Kaspersky10 PXE Build
Copied from original source here:
http://www.richud.com/wiki/Kaspersky_Rescue_Disk_10_PXE_Boot
At the time of writing the current Rescue ISO is 10.0.32.17
Full credit to Veniamin Gvozdikov who did all the hard work, most of this is taken from his page here http://zlonet.ru/page/kaspersky-rescue-10-pxe/ however there are some alterations/fixes added by me and more examples.
Contents
- 1 Download pre-built
- 2 Background
- 3 Get Kaspersky 10 AV ISO
- 4 Extract ISO
- 5 Extract the initramdisk
- 6 Extract the ext3 filesystem
- 7 Mount the ext3 filesystem from extract squashfs.img
- 8 Patch the init , sbin/dmsquash-live-root and .bash_profile
- 9 Unmount the ext3 filesystem
- 10 Repack the ext3 filesystem
- 11 Create Squash of rescue parts
- 12 Repack initramdisk aka rescue.igz
- 13 Copy kernel to same place as initramdisk
- 14 Test in QEMU
Download pre-built
These are the pre-built patched PXE bootable Kaspersky 10 files ready to go!
These are the patch files if you are rebuilding it yourself
Background
This is rather like an onion;
To begin with;
kernel: boot/rescue init: boot/rescue.igz [lzma compressed cpio archive] real system: rescue/LiveOS/squasfs.img > ext3.img AV files : rescue/bases
Repacking gives even more onion layers, the bit to get your head round....
i.e. ext3.img real main filesystem (fixed) packed inside squashfs.img (recreated) & bases inside image.squashfs (created) inside rescue.igz (recreated)
kernel: rescue (same) init: rescue.igz > image.squashfs > (rescue/bases & LiveOS/squasfs.img > ext3.img )
Get Kaspersky 10 AV ISO
This file is updated daily with latest AV defs
<syntaxhighlight lang=bash> wget -P /tmp "http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso" </syntaxhighlight>
$ wget -P /tmp "http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso" --2014-07-01 10:56:51-- http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso Resolving rescuedisk.kaspersky-labs.com (rescuedisk.kaspersky-labs.com)... 80.239.169.147, 130.117.190.147, 193.45.6.4 Connecting to rescuedisk.kaspersky-labs.com (rescuedisk.kaspersky-labs.com)|80.239.169.147|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 404781056 (386M) [application/octet-stream] Saving to: ‘/tmp/kav_rescue_10.iso’ 33% [======================================> ] 133,971,893 5.25MB/s eta 50s
Extract ISO
<syntaxhighlight lang=bash> 7z x /tmp/kav_rescue_10.iso -o/tmp/iso </syntaxhighlight>
$ 7z x /tmp/kav_rescue_10.iso -o/tmp/iso 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=en_GB.UTF-8,Utf16=on,HugeFiles=on,4 CPUs) Processing archive: /tmp/kav_rescue_10.iso Extracting boot Extracting boot/System.map-rescue Extracting boot/grub <SNIP> Extracting rescue/help/SimpChinese/help.chm Extracting [BOOT]/Bootable_NoEmulation.img Everything is Ok Folders: 48 Files: 5123 Size: 398377782 Compressed: 404781056
/tmp/iso$ tree -h -L 2 /tmp /tmp ├── [ 220] iso │ ├── [ 120] boot │ ├── [ 60] [BOOT] │ ├── [2.0K] boot.catalog │ ├── [2.8M] efi.img │ ├── [ 0] livecd │ └── [ 160] rescue └── [386M] kav_rescue_10.iso
Extract the initramdisk
<syntaxhighlight lang=bash> mkdir -p /tmp/iso/new && cd /tmp/iso/new lzcat -S lz /tmp/iso/boot/rescue.igz | cpio -id </syntaxhighlight>
/tmp/iso/new$ lzcat -S lz /tmp/iso/boot/rescue.igz | cpio -idu 49750 blocks /tmp/iso/new$ tree -L 1 . ├── bin ├── dev ├── etc ├── init ├── lib ├── proc ├── root ├── run ├── sbin ├── sys ├── sysroot ├── tmp ├── usr └── var 13 directories, 1 file
Extract the ext3 filesystem
<syntaxhighlight lang=bash> unsquashfs -d /tmp/iso/squashfs-root /tmp/iso/rescue/LiveOS/squashfs.img </syntaxhighlight>
$ unsquashfs -d /tmp/iso/squashfs-root /tmp/iso/rescue/LiveOS/squashfs.img Parallel unsquashfs: Using 4 processors 1 inodes (474 blocks) to write [===============================================================================================================================================-] 474/474 100% created 1 files created 2 directories created 0 symlinks created 0 devices created 0 fifos
Mount the ext3 filesystem from extract squashfs.img
<syntaxhighlight lang=bash> losetup /dev/loop0 /tmp/iso/squashfs-root/LiveOS/ext3fs.img udisks --mount /dev/loop0 </syntaxhighlight>
$ udisks --mount /dev/loop0 Mounted /org/freedesktop/UDisks/devices/loop0 at /media/85dd4ebe-fd1b-420b-8d20-bef37149b4ec
Patch the init , sbin/dmsquash-live-root and .bash_profile
- .bash_profile patch stops a race condition where startx is trying to run before the X server is up (Kaspersky should fix this properly!)
