Skip to content
/ live-armor Public

Live-Armor: Building Custom Linux Live Images for Security Sandboxing

11 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fatemachine/live-armor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
live-build/config
live-build/config
 
 
GUIDE.md
GUIDE.md
 
 
README.md
README.md
 
 

Repository files navigation

Live-Armor

This repository contains the Live-Armor Guide, a guide to building custom Linux live images for security sandboxing using tools from the Debian Live Systems project and Grsecurity.

The live-build directory contains an example configuration for Debian live-build that can be used as a starting point for building a custom live image. This configuration is based on the one covered in the Guide.

Quick Start

  1. Install live-build 5.0.

  2. Create an empty directory that will contain your live image configuration and build data.

  3. Change to your live image directory and run: lb config

  4. Copy the live-build/config tree of this repository into the config subdirectory that lb config just created, for example by using cp -r.

  5. Edit config/binary and add the union=overlay and optionally live-config.noroot kernel boot parameters to the LB_BOOTAPPEND_LIVE and LB_BOOTAPPEND_LIVE_FAILSAFE variables.

    If you added live-config.noroot to disable sudo, choose your root password by running mkpasswd (part of the whois package) and replace the argument to usermod -p in config/hooks/0510-root-password.hook.chroot with the output of mkpasswd.

    If you did not add live-config.noroot and are therefore using the default unprotected sudo access method, delete config/hooks/0510-root-password.hook.chroot.

    Note: The default login credentials are username user and password live.

  6. Edit config/chroot and change LB_UNION_FILESYSTEM="aufs" to LB_UNION_FILESYSTEM="overlay".

  7. Inspect the list of custom packages in config/package-lists/my.list.chroot and make any desired changes.

  8. Add .deb package files to the config/packages.chroot directory:

    • Your custom live system kernel package, with a name that begins with linux-image. See the Guide for instructions on configuring and building a custom kernel.
    • live-boot and live-boot-initramfs-tools packages patched for OverlayFS support. See the Guide for instructions.
    • live-config and live-config-systemd package versions that match the live-boot version, for example from Debian experimental.

  9. Re-run lb config.

  10. Build your live image: lb build 2>&1 | tee build.log

This configuration has been tested with the following software versions:

About

Live-Armor: Building Custom Linux Live Images for Security Sandboxing

Resources

Readme
Activity

Stars

11 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages