Boot up on minimal install cd # net-setup # passwd root # /etc/init.d/sshd start ssh into the box from lan to work in your favorite terminal # ssh root@192.168.x.x # screen # cfdisk /dev/hda # mkreiserfs /dev/hda1 # mkreiserfs /dev/hda3 # mkswap /dev/hda2 && swapon /dev/hda2 # mount /dev/hda3 /mnt/gentoo # mkdir /mnt/gentoo/boot # mount /dev/hda1 /mnt/gentoo/boot # cd /mnt/gentoo # wget http://gentoo.osuosl.org/releases/x86/2006.0/stages/hardened/stage1-x86-hardened-2.6-2006.0.tar.bz2 # wget http://gentoo.osuosl.org/releases/x86/2006.0/stages/hardened/stage1-x86-hardened-2.6-2006.0.tar.bz2.DIGESTS # md5sum -c stage1-x86-hardened-2.6-2006.0.tar.bz2.DIGESTS stage1-x86-hardened-2.6-2006.0.tar.bz2: OK # tar xjpvf stage1-x86-hardened-2.6-2006.0.tar.bz2 # wget http://gentoo.osuosl.org/snapshots/portage-latest.tar.bz2 # wget http://gentoo.osuosl.org/snapshots/portage-latest.tar.bz2.md5sum # md5sum -c portage-latest.tar.bz2.md5sum portage-latest.tar.bz2: OK # tar -xjvf /mnt/gentoo/portage-*.tar.bz2 -C /mnt/gentoo/usr # cp -L /etc/resolv.conf /mnt/gentoo/etc/resolv.conf # mount -t proc none /mnt/gentoo/proc # mount -o bind /dev /mnt/gentoo/dev # chroot /mnt/gentoo /bin/bash # date MMDDHHmmYYYY *This is a great idea to have logs of all emerged apps # mkdir /var/log/portage *This is the overlay dir so when you may need it :) # mkdir /usr/local/portage # cat /proc/cpuinfo (check cpu flags and add them to USE flags in /etc/make.conf) *http://gentoo-wiki.com/Safe_Cflags (check out the sage chost,cflags,cxxflags for your cpu) *CHOST="i686-pc-linux-gnu" *CFLAGS="add yours here -fforce-addr" <----leave the fforce-addr at end! *CXXFLAGS="${CFLAGS}" * Default Hardened USE flags # cat /etc/make.profile/make.defaults * DEFAULTS--> berkdb crypt dlloader hardened nls pam pic readline ssl tcpd userlocales zlib * on this athlon xp 1900+ install I added 3dnow,3dnowext,mmx,mmxext,sse to default USE * I always add the default hardened USE flags to make.conf so you can visually see them # nano -w /etc/make.conf -----------copy below--------------- #********************************************************************************# # cat /etc/make.conf # # _____________ ____________ ____ # # / ____/ ____/ | / /_ __/ __ \/ __ \ # # / / __/ __/ / |/ / / / / / / / / / / # #/ /_/ / /___/ /| / / / / /_/ / /_/ / # #\____/_____/_/ |_/ /_/ \____/\____/ Hardened 2006.1 # # # # Built by ReDNecK on Jan. 8th 2007 # #______ ___________ _ _ _____ _____ _ __ # #| ___ \ ___| _ \ \ | || ___/ __ \| | / / # #| |_/ / |__ | | | | \| || |__ | / \/| |/ / # #| /| __|| | | | . ` || __|| | | \ # #| |\ \| |___| |/ /| |\ || |___| \__/\| |\ \ # #\_| \_\____/|___/ \_| \_/\____/ \____/\_| \_/ # # # # rdwest2005@gmail.com # # msn: rdwestsr@hotmail.com # # ICQ: 32251187 # # carolina-customs.com # # carolina-customs.net # # carolina-customs.org # #********************************************************************************# CHOST="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -O2 -pipe -fomit-frame-pointer -fforce-addr" CXXFLAGS="${CFLAGS}" #********************************************************************************# ACCEPT_KEYWORDS="x86" PORTAGE_TMPDIR=/var/tmp PORTDIR=/usr/portage DISTDIR=${PORTDIR}/distfiles PKGDIR=${PORTDIR}/packages PORT_LOGDIR=/var/log/portage PORTDIR_OVERLAY=/usr/local/portage MAKEOPTS="-j4" GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://gentoo.mirrors.tds.net/gentoo/" SYNC="rsync://rsync.gentoo.org/gentoo-portage" RSYNC_RETRIES="3" RSYNC_TIMEOUT=120 PORTAGE_NICENESS=0 AUTOCLEAN="yes" #FEATURES="ccache sandbox" #CCACHE_SIZE="2G" #********************************************************************************# USE=" 3dnow 3dnowext \ berkdb \ crypt \ dlloader \ hardened \ mmx mmxext \ nls nptl nptlonly \ pam pic \ readline \ sse ssl \ tcpd \ userlocales \ zlib" -----------end copy above----------- # nano /etc/locales.build -----------copy below--------------- #********************************************************************************# # cat /etc/locales.build # # _____________ ____________ ____ # # / ____/ ____/ | / /_ __/ __ \/ __ \ # # / / __/ __/ / |/ / / / / / / / / / / # #/ /_/ / /___/ /| / / / / /_/ / /_/ / # #\____/_____/_/ |_/ /_/ \____/\____/ Hardened 2006.1 # # # # Built by ReDNecK on Jan. 8th 2007 # #______ ___________ _ _ _____ _____ _ __ # #| ___ \ ___| _ \ \ | || ___/ __ \| | / / # #| |_/ / |__ | | | | \| || |__ | / \/| |/ / # #| /| __|| | | | . ` || __|| | | \ # #| |\ \| |___| |/ /| |\ || |___| \__/\| |\ \ # #\_| \_\____/|___/ \_| \_/\____/ \____/\_| \_/ # # # # rdwest2005@gmail.com # # msn: rdwestsr@hotmail.com # # ICQ: 32251187 # # carolina-customs.com # # carolina-customs.net # # carolina-customs.org # #********************************************************************************# en_US/ISO-8859-1 en_US.UTF-8/UTF-8 -----------end copy above----------- # env-update && source /etc/profile # emerge --sync # emerge --oneshot --nodeps gcc-config && USE="-* build bootstrap" emerge linux-headers && /usr/portage/scripts/bootstrap.sh # livecd / # gcc-config -l [1] i686-pc-linux-gnu-3.4.6 * [2] i686-pc-linux-gnu-3.4.6-hardenednopie [3] i686-pc-linux-gnu-3.4.6-hardenednopiessp [4] i686-pc-linux-gnu-3.4.6-hardenednossp [5] i686-pc-linux-gnu-3.4.6-vanilla # emerge -av -e system # emerge ccache # nano -w /etc/make.conf uncomment... FEATURES="ccache sandbox" CCACHE_SIZE="2G" # emerge syslog-ng grub hotplug vixie-cron reiserfsprogs sysfsutils gentoolkit && emerge --nodeps acpid ntp # for i in net.eth0 syslog-ng vixie-cron sshd ntp-client ; do rc-update add $i default ; done # rm /etc/localtime && ln -s /usr/share/zoneinfo/America/New_York /etc/localtime && ntpdate -b -u pool.ntp.org # emerge dhcpcd # emerge iproute2 # nano /etc/conf.d/net -----------copy below--------------- #********************************************************************************# # cat /etc/conf.d/net # # _____________ ____________ ____ # # / ____/ ____/ | / /_ __/ __ \/ __ \ # # / / __/ __/ / |/ / / / / / / / / / / # #/ /_/ / /___/ /| / / / / /_/ / /_/ / # #\____/_____/_/ |_/ /_/ \____/\____/ Hardened 2006.1 # # # # Built by ReDNecK on Jan. 8th 2007 # #______ ___________ _ _ _____ _____ _ __ # #| ___ \ ___| _ \ \ | || ___/ __ \| | / / # #| |_/ / |__ | | | | \| || |__ | / \/| |/ / # #| /| __|| | | | . ` || __|| | | \ # #| |\ \| |___| |/ /| |\ || |___| \__/\| |\ \ # #\_| \_\____/|___/ \_| \_/\____/ \____/\_| \_/ # # # # rdwest2005@gmail.com # # msn: rdwestsr@hotmail.com # # ICQ: 32251187 # # carolina-customs.com # # carolina-customs.net # # carolina-customs.org # #********************************************************************************# modules=( "iproute2" ) config_eth0=( "192.168.1.30 netmask 255.255.255.0 broadcast 192.168.1.255" ) routes_eth0=( "default via 192.168.1.254" ) mtu_eth0="1500" dns_domain_eth0="homelan" # my local bind cacheing dns server(use your isp dns) dns_servers_eth0="192.168.1.50" -----------end copy above----------- # nano -w /etc/conf.d/hostname -----------copy below--------------- #********************************************************************************# # cat /etc/conf.d/net # # _____________ ____________ ____ # # / ____/ ____/ | / /_ __/ __ \/ __ \ # # / / __/ __/ / |/ / / / / / / / / / / # #/ /_/ / /___/ /| / / / / /_/ / /_/ / # #\____/_____/_/ |_/ /_/ \____/\____/ Hardened 2006.1 # # # # Built by ReDNecK on Jan. 8th 2007 # #______ ___________ _ _ _____ _____ _ __ # #| ___ \ ___| _ \ \ | || ___/ __ \| | / / # #| |_/ / |__ | | | | \| || |__ | / \/| |/ / # #| /| __|| | | | . ` || __|| | | \ # #| |\ \| |___| |/ /| |\ || |___| \__/\| |\ \ # #\_| \_\____/|___/ \_| \_/\____/ \____/\_| \_/ # # # # rdwest2005@gmail.com # # msn: rdwestsr@hotmail.com # # ICQ: 32251187 # # carolina-customs.com # # carolina-customs.net # # carolina-customs.org # #********************************************************************************# HOSTNAME="athlon" -----------end copy above----------- # nano -w /etc/hosts -----------copy below--------------- #********************************************************************************# # cat /etc/conf.d/net # # _____________ ____________ ____ # # / ____/ ____/ | / /_ __/ __ \/ __ \ # # / / __/ __/ / |/ / / / / / / / / / / # #/ /_/ / /___/ /| / / / / /_/ / /_/ / # #\____/_____/_/ |_/ /_/ \____/\____/ Hardened 2006.1 # # # # Built by ReDNecK on Jan. 8th 2007 # #______ ___________ _ _ _____ _____ _ __ # #| ___ \ ___| _ \ \ | || ___/ __ \| | / / # #| |_/ / |__ | | | | \| || |__ | / \/| |/ / # #| /| __|| | | | . ` || __|| | | \ # #| |\ \| |___| |/ /| |\ || |___| \__/\| |\ \ # #\_| \_\____/|___/ \_| \_/\____/ \____/\_| \_/ # # # # rdwest2005@gmail.com # # msn: rdwestsr@hotmail.com # # ICQ: 32251187 # # carolina-customs.com # # carolina-customs.net # # carolina-customs.org # #********************************************************************************# 127.0.0.1 athlon.homelan athlon localhost.localdomain localhost # IPV6 versions of localhost and co ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts -----------end copy above----------- # nano /etc/fstab -----------copy below--------------- #********************************************************************************# # cat /etc/conf.d/net # # _____________ ____________ ____ # # / ____/ ____/ | / /_ __/ __ \/ __ \ # # / / __/ __/ / |/ / / / / / / / / / / # #/ /_/ / /___/ /| / / / / /_/ / /_/ / # #\____/_____/_/ |_/ /_/ \____/\____/ Hardened 2006.1 # # # # Built by ReDNecK on Jan. 8th 2007 # #______ ___________ _ _ _____ _____ _ __ # #| ___ \ ___| _ \ \ | || ___/ __ \| | / / # #| |_/ / |__ | | | | \| || |__ | / \/| |/ / # #| /| __|| | | | . ` || __|| | | \ # #| |\ \| |___| |/ /| |\ || |___| \__/\| |\ \ # #\_| \_\____/|___/ \_| \_/\____/ \____/\_| \_/ # # # # rdwest2005@gmail.com # # msn: rdwestsr@hotmail.com # # ICQ: 32251187 # # carolina-customs.com # # carolina-customs.net # # carolina-customs.org # #********************************************************************************# # /dev/hda1 /boot reiserfs noauto,notail 1 1 /dev/hda2 none swap sw 0 0 /dev/hda3 / reiserfs notail 0 1 /dev/hda /mnt/cdrom iso9660 user,noauto,rw,exec 0 0 none /proc proc defaults 0 0 none /dev/shm tmpfs nodev,nosuid 0 0 -----------end copy above----------- # cd /boot/grub # wget http://www.schultz-net.dk/downloads/grub/gentoo.xpm.gz # nano menu.lst -----------------copy below------------------ #********************************************************************************# # cat /etc/conf.d/net # # _____________ ____________ ____ # # / ____/ ____/ | / /_ __/ __ \/ __ \ # # / / __/ __/ / |/ / / / / / / / / / / # #/ /_/ / /___/ /| / / / / /_/ / /_/ / # #\____/_____/_/ |_/ /_/ \____/\____/ Hardened 2006.1 # # # # Built by ReDNecK on Jan. 8th 2007 # #______ ___________ _ _ _____ _____ _ __ # #| ___ \ ___| _ \ \ | || ___/ __ \| | / / # #| |_/ / |__ | | | | \| || |__ | / \/| |/ / # #| /| __|| | | | . ` || __|| | | \ # #| |\ \| |___| |/ /| |\ || |___| \__/\| |\ \ # #\_| \_\____/|___/ \_| \_/\____/ \____/\_| \_/ # # # # rdwest2005@gmail.com # # msn: rdwestsr@hotmail.com # # ICQ: 32251187 # # carolina-customs.com # # carolina-customs.net # # carolina-customs.org # #********************************************************************************# # Grub boot menu configuration file # # Boot automatically after 30 secs. timeout 10 # By default, boot the first entry. default 0 # Fallback to the second entry. fallback 1 splashimage=(hd0,0)/grub/gentoo.xpm.gz # For booting GNU/Linux title Gentoo-2.6.18-r4-2006.1 by Carolina-Customs.com root (hd0,0) kernel (hd0,0)/vmlinuz ro root=/dev/hda3 title Gentoo-2.6.18-r4-2006.1-backup by Carolina-Customs.com root (hd0,0) kernel (hd0,0)/vmlinuz.old ro root=/dev/hda3 ------------------end copy above---------------- # grub grub> root (hd0,0) grub> setup (hd0) grub> quit # cd ~ # emerge hardened-sources # cd /usr/src/linux # wget http://www.carolina-customs.com/gentoo/Hardened-2.6.18-AthlonXP-1900+/Hardened-Sources-config-2.6.18 # mv Hardened-Sources-config-2.6.18 .config # make menuconfig (set cpu, drivers, chipsets) # make && make modules modules_install install # passwd root # useradd -m -G users,wheel -s /bin/bash admin # passwd admin # exit && exit # cd ~/ # umount /mnt/gentoo/proc # umount /mnt/gentoo/boot # umount /mnt/gentoo/dev # umount /mnt/gentoo # swapoff /dev/hda2 # shutdown -r now