Custom ISO image for server

Started by carldweb, Aug 17, 2022, 02:20 AM

Previous topic - Next topic

carldwebTopic starter

Installing a system from an ISO is the most efficient method if the server requires non-standard software and OS. Still, not everyone needs a typical Nginx/Apache installation and a standard set of programs from the LAMP/LEMP/LEPP stack. Someone needs a server for other purposes. There are many options here. Let's say we want to launch a game server, a media server, a group chat, or a set of utilities for pentesting, that is, checking web services for vulnerabilities in order to report them to the service owner and, for example, receive the due reward under the bug bounty program.


It is convenient to perform many pentesting tasks from a dedicated server, and not from your home computer, where some ports are tightly closed by the provider's firewall. But from the server you can safely run, for example, a port scan around the clock.

The best operating systems for pentesting are Kali Linux and ParrotOS. Accordingly, it is most convenient to install them from ISO images.

Kali Linux

Kali Linux includes tools for the following tasks:

    Reverse development (reverse engineering). Tools for debugging programs and reverse engineering executable files.
    Stress testing. Tools for stress checking networks and web services. In fact, these are DDoS systems, but not with the aim of crashing it, but with good intentions to find out what kind of load the apparatus can withstand.
    hаcking equipment. Tools for working with Android and Arduino.
    Forensic examination (forensics). Tools for digital forensics. They allow you to create disk images, analyze memory images and extract files.

To simplify pentesting, the system has a Top 10 Security Tools category (Top 10 safety tools). This category includes aircrаckng, burp-suite, hydra, john, maltego, metasploit, nmap, sqlmap, wireshark, and zaproxy. These are the most famous and effective tools.

For example, Metasploit is a framework with a big collection of exploits for all known vulnerabilities, a pentester's Swiss knife. Nmap is an ideal port scanning program. Wireshark is the best sniffer and network traffic analyzer. John the Ripper is a famous password brute force tool, and so on. All of this comes with Kali Linux, so there's nothing to manually install. There are over 600 pre-installed hаcker apps included in the package. It's comfortable. Although, in principle, nothing prevents you from installing any necessary programs in any other Linux distribution.

Option: Parrot OS

The Debian-based Parrot OS distribution serves the same direction as Kali Linux. This is a kind of "portable laboratory" for all operations related to information safety, from pentesting to forensics and stress checking, but it is also positioned for software developers with an emphasis on security and privacy.

Kali Linux and Parrot OS are similar in many ways, but differ in apparatus requirements (320 MB RAM for Parrot OS, 1 GB for Kali Linux), appearance (MATE and KDE for Parrot OS versus GNOME for Kali Linux), and a set of hаcking tools. Parrot OS has everything that Kali Linux has, plus additional tools of its own, such as AnonSurf (removing all traces of yourself from the browser) and Wifiphisher (installing a fake WiFi hotspot to fool surrounding devices). In terms of performance, Parrot OS also wins, especially on a weak configuration, where Kali Linux starts to noticeably lag.

Various versions of ISO images and docker containers with Parrot OS are laid out here.

Of course, there are other distributions for pentesting, which you can also get in the form of an ISO image or make such an image yourself.

game server

If you need to set up a game server, in many cases it is also more convenient to download a specialized ISO and install from it.

For example, the game Counter-Strike Global Offensive is the most popular shooter in the world. There are several reasons to set up your own private server. Here you can limit the circle of players, completely exclude cheaters. And most importantly, you set your own rules of the game.

CSGO Server is installed on Linux, Windows 10 or another system. But it may be more convenient to make an ISO where everything is already installed, including SteamCMD, the Steam console client that is a prerequisite for installing a CSGO server. So if you still install CSGO directly on the server, then you first need to install SteamCMD. If you prepare an ISO image with everything you need, then in the future it can be used repeatedly by rolling onto different servers.

Some hosters offer ready-made CS servers. They can be rented both with payment for slots and with payment for resources (professional tariffs for gaming VDS/VPS).

Or take Minecraft. Yes, it's a child's game, but it's one of the top five most played online games in the world. For Minecraft servers, a special MineOS Turnkey has been created, which is distributed as an ISO. Although all the necessary software can be installed separately on an existing BSD/Linux server, it is much more pleasant to instantly roll up the apparatus with everything you need. The system is preconfigured and optimized for this task: there is a server administration tool, backup management, advanced incremental game world backups (rdiff backup using rsync algorithm), one-click loading of user interface and server mods (vanilla, bukkit, etc.) mice.

Turnkey Linux

Turnkey Linux is a library of prebuilt system images based on Debian 8 ("Jessie"). Turnkey is translated "turnkey", that is, "all inclusive". Each image is pre-integrated with the best free software components. The result is a secure and easy-to-use ISO solution for whatever needs you might need.

Debian is the largest GNU/Linux distribution with 37,500 open source software packages. However, most of these programs are little known, because they are not included by default in standard distributions. Turnkey is on a mission to change that.

The project has created a clear but powerful TKLDev Linux distribution development toolkit, which makes it easy to create ready-made solutions that are deployed from an ISO image directly on hardware, on a virtual device or in the cloud in a few minutes.

Turnkey is over 100 ready to use images. All of them support automatic daily updates with the latest safety patches, one-click backup and restore: the system saves changes to files, databases and package management in an encrypted vault from which servers can be automatically restored. The TKLBAM backup tool is built into the Turnkey Core apparatus.

