ontOS

ABSTRACT:

I’d like to produce an easily replicable, very modular and ridiculously effective build procedure for every computer we come in contact with.  This page shows some of the many ways I’m hacking away at the task.

I’ve nicknamed my build philosophy, “ontOS” (and yes, time-traveling historians, I pronounced that both, “ontahhssss” AND “ontOHesss” — haha).  If you haven’t already guessed, “ontOS” is short for “Ontological Operating System.”

Rather than creating yet another operating system, I’d like to see ontOS become a bulletproof and hitherto unequaled-in-efficiency approach to installing and configuring both existing and future operating systems.

Here is my first test case.  At the moment, I’m developing ontOS with a dependency on only two main components, CentOS Linux and a system administration multi-tool I’m writing, which I’ve named “scrx” (pronounced, “scrrricks,” as slang for “scripts”).  scrx is itself an ontology-based multi-OS utility, but I’ll describe it in detail another time.  For now, imagine that scrx follows some of the same concepts as puppet, chef, or cfengine, without the dependencies and client/server stuff.  In a phrase, scrx is policy by exception.

It’s time for a glimpse of what I have in mind (and partially in hand)…

RESEARCH:

+ It is helpful to at least glance at the NSA and CIS RHEL5 hardening guides, but you and I both could probably stand to read them in their entirety.
(I’ve not read them all the way through either, so do as you wish.)

INSTALL FROM DVD:
(or whatever media you want, if you know how)

+ Install  CentOS 5.5 i386 from DVD, un-checking “Base” and any other auto-checked packages.

+ Partition and configure your machine as you wish.

+ Reboot the machine and sign in as “root”.

CREATE A USER:
(This step is optional.)

+ Create a user and group for yourself.

$ useradd peritus
$ passwd peritus

UNINSTALL PACKAGES:
(This step is optional.)

+ Uninstall all unwanted packages.  Although you unchecked every package in the installer, a list of common yet optional packages was still installed.
(booooooooooooooooooooooooooo @ Red Hat)
(Please be aware that packages removed here may return as dependencies for  later package installs.)

$ yum erase kudzu openssh* setools

INSTALL PACKAGES:

+ Disabled all net-based yum repos.
(This step is optional.)

+ Enable the local “Media” yum repo.
(This step is optional.)

+ Mount the install DVD, which contains the “Media” yum repo data.
(This step is optional.)

+ Install all of the universally-critical packages and scrx dependencies.
(We’ll compile some of the critical stuff missing from this (e.g openssh).)

$ yum install autoconf automake bind-utils dos2unix dump gcc gdb gpm imake irqbalance kernel-devel lftp libtool lm-sensors logrotate logwatch lsof lynx m4 mailx make man man-pages ntp perl pkgconfig smartmontools sysklogd tcpdump time traceroute unix2dos unzip usbutils vim-enhanced vixie-cron wget which xorg-x11-xauth yum-utils zip

+ Install an uber-minimalist GUI.
(Yes, you should probably install the wireless/wpa stuff even if you won’t use it.)
(This step is optional.)

$ yum install at-spi control-center gamin-python gdm glx-utils gnome-applets gnome-desktop gnome-media gnome-session gnome-terminal gnome-utils gnome-volume-manager gphoto2 gthumb hal-gnome libgail-gnome libXevie lockdev metacity nautilus nautilus-open-terminal python-ldap sabayon-apply synaptics system-config-display wireless* wpa* xorg-x11-apps xorg-x11-drivers xorg-x11-fonts* xorg-x11-server-Xnest xorg-x11-xinit xterm

+ Install the remaining packages needed for the machine to realize “its true purpose.” 😉
(The list below contains my mostly non-server bare essentials.  It’s a work in progress.)

$ yum install coolkey cpuspeed evince file-roller firefox gimp* gnome-audio gnome-power-manager gnome-screensaver gnome-system-monitor ipsec-tools k3b NetworkManager-gnome nmap-frontend openoffice.org-base openoffice.org-calc openoffice.org-core openoffice.org-draw openoffice.org-impress pcsc-lite rhythmbox telnet vim-X11 wireshark wireshark-gnome

CONFIGURE AND HARDEN:
(This step is optional.)

+ Un-tar scrx in /root

+ Create your /etc/scrx.conf (here is mine as an example):

HERE_DOC
Initiative    vulariter
Site          office
Network       roaming
Purpose       netbook
Tag           s10
HostName      daneel
HERE_DOC

+ Choose your scrx actions.  You will have to make some decisions, while choosing your scrx actions and creating their dependencies.
(I’ve yet to document this process, but I’ll probably write it up elsewhere and link to it from this page later.)

$ /root/scrx/scrx.bash

+ Apply your chosen and/or custom[ized] scrx actions.

$ /root/scrx/scrx.bash configure_grub
$ /root/scrx/scrx.bash configure_runlevel
$ /root/scrx/scrx.bash disable_selinux
$ /root/scrx/scrx.bash install_aliases
$ /root/scrx/scrx.bash install_issue
$ /root/scrx/scrx.bash install_issue_net
$ /root/scrx/scrx.bash install_login_defs
$ /root/scrx/scrx.bash install_nsswitch_conf
$ /root/scrx/scrx.bash install_rc_local
$ /root/scrx/scrx.bash install_xorg_conf

REJOICE:

+ Support FOSS by adopting it in your organization and/or donating.

Thanks for reading!

-joshua

One thought on “ontOS

  1. […] HomeAboutm² PowerStation (open source charter)ontOS-v0.1 […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: