PND4

/dev/notes

Hardened Gentoo Installation

This time I power-walk you through each command to install Gentoo (using a Hardened Stage 3 toolchain). I used this same set of commands, with a little modification of course, to install Gentoo onto my desktop. My hardware configuration is very unlikely the same as yours; adjust accordingly, otherwise these instructions should be all you need to tackle one of the hardest distro's to install (by reputation).

And before you tl;dr, realize that even though the process is long and gruesome, there's so much to learn by just even trying, so do not dispair. There's tons of resources out there! Good luck.

Installing Hardened Gentoo with Xorg.

Boot live media

Disable network manager if running

1
# /etc/init.d/NetworkManager stop

Connect to wireless

1
2
3
4
# iwconfig wlan0 essid NETGEAR key s:yourmom
# ifconfig wlan0 192.168.1.100 netmask 255.255.255.0
# route add default gw 192.168.1.254
# ping -c 3 www.google.com

Set root password

1
# passwd root

[now we switch to our remote computer]

SSH into the box we're install Gentoo onto

1
# ssh 192.168.1.100 -l root

Create partitions

1
# fdisk /dev/sda

They should look something like this:

1
2
3
/dev/sda1 1G Linux /boot
 /dev/sda2 4G Linux Swap /swap
 /dev/sda3 Rest Linux /root

Create filesystems

1
2
3
# mkfs.ext2 /dev/sda1 -L boot
# mkswap /dev/sda2 -L swap && swapon /dev/sda2
# mkfs.ext2 -j /dev/sda3 -L root

Mount filesystems for install

1
2
3
# mount /dev/sda3 /mnt/gentoo
# mkdir /mnt/gentoo/boot
# mount /dev/sda1 /mnt/gentoo/boot

Download and extract latest stage 3

1
2
3
# cd /mnt/gentoo
# wget http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/releases/amd64/current-stage3/hardened/stage3-amd64-hardened-20120621.tar.bz2
# tar xjpf stage3-*

Download and extract latest portage snapshot

1
2
3
# cd /mnt/gentoo/usr
# wget http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/releases/snapshots/current/portage-latest.tar.bz2
# tar xjf portage-latest.tar.bz2

Mount relevant directories and chroot into new environment

1
2
3
4
5
6
# cd /
# mount -t proc proc /mnt/gentoo/proc
# mount --rbind /dev /mnt/gentoo/dev
# cp -L /etc/resolv.conf /mnt/gentoo/etc
# chroot /mnt/gentoo /bin/bash
# env-update && source /etc/profile

Configure time zone

1
2
3
# ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
# echo "America/Los_Angeles" > /etc/timezone
# date

Configure hostname and domain name

1
2
3
4
# nano /etc/hosts
# nano /etc/conf.d/hostname
# hostname blackbox
# hostname -f

Download and compile your kernel

1
2
3
# emerge -av hardened-sources linux-firmware
# cd /usr/src/linux
# make menuconfig

Make and install kernel and modules

1
2
3
4
# make -j2
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/kernel
# echo 'modules="ath9k_htc"' >> /etc/conf.d/modules

Configure fstab

1
2
3
4
5
6
# nano /etc/fstab

 /dev/sda1 /boot ext2 noauto,noatime 1 2
 /dev/sda2 none swap swap sw 0 0
 /dev/sda3 / ext3 noatime 0 1
 /dev/sr0 /mnt/cdrom auto 0 0

Add sshd as a default service

1
# rc-update add sshd default

Set the root password

1
# passwd root

Install some recommended tools (syslog-ng, vixie-cron, wireless-tools, wpa_supplicant)

1
2
3
# emerge -av syslog-ng vixie-cron wireless-tools wpa_supplicant
# rc-update add syslog-ng default
# rc-update add vixie-cron default

Install and configure bootloader

1
2
3
4
5
6
7
8
9
10
11
12
13
# emerge -av grub
# nano /boot/grub/grub.conf
**grub.conf**
default 0
timeout 10
title Gentoo
root (hd0,0)
kernel /boot/kernel root=/dev/sda3 video=800x600

# grub
>root (hd0,0)
>setup (hd0)
>quit

Exit chroot, umount everything, and reboot

1
2
3
4
# exit
# umount -l /mnt/gentoo/dev{/shm,/pts,}
# umount -l /mnt/gentoo{/proc,/boot,}
# reboot

Add new user

1
2
# useradd -g users -G lp,wheel,audio,cdrom,portage,cron -m somefag
# passwd somefag

Sort mirrors

1
2
3
# emerge mirrorselect
# mirrorselect -i -o >> /etc/portage/make.conf
# mirrorselect -i -r -o >> /etc/portage/make.conf

Configure stuff in /etc/portage/make.conf

1
2
3
4
5
MAKEOPTS="-j2"
USE= [fill in]
CFLAGS="-O2 -march=native -pipe"
VIDEO_CARDS="radeon"
INPUT_DEVICES="evdev synaptics"

Uncomment and generate locales you're going to use

1
2
# nano /etc/locale.gen
# locale-gen

Re-emerge world, libtool

1
2
# emerge -vuD --newuse world
# emerge --oneshot libtool

Update config (do not overwrite the files you've done your own editing to)

1
# dispatch-conf

(Optional, if Perl or Python got updated, but doesnt hurt)

Run perl-cleaner and python-updater

1
2
# perl-cleaner all
# python-updater

Install xorg

1
2
# emerge -av xorg-server
# env-update && source /etc/profile

and.. voilĂ !

Continue by customizing your install with a browser, file manager, window manager, or be lazy and just get a whole desktop environment. Have fun making any necessary tweaks to file's we've already used, like make.conf USE flags, kernel configuration, bootloader.. but be happy, if you've got this far, you've got a working system.