- init and dmsquash patches alter the boot scripts to load the main system image and such from inside the initramdisk (rescue.igz) rather than externally.
Save this patch somewhere, assuming to /tmp/iso/kaspersky.patch
Apply with
<syntaxhighlight lang=bash> patch -p0 --directory="/tmp/iso/new" < /tmp/iso/kaspersky.patch </syntaxhighlight>
$ patch -p0 --directory="/tmp/iso/new" < /tmp/iso/kaspersky.patch patching file sbin/dmsquash-live-root patching file init
This is the 1st patch file contents
--- init.orig 2014-07-01 13:19:12.433091000 +0100
+++ init 2014-07-01 13:19:41.429091928 +0100
@@ -289,7 +289,7 @@
if ! ismounted "/run/initramfs/live"; then
CDROM_DEVICES="/dev/sr*"
- for i in $CDROM_DEVICES
+ for i in "/image.squashfs"
do
/sbin/dmsquash-live-root $i
if ismounted "/run/initramfs/live"; then
--- sbin/dmsquash-live-root.orig 2014-07-01 13:18:24.465089465 +0100
+++ sbin/dmsquash-live-root 2014-07-01 13:19:03.869090726 +0100
@@ -46,9 +46,7 @@
# determine filesystem type for a filesystem image
det_img_fs() {
- local _img="$1" _loop=$(losetup -f) _fs
- losetup $_loop $_img; _fs=$(det_fs $_loop); losetup -d $_loop
- echo $_fs
+ echo squashfs
}
for arg in $CMDLINE; do case $arg in ro|rw) liverw=$arg ;; esac; done
@@ -62,7 +60,6 @@
auto) die "cannot mount live image (unknown filesystem type)" ;;
*) FSIMG=$livedev ;;
esac
-else
mount -n -t $fstype -o ${liverw:-ro} $livedev /run/initramfs/live
if [ "$?" != "0" ]; then
die "Failed to mount block device of live image"
(Be mounted with root ownership of the enclosed files, hence need sudo) <syntaxhighlight lang=bash> sudo patch -p0 --directory="/media/85dd4ebe-fd1b-420b-8d20-bef37149b4ec" < /tmp/iso/kaspersky2.patch </syntaxhighlight>
$ sudo patch -p0 --directory="/media/85dd4ebe-fd1b-420b-8d20-bef37149b4ec" < /tmp/iso/kaspersky2.patch patching file root/.bash_profile
This is the 2nd patch file contents
--- /media/85dd4ebe-fd1b-420b-8d20-bef37149b4ec/root/.bash_profile.orig 2014-07-03 15:18:22.000000000 +0100
+++ /media/85dd4ebe-fd1b-420b-8d20-bef37149b4ec/root/.bash_profile 2014-07-03 15:18:41.000000000 +0100
@@ -29,6 +29,7 @@
pkill plymouthd
#mkxf86config.sh >>${log} 2>&1
echo "forcexorg" > /root/xserver.cfg
+ sleep 5
startx >>${log} 2>&1
if [ $? -ne 0 ] ; then
wizard
Unmount the ext3 filesystem
<syntaxhighlight lang=bash> umount /dev/loop0 && losetup -d /dev/loop0 </syntaxhighlight>
Repack the ext3 filesystem
<syntaxhighlight lang=bash> mksquashfs /tmp/iso/squashfs-root /tmp/iso/rescue/LiveOS/squashfs.img -noappend -comp xz -b 1048576 -all-root </syntaxhighlight>
