Reduce Installer Size to <50MB

T-Pot ISO Creator will now create images based on the Ubuntu Network Installer (mini.iso). This results in a greatly reduced size for the T-Pot Installer with now being just about 49MB. T-Pot was only using the base install packages of the 700MB Ubuntu Server ISO and still had to download the latest packages anyway. The advantages are a) reduced download size for the Ubuntu Network Installer instead of the full image, b) the latest packages are already installed during the base installation and c) the resulting T-Pot ISO can be distributed easier.

installer/install.sh

@@ -150,9 +150,27 @@ tee -a /etc/ssh/ssh_config <<EOF
 UseRoaming no
 EOF
 
+# Let's install docker
+#fuECHO "### Installing docker-engine."
+#wget -qO- https://test.docker.com/ | sh
+
+# Let's add the docker repository
+fuECHO "### Adding the docker repository."
+apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
+tee /etc/apt/sources.list.d/docker.list <<EOF
+deb https://apt.dockerproject.org/repo ubuntu-xenial main
+EOF
+
+# Let's pull some updates
+fuECHO "### Pulling Updates."
+apt-get update -y
+
 # Let's install docker
 fuECHO "### Installing docker-engine."
-wget -qO- https://get.docker.com/ | sh
+fuECHO "### You can safely ignore the [FAILED] message,"
+fuECHO "### which is caused by a bug in the docker installer."
+#apt-get install docker-engine=1.10.2-0~trusty -y
+apt-get install docker-engine -y || true && sleep 5
 
 # Let's add proxy settings to docker defaults
 if [ -f $myPROXYFILEPATH ];

installer/rc.local.install

@@ -1,4 +1,2 @@
 #!/bin/bash
-# Stop plymouth to allow for terminal interaction
-plymouth quit
 openvt -w -s /root/tpot/install.sh

isolinux/txt.cfg

@@ -1,5 +1,7 @@
 default install
 label install
-  menu label ^Install T-Pot 16.10 (development)
+  menu label ^T-Pot 16.10 (dev)
-  kernel /install/vmlinuz
+  menu default
-  append file=/cdrom/tpot/tpot.seed initrd=/install/initrd.gz ks=cdrom:/tpot/ks.cfg console-setup/ask_detect=true --
+  kernel linux
+  append vga=788 initrd=initrd.gz console-setup/ask_detect=true --
+  #append vga=788 initrd=initrd.gz console-setup/ask_detect=true DEBCONF_DEBUG=developer

kickstart/ks.cfg

@@ -1,41 +0,0 @@
-#Generated by Kickstart Configurator
-#platform=AMD64 or Intel EM64T
-
-#System language
-lang en
-#Language modules to install
-#langsupport en_US
-#System keyboard
-#keyboard de
-#System mouse
-mouse
-#System timezone
-#timezone Europe/Berlin
-#Root password
-rootpw --disabled
-#Initial user
-user tsec --fullname "tsec" --iscrypted --password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71
-#Reboot after installation
-reboot
-#Use text mode install
-text
-#Install OS instead of upgrade
-install
-#Use CDROM installation media
-cdrom
-#System bootloader configuration
-bootloader --location=mbr
-#Clear the Master Boot Record
-zerombr yes
-#Partition clearing information
-clearpart --all --initlabel
-#Disk partitioning information
-part swap --size=8192
-#part /data --fstype ext4 --size 8192
-part / --fstype ext4 --size 1 --grow
-#System authorization infomation
-auth  --useshadow  --enablemd5
-#Firewall configuration
-firewall --disabled
-#Do not configure the X Window System
-skipx

makeiso.sh

@@ -2,15 +2,15 @@
 
 ########################################################
 # T-Pot                                                #
-# .ISO maker                                           #
+# .ISO creator                                         #
 #                                                      #
-# v16.10.0 by mo, DTAG, 2016-05-20                     #
+# v16.10.0 by mo, DTAG, 2016-07-04                     #
 ########################################################
 
 # Let's define some global vars
-myBACKTITLE="T-Pot - ISO Maker"
+myBACKTITLE="T-Pot - ISO Creator"
-myUBUNTULINK="http://releases.ubuntu.com/16.04/ubuntu-16.04-server-amd64.iso"
+myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/xenial-updates/main/installer-amd64/current/images/netboot/mini.iso"
-myUBUNTUISO="ubuntu-16.04-server-amd64.iso"
+myUBUNTUISO="mini.iso"
 myTPOTISO="tpot.iso"
 myTPOTDIR="tpotiso"
 myTPOTSEED="preseed/tpot.seed"
@@ -28,7 +28,8 @@ myTMP="tmp"
 myWHOAMI=$(whoami)
 if [ "$myWHOAMI" != "root" ]
   then
-    echo "Please run as root ..."
+    echo "Need to run as root ..."
+    sudo ./$0
     exit
 fi
 