Each Turnkey distribution includes a web management interface, a web shell, and a clearconfiguration console.

All images are lightweight (from 150 MB), carefully built from scratch with the minimum required set of components to ensure the most efficient consumption of resources, efficiency and security. In all relevant images, SSL works out of the box on free Let's Encrypt certificates.

Here are some looks from the Turnkey collection:

    LAMP stack (408MB VM, 378MB ISO). Typical Linux bundle, Apache, MariaDB (instead of MySQL), PHP/Python/Perl.
    NGINX PHP FastCGI (404MB VM, 373MB ISO). Alternative stack for web server.
    WordPress (425MB VM, 392MB ISO). One of the best blog publishing platforms with thousands of plugins available for every taste.
    Ghost (740MB VM, 582MB ISO). Another open source blog publishing platform, beautifully designed, easy to use, free, and fast. The application is written in Node.js, the administration client is in the Ember.js framework, and the themes are in the Handlebars.js engine.

ZoneMinder (531MB VM, 483MB ISO). Video surveillance system for home, office or any place. Uses the best software, compatible with any cameras. Suitable for apparatus of any size. Advanced real-time motion and object recognition (EventServer and zmMagik systems).
File Server (508MB VM, 461MB ISO). Easy to use file server, Windows compatible shared file storage with web manager. The complete file server supports SMB, SFTP, NFS, WebDAV and rsync file transfer protocols. It is possible both private file storage and public storage on public hosting. Powered by Samba and WebDAV CGI.

Nextcloud (639MB VM, 558MB ISO). Store files, photo galleries, calendar and more. The server is accessible from any device via the Internet. It can also be installed either on a local network with access via the Internet, or on a public server.

GitLab (1.1 GB VM, 1.0 GB ISO). Single server for the entire software development life cycle. From project planning and source code management to CI/CD, monitoring and safety. GitLab provides Git-based version control packaged with a complete set of DevOps tools. In fact, something like GitHub, but on its own server and with more advanced functionality.
Media Server (648MB VM, 587MB ISO). A fully configured media server indexes all your home videos, music and photos, then automatically transcodes on the fly and streams that content for playback on any device. The server runs Jellyfish with a web-based file management application and is compatible with Windows and a variety of data transfer protocols including SFTP, rsync, NFS, and WebDAV. As in the case of a regular file server, here you can manage files both in private and public storage, that is, broadcast video for everyone on the Internet, as far as the server hardware can withstand.

MySQL (398MB VM, 368MB ISO).
A well-known open source DBMS, which is now owned by Oracle Corporation. It is fast, stable, reliable, easy to use and multi-threaded SQL database server. Strictly speaking, what is actually running on the server is MariaDB, a typical replacement for MySQL, although it has some features that MySQL lacks, so it's possible to migrate from MySQL to MariaDB, but it's often impossible to go back.
Torrent server (607MB VM, 549MB ISO). File server with integrated file sharing. Files are added to the download list through a clear web interface that allows you to remotely manage the server. Especially useful for centralizing file sharing across a shared network. Includes a virus scanner.

Perhaps this image is better suited for installation on a local network along with a media server in order to download movies and series from torrents, save them to storage, and broadcast them to all TVs, laptops and smartphones in the house.
phpBB (416MB VM, 384MB ISO). The world's most popular open source web forum solution. Based on modules. High level of safety, multilingual interface and an advanced administration panel with settings for all forum functions.
Zen Cart (416MB VM, 384MB ISO).

Server for managing an online store. Support for different languages and currencies.
AVideo (672MB VM, 616MB ISO), former name of YouPHPTube. An open-source video streaming server modeled after YouTube, Vimeo, etc. With AVideo, you can set up your own video site and stream videos live. Some of the features include importing and encoding videos from other sites directly from the web, mobile device support through an adaptive hybrid app that allows you to directly stream video from your phone via a server to a wide audience.
Mattermost (622MB VM, 569MB ISO). An open source alternative to Slack on your own hosting server. Combines messaging and file sharing, works on PC and mobile devices, built-in archiving and search. Mattermost integrates out of the box with a range of other web applications and is extensible with modules so you can create custom functions on top of the Golang/React core.

These are just a few examples of specialized ISO images from the Turnkey collection. Upload such an image to your server, install the system from it, and you immediately have a customized application with all the necessary components.

Thus, technically, almost any operating apparatus with any utilizations can be installed on VDS using its own ISO. The main thing is that the system has drivers for working with VirtIO devices. If they are not in the image, then you need to add them yourself.


Compared to Ansible & co, it will not aid you make CentOS from Debian, or vice versa, and not all providers provide all distribution options - sometimes the latest version is not available and doing a release upgrade is not always convenient, not to mention the other way around - when provider only the latest version and for some reason you need the previous one.

Additionally, some set minimum wages, some maximum wages, some add their own (which you need to get rid of), etc. - too many variations for configuration management systems, it's easier to actually install your own installation image.

I usually launch the rescue system first and drag my image (unlike the ISO version, it works with almost any provider) - it gives a certain degree of confidence that there will be nothing superfluous in the system (two providers have already been caught installing software and editing the config through qemu-guest-agent, and not at all on managed servers).