Nota bene: if the custom /etc/resolv.conf file was in
# chroot_local-includes, it would be installed inside the chroot
# before our chroot_local-hooks run. Some of these scripts, needing
# a working networking setup, would then awfully break.
# Including common functions
. "${LH_BASE:-/usr/share/live-helper}"/functions.sh
# Setting static variables
DESCRIPTION="$(Echo 'setup custom /etc/resolv.conf')"
HELP=""
USAGE="${PROGRAM}"
# Reading configuration files
Read_conffiles config/all config/common config/chroot
Set_defaults
Echo_message "Configuring file /etc/resolv.conf"
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
# make sure lh_chroot_resolv will not overwrite our nice,
# custom /etc/resolv.conf with a random .orig one
echo 'nameserver 127.0.0.1' > /etc/resolv.conf.orig
Package: firmware-linux
Pin: release a=lenny-backports
Pin-Priority: 999
Package: kvkbd
Pin: release a=lenny-backports
Pin-Priority: 999
Package: *
Pin: release a=stable
Pin-Priority: 900
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Package: *
Pin: release o=Debian
Pin-Priority: -10
# do we start pdnsd ?
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=
# Configuration file for /sbin/dhclient, which is included in Debian's
# dhcp3-client package.
#
# This is a sample configuration file for dhclient. See dhclient.conf's
# man page for more information about the syntax of this file
# and a more comprehensive list of the parameters understood by
# dhclient.
#
# Normally, if the DHCP server provides reasonable information and does
# not leave anything out (like the domain name, for example), then
# few changes must be made to this file, if any.
#
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name "titanic";
#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
#send dhcp-lease-time 3600;
#supersede domain-name "fugue.com home.vix.com";
#prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes;
supersede domain-name-servers 127.0.0.1;
supersede domain-name "localdomain";
#require subnet-mask, domain-name-servers;
#timeout 60;
#retry 60;
#reboot 10;
#select-timeout 5;
#initial-interval 2;
#script "/etc/dhcp3/dhclient-script";
#media "-link0 -link1 -link2", "link0 link1";
#reject 192.33.137.209;
#alias {
# interface "eth0";
# fixed-address 192.5.5.213;
# option subnet-mask 255.255.255.255;
#}
#lease {
# interface "eth0";
# fixed-address 192.33.137.200;
# medium "link0 link1";
# option host-name "andare.swiftmedia.com";
# option subnet-mask 255.255.255.0;
# option broadcast-address 192.33.137.255;
# option routers 192.33.137.250;
# option domain-name-servers 127.0.0.1;
# renew 2 2000/1/12 00:00:01;
# rebind 2 2000/1/12 00:00:01;
# expire 2 2000/1/12 00:00:01;
#}
http_proxy=http://localhost:8118
HTTP_PROXY=http://localhost:8118
SOCKS_SERVER=localhost:9050
SOCKS5_SERVER=localhost:9050
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# Established connections are accepted.
[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Local network connections should not fo through Tor.
[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j ACCEPT
[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j ACCEPT
[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j ACCEPT
[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT
# Tor is allowed to do anything it wants to, everything else is dropped.
[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT
[0:0] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# Local network connections should not fo through Tor. Note that we
# exclude the VirtualAddrNetwork used for .onion:s here.
[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j RETURN
[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN
[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j RETURN
[0:0] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN
[0:0] -A OUTPUT -d 127.128.0.0/255.192.0.0 -j RETURN
# Tor is allowed to do anything it wants to.
[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j RETURN
# .onion mapped addresses redirection to Tor.
[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
# Redirect all remaining TCP traffic to Tor.
[0:0] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040
COMMIT
#!/bin/sh
# Exit if lo interface
[ "$METHOD" = "loopback" ] && exit 0
IPTABLES_RULES=/etc/firewall.conf
[ -x /sbin/iptables-restore ] || exit 2
[ -n "$IPTABLES_RULES" ] || exit 3
[ -r "$IPTABLES_RULES" ] || exit 4
/sbin/iptables-restore < "$IPTABLES_RULES"
// Read the pdnsd.conf(5) manpage for an explanation of the options.
/* Note: this file is overriden by automatic config files when
/etc/default/pdnsd AUTO_MODE is set and that
/usr/share/pdnsd/pdnsd-$AUTO_MODE.conf exists
*/
global {
perm_cache=2048;
cache_dir="/var/cache/pdnsd";
run_as="pdnsd";
server_ip = 127.0.0.1; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
// paranoid=on;
// query_method=tcp_udp; // pdnsd must be compiled with tcp
// query support for this to work.
min_ttl=15m; // Retain cached entries at least 15 minutes.
max_ttl=1w; // One week.
timeout=120; // Global timeout option (10 seconds).
// Don't enable if you don't recurse yourself, can lead to problems
// delegation_only="com","net";
}
# Tor DNS resolver
server {
label = "tor";
ip = 127.0.0.1;
port = 8853;
uptest = none;
exclude=".invalid";
policy=included;
proxy_only = on;
lean_query = on;
}
source {
owner=localhost;
// serve_aliases=on;
file="/etc/hosts";