@@ -81,14 +82,14 @@ if [ "$myINST" != "" ]
 fi
 
 # Let's ask if the user wants to run the script ...
-dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nThis script will download the latest supported Ubuntu Server and build the T-Pot .iso" 8 50
+dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Ubuntu Mini ISO and build the T-Pot Install Image." 8 50
 mySTART=$?
 if [ "$mySTART" = "1" ];
   then
     exit
 fi
 
-# Let's ask for the type of installation SENSOR, INDUSTRIAL or FULL?
+# Let's ask for the type of installation?
 myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Installation type ... ]" --radiolist "" 11 76 4 "TPOT" "Standard (w/o INDUSTRIAL)" on "HP" "Honeypots only (w/o INDUSTRIAL)" off "INDUSTRIAL" "ConPot, eMobility, ELK, Suricata (8GB RAM recommended)" off "ALL" "Everything (8GB RAM required)" off 3>&1 1>&2 2>&3 3>&-)
 sed -i 's#^myFLAVOR=.*#myFLAVOR="'$myFLAVOR'"#' $myINSTALLERPATH
 
@@ -204,7 +205,7 @@ EOF
   fi
 done
 
-# Let's get Ubuntu 14.04.4 as .iso
+# Let's download Ubuntu Minimal ISO
 if [ ! -f $myUBUNTUISO ]
   then
     wget $myUBUNTULINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... ]" --gauge "" 5 70;
@@ -215,31 +216,40 @@ fi
 
 # Let's loop mount it and copy all contents
 mkdir -p $myTMP $myTPOTDIR
-losetup /dev/loop0 $myUBUNTUISO
+mount -o loop $myUBUNTUISO $myTMP
-mount /dev/loop0 $myTMP
+rsync -a $myTMP/ $myTPOTDIR
-cp -rT $myTMP $myTPOTDIR
-chmod 777 -R $myTPOTDIR
 umount $myTMP
-losetup -d /dev/loop0
+
+# Let's modify initrd
+gunzip $myTPOTDIR/initrd.gz
+mkdir $myTPOTDIR/tmp
+cd $myTPOTDIR/tmp
+cpio --extract --make-directories --no-absolute-filenames < ../initrd
+cd ..
+rm initrd
+cd ..
 
 # Let's add the files for the automated install
-mkdir -p $myTPOTDIR/tpot
+mkdir -p $myTPOTDIR/tmp/opt/tpot
-cp installer/* -R $myTPOTDIR/tpot/
+cp installer/* -R $myTPOTDIR/tmp/opt/tpot/
-cp isolinux/* $myTPOTDIR/isolinux/
+cp isolinux/* $myTPOTDIR/
-cp kickstart/* $myTPOTDIR/tpot/
+cp preseed/tpot.seed $myTPOTDIR/tmp/preseed.cfg
-cp preseed/* $myTPOTDIR/tpot/
+
-if [ -d images ];
+# Let's create the new initrd
-  then
+cd $myTPOTDIR/tmp
-    cp -R images $myTPOTDIR/tpot/images/
+find . | cpio -H newc --create > ../initrd
-fi
+cd ..
-chmod 777 -R $myTPOTDIR
+gzip initrd
+rm -rf tmp
+cd ..
 
 # Let's create the new .iso
 cd $myTPOTDIR
-mkisofs -gui -D -r -V "T-Pot" -cache-inodes -J -l -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o ../$myTPOTISO ../$myTPOTDIR 2>&1 | awk '{print $1+0} fflush()' | cut -f1 -d"." | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot .iso ... ]" --gauge "" 5 70 0
+mkisofs -gui -D -r -V "T-Pot" -cache-inodes -J -l -b isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o ../$myTPOTISO ../$myTPOTDIR 2>&1 | awk '{print $1+0} fflush()' | cut -f1 -d"." | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot .iso ... ]" --gauge "" 5 70 0
 echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot .iso ... Done! ]" --gauge "" 5 70
 cd ..
 isohybrid $myTPOTISO
+sha256sum $myTPOTISO > tpot.sha256
 