$ mksquashfs /tmp/iso/squashfs-root /tmp/iso/rescue/LiveOS/squashfs.img -noappend -comp xz -b 1048576 -all-root Parallel mksquashfs: Using 4 processors Creating 4.0 filesystem on rescue/LiveOS/squashfs.img, block size 1048576. [===============================================================================================================================================\] 474/474 100% Exportable Squashfs 4.0 filesystem, xz compressed, data block size 1048576 compressed data, compressed metadata, compressed fragments, compressed xattrs duplicates are removed Filesystem size 127846.50 Kbytes (124.85 Mbytes) 26.34% of uncompressed filesystem size (485366.14 Kbytes) Inode table size 1398 bytes (1.37 Kbytes) 70.11% of uncompressed inode table size (1994 bytes) Directory table size 58 bytes (0.06 Kbytes) 100.00% of uncompressed directory table size (58 bytes) Number of duplicate files found 0 Number of inodes 3 Number of files 1 Number of fragments 0 Number of symbolic links 0 Number of device nodes 0 Number of fifo nodes 0 Number of socket nodes 0 Number of directories 2 Number of ids (unique uids + gids) 1 Number of uids 1 root (0) Number of gids 1 root (0)
Create Squash of rescue parts
Add the rescue folder and livecd file to a squashfs archive image.squashfs (yes this does contain the already squashed ext3 filesystem!) - these will then be packed back into a new rescue.igz
<syntaxhighlight lang=bash> mksquashfs /tmp/iso/rescue /tmp/iso/livecd /tmp/iso/new/image.squashfs -noappend -all-root </syntaxhighlight>
$ tree -h -L 2 /tmp/iso
/tmp/iso
├── [ 120] boot
│ ├── [ 200] grub
│ ├── [3.6M] rescue
│ ├── [8.1M] rescue.igz
│ └── [2.1M] System.map-rescue
├── [ 60] [BOOT]
│ └── [2.0K] Bootable_NoEmulation.img
├── [2.0K] boot.catalog
├── [2.8M] efi.img
├── [ 0] livecd
├── [ 340] new
│ ├── [ 600] bin
│ ├── [ 40] dev
│ ├── [ 220] etc
│ ├── [357M] image.squashfs
│ ├── [ 13K] init
│ ├── [1.2K] lib
│ ├── [ 40] proc
│ ├── [ 40] root
│ ├── [ 100] run
│ ├── [ 660] sbin
│ ├── [ 40] sys
│ ├── [ 40] sysroot
│ ├── [ 40] tmp
│ ├── [ 120] usr
│ └── [ 100] var
├── [ 160] rescue
│ ├── [ 100] backup
│ ├── [ 84K] bases
│ ├── [ 23] BASES.ID
│ ├── [ 220] help
│ ├── [ 12] KRD.VERSION
│ └── [ 60] LiveOS
└── [ 60] squashfs-root
└── [ 60] LiveOS
24 directories, 11 files
Repack initramdisk aka rescue.igz
This creates a lzma compressed cpio archive of /tmp/iso/new folder will take a few minutes as it is now containing the AV defs and main filesystem
cd /tmp/iso/new find ./ -print | cpio --owner 0.0 --quiet -H newc -o | lzma -zc > /tmp/rescue.igz
Copy kernel to same place as initramdisk
cp /tmp/iso/boot/rescue /tmp
You should now have all the files like this
w$ tree -h -L 1 /tmp /tmp ├── [ 220] iso ├── [386M] kav_rescue_10.iso ├── [3.6M] rescue └── [365M] rescue.igz 3 directories, 5 files
Test in QEMU
Using 1.5Gb RAM
Boot kernel and init
$ qemu-system-i386 -enable-kvm -m 1536 -kernel /tmp/rescue -initrd /tmp/rescue.igz -append "root=live kav_lang=en udev liveimg doscsi nomodeset"
ISO boot
(Just to cehck it is the same!)
$ qemu-system-i386 -enable-kvm -m 1536 -cdrom /tmp/kav_rescue_10.iso
