Abstract:
The HSC Live Linux CDROM project is being developed in our laboratory to address recurring needs and problems with computing related tasks on campus. This CDROM contains software that will enable any PC computer based on the Intel or AMD x86 architecture to boot a self contained live Linux operating system from a CDROM drive. The operating system is then custom configured with software needed for specific tasks and projects. The purpose of this project is to provide the user with a simple, ready-to-go solution for using software that is either difficult to install or configure, or to accomplish computing tasks that involve arcane commands and nontrivial configurations. The idea is that all of these configurations can be performed a priori on a CDROM image, which can be easily maintained and modified. Students, faculty or staff can then obtain a uniformely configured CDROM that, when booted, will behave exactly the same on any computer. The interface will look identical on each desktop and therefore this CDROM will be ideal for teaching software in classroom situations. As will be shown below, the design makes it possible to use this software effectively in many different computing arenas, accomplishing widely varying tasks. The applicability of this system ranges from a vehicle for computer support to a tool for implementing Internet-II based desktop video/audio teleconferencing, to classroom teaching of specialized software, and to configurations of Beowulf computing nodes. The advantages of this system are many, among them are:
Implementation:
The bootable CDROM is based on the Slackware Linux distribution with the Eltorito boot image. At boot time, a ramdisk is loaded into memory and used to initialize the system. The ramdisk will also contain writable system partitions in memory, such as /etc, /var, /home and /tmp. Other partitions such as /opt, /usr, /dev, /lib, /sbin and /bin are run directly off the CDROM as readonly partitions, preventing replacement of system binaries with rootkits or otherwise compromised software. A mountpoint for mounting local harddrive partitions and peripheral devices is also provided. Linux modprobing is used to detect hardware such as network cards, video chipsets and other peripherals. After hardware initialization, the network will be initialized by querying a DHCP server. By using automatic hardware detection and network configuration through DHCP service, the user will not have to download or install any additional drivers or interact with the system configuration in any way.
Version Key Verification:
Once an IP address has been obtained, the Linux system will query a version key from a publicly available webserver. Through a specially designed client-server architecture, the booted CDROM will attempt to retrieve a version key from a server. The key consists of a string that is passed through a TCP/IP protocol from a public server to the booted Linux system. The key consists out of three tokens, the major version number, the minor version number, and the release number. In order to be verified, the major version number has to be larger or equal to the major version number embedded in the booted CDROM image. If the version key is verified by the local computer, the system initialization will continue. If the CDROM's version key is not verified, a message will be printed to the screen indicating that the current Linux version is expired and an update needs to be obtained. Instructions will be issued as to where the update can be obtained (i.e., web download or bookstore) and the boot process will terminate with a system halt.
If the version key is successfully verified, the boot process will continue and request a username and account ID for the BCF server. The username and account ID is then transmitted using sendmail to an e-mail account of the BCF staff, providing the staff with notification that a CDROM has been booted.
Subnet Identification:
In the next step, the initialization routine will determine if the DHCP address was issued for a computer inside or outside the BCF firewall. If the address belongs to the firewalled BCF subnet, the boot process will start up the X-server and immediately attach to the XDMCP broadcast from the bioinformatics server and present the BCF login screen. If the computer was booted from any other network outside the BCF firewall, the boot process will initialize the X-server with a local window manager, for example KDE or XFCE. The user is then offered a graphical desktop with icons connected to various applications.
Remote Access
To achieve remote access, the CDROM will contain a secure shell server and a sendmail server. Each time a CDROM is booted, the sendmail server will automatically notify BCF personnel by email and send along the DHCP Internet address obtained by the computer, the user's name and login ID on the BCF server. A public DSA key is embedded in the root user's environment which will allow remote access to the computer by authorized BCF personnel.