 # Let's write the image
 while true;

preseed/tpot.seed

@@ -1,46 +1,125 @@
-# T-Pot preseed file by mo
+##############################################
-# Setting locale
+### T-Pot Preseed Configuration File by mo ###
-#d-i debian-installer/language string en
+##############################################
+
+####################
+### Locale Selection
+####################
 #d-i debian-installer/country string DE
-#d-i debian-installer/locale string en_US.UTF-8
+d-i debian-installer/language string en
+d-i debian-installer/locale string en_US.UTF-8
+d-i localechooser/preferred-locale string en_US.UTF-8
 
-# Keyboard selection
+######################
-#d-i console-setup/ask_detect boolean false
+### Keyboard Selection
+######################
+#d-i console-setup/ask_detect boolean true
 #d-i keyboard-configuration/layoutcode string de
+d-i console-setup/detected note
 
-#Unmount active partitions
+#############################
-d-i preseed/early_command string umount /media || :
+### Unmount Active Partitions
+#############################
+#d-i preseed/early_command string umount /media || :
 
-# Network Configuration
+#########################
+### Network Configuration
+#########################
 #d-i netcfg/choose_interface select auto
 #d-i netcfg/dhcp_timeout string 60
 d-i netcfg/get_hostname string t-pot
 
-# Source & Proxy
+###############
+### Disk Layout
+###############
+d-i partman/early_command string \
+debconf-set partman-auto/disk $(parted_devices | sort -k2nr | head -1 | cut -f1)
+
+d-i partman-auto/method string regular
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-md/device_remove_md boolean true
+d-i partman-auto/choose_recipe select atomic
+d-i partman-auto/expert_recipe string \
+        root :: \
+                8192 8888 8192 linux-swap \
+                        $primary{ } \
+                        method{ swap } format{ } \
+                . \
+                40960 44444 -1 ext4 \
+                        $primary{ } $bootable{ } \
+                        method{ format } format{ } \
+                        use_filesystem{ } filesystem{ ext4 } \
+                        mountpoint{ / } \
+                .
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+######################
+### User Configuration
+######################
+d-i passwd/root-login boolean false
+d-i passwd/make-user boolean true
+d-i passwd/user-fullname string tsec
+d-i passwd/username string tsec
+d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71
+d-i user-setup/encrypt-home boolean false
+
+########################################
+### Country Mirror & Proxy Configuration
+########################################
 d-i mirror/country string manual
 d-i mirror/http/hostname string archive.ubuntu.com
 d-i mirror/http/directory string /ubuntu
 d-i mirror/http/proxy string
 
-# Time
+###########################
-#d-i clock-setup/utc boolean true
+### Skip Grub Configuration
+###########################
+#d-i grub-installer/confirm boolean true
+#d-i grub-installer/only_debian boolean true
+#d-i grub-installer/with_other_os boolean true
+d-i grub-installer/skip boolean true
+d-i lilo-installer/skip boolean true
+
+######################
+### Time Configuration
+######################
 #d-i time/zone string Europe/Berlin
+d-i clock-setup/utc boolean true
 d-i time/zone string UTC
 d-i clock-setup/ntp boolean true
+d-i clock-setup/ntp-server string ntp.ubuntu.com
 
-# Package Groups
+##################
+### Package Groups
+##################
 tasksel tasksel/first multiselect ubuntu-server
 
-# Packages
+########################
-d-i pkgsel/include string apt-transport-https ca-certificates curl dialog dstat ethtool genisoimage git htop iw libpam-google-authenticator lm-sensors ntp openssh-server syslinux pv python-pip vim wireless-tools wpasupplicant
+### Package Installation
+########################
+d-i pkgsel/include string aufs-tools apparmor apt-transport-https bash-completion ca-certificates cgroupfs-mount curl dialog dstat ethtool genisoimage git htop iptables iw libpam-google-authenticator libltdl7 lm-sensors ntp openssh-server syslinux pv python-pip vim wireless-tools wpasupplicant
 
-# Update Policy
+#################
+### Update Policy
+#################
 d-i pkgsel/update-policy select unattended-upgrades
 
-# Post install
+#########################################
+### Post install (Grub & T-Pot Installer)
+#########################################
 d-i preseed/late_command string \
-cp /cdrom/tpot/rc.local.install /target/etc/rc.local; \
+in-target apt-get -y install grub-pc; \
-cp -r /cdrom/tpot/ /target/root/
+in-target grub-install --force $(debconf-get partman-auto/disk); \
+in-target update-grub; \
+cp /opt/tpot/rc.local.install /target/etc/rc.local; \
+cp -r /opt/tpot/ /target/root/
 
-# Reboot
+##########
+### Reboot
+##########
+d-i nobootloader/confirmation_common note
 d-i finish-install/reboot_in_progress note
+d-i cdrom-detect/eject boolean true