}
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
# Sample configuration file for Polipo. -*-sh-*-
# You should not need to edit this configuration file; all configuration
# variables have reasonable defaults.
# This file only contains some of the configuration variables; see the
# list given by ``polipo -v'' and the manual for more.
### Basic configuration
### *******************
# Uncomment one of these if you want to allow remote clients to
# connect:
# proxyAddress = "::0" # both IPv4 and IPv6
# proxyAddress = "0.0.0.0" # IPv4 only
proxyAddress = "127.0.0.1" # IPv4 only
proxyPort = 8118
# If you are enabling 'proxyAddress' above, then you want to enable the
# 'allowedClients' variable to the address of your network, e.g.
# allowedClients = 127.0.0.1, 192.168.42.0/24
# allowedClients = 127.0.0.1
# Uncomment this if you want your Polipo to identify itself by
# something else than the host name:
proxyName = "localhost"
# Uncomment this if there's only one user using this instance of Polipo:
cacheIsShared = false
# Uncomment this if you want to use a parent proxy:
# parentProxy = "squid.example.org:3128"
# Uncomment this if you want to use a parent SOCKS proxy:
socksParentProxy = "localhost:9050"
socksProxyType = socks5
### Memory
### ******
# Uncomment this if you want Polipo to use a ridiculously small amount
# of memory (a hundred C-64 worth or so):
# chunkHighMark = 819200
# objectHighMark = 128
# Uncomment this if you've got plenty of memory:
# chunkHighMark = 50331648
# objectHighMark = 16384
### On-disk data
### ************
# Uncomment this if you want to disable the on-disk cache:
diskCacheRoot = ""
# Uncomment this if you want to put the on-disk cache in a
# non-standard location:
# diskCacheRoot = "~/.polipo-cache/"
# Uncomment this if you want to disable the local web server:
# localDocumentRoot = ""
# Uncomment this if you want to enable the pages under /polipo/index?
# and /polipo/servers?. This is a serious privacy leak if your proxy
# is shared.
# disableIndexing = false
# disableServersList = false
disableLocalInterface = true
### Domain Name System
### ******************
# Uncomment this if you want to contact IPv4 hosts only (and make DNS
# queries somewhat faster):
# dnsQueryIPv6 = no
# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for
# double-stack hosts:
# dnsQueryIPv6 = reluctantly
# Uncomment this to disable Polipo's DNS resolver and use the system's
# default resolver instead. If you do that, Polipo will freeze during
# every DNS query:
# dnsUseGethostbyname = yes
### HTTP
### ****
# Uncomment this if you want to enable detection of proxy loops.
# This will cause your hostname (or whatever you put into proxyName
# above) to be included in every request:
disableVia = true
# Uncomment this if you want to slightly reduce the amount of
# information that you leak about yourself:
censoredHeaders = from, accept-language, x-pad
censorReferer = maybe
# Uncomment this if you're paranoid. This will break a lot of sites,
# though:
# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language
# censorReferer = true
# Uncomment this if you want to use Poor Man's Multiplexing; increase
# the sizes if you're on a fast line. They should each amount to a few
# seconds' worth of transfer; if pmmSize is small, you'll want
# pmmFirstSize to be larger.
# Note that PMM is somewhat unreliable.
# pmmFirstSize = 16384
# pmmSize = 8192
# Uncomment this if your user-agent does something reasonable with
# Warning headers (most don't):
# relaxTransparency = maybe
# Uncomment this if you never want to revalidate instances for which
# data is available (this is not a good idea):
# relaxTransparency = yes
# Uncomment this if you have no network:
# proxyOffline = yes
# Uncomment this if you want to avoid revalidating instances with a
# Vary header (this is not a good idea):
# mindlesslyCacheVary = true
### Tor-specific configuration
### **************************
serverSlots = 2
serverMaxSlots = 8
allowedPorts = 1-65535
tunnelAllowedPorts = 1-65535
maxConnectionAge = 5m
maxConnectionRequests = 120
# This is the configuration for libtsocks (transparent socks) for use
# with tor, which is providing a socks server on port 9050 by default.
#
# See tsocks.conf(5) and torify(1) manpages.
server = 127.0.0.1
server_port = 9050
# We specify local as 127.0.0.0 - 127.191.255.255 because the
# Tor MAPADDRESS virtual IP range is the rest of net 127.
local = 127.0.0.0/255.128.0.0
local = 127.128.0.0/255.192.0.0
# My local networks
local = 10.0.0.0/255.0.0.0
local = 172.16.0.0/255.255.0.0
local = 192.168.0.0/255.255.0.0
## Configuration file for a typical Tor user
## Last updated 22 December 2007 for Tor 0.2.0.14-alpha.
## (May or may not work for much older or much newer versions of Tor.)
##
## Lines that begin with "## " try to explain what's going on. Lines
## that begin with just "#" are disabled commands: you can enable them
## by removing the "#" symbol.
##
## See the man page, or https://www.torproject.org/tor-manual-dev.html,
## for more options you can use in this file.
##
## Tor will look for this file in various places based on your platform:
## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc
## Replace this with "SocksPort 0" if you plan to run Tor only as a
## server, and not make any local application connections yourself.
SocksPort 9050 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost
#SocksListenAddress 192.168.0.1:9100 # listen on this IP:port also
## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
## all (and only) requests from SocksListenAddress.
#SocksPolicy accept 192.168.0.0/16
#SocksPolicy reject *
## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
##
## We advise using "notice" in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
##
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
#Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr
## Uncomment this to start the process in the background... or use
## --runasdaemon 1 on the command line. This is ignored on Windows;
## see the FAQ entry if you want Tor to run as an NT service.
#RunAsDaemon 1
## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
#DataDirectory /var/lib/tor
## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
ControlPort 9051
ControlListenAddress 127.0.0.1
## Tor unconditionnally chmod's DataDirectory (/var/lib/tor) at startup,
## and the debian-tor group can thus not access it, so we have it put
## the auth cookie elsewhere.
CookieAuthentication 1
CookieAuthFile /tmp/control_auth_cookie
CookieAuthFileGroupReadable 1
############### This section is just for location-hidden services ###
## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80