LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

updated

This commit is contained in:
gferg 2003-08-21 01:47:52 +00:00
parent 2bb56893f9
commit 385c45846c
5 changed files with 236 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
LDP/howto/docbook/Apache-WebDAV-LDAP-HOWTO.xml
View File

@ -13,7 +13,8 @@
<surname>Ali</surname>
<affiliation>
<address>
<email>saqib@seagate.com</email>
<email>saqib@seagate.com</email>
<ulink url="http://www.xml-dev.com">Offshore XML/XHTML Development</ulink>
</address>
</affiliation>
</author>
@ -22,6 +23,15 @@
<revhistory>
<revision>
<revnumber>v4.0.2</revnumber>
<date>2003-08-01</date>
<authorinitials>sa</authorinitials>
<revremark>
Minor updates to the Apache configure cmd line. /dev/random referenced in the SSL section.
</revremark>
</revision>
<revision>
<revnumber>v4.0.1</revnumber>
<date>2003-07-27</date>
@ -41,24 +51,6 @@
</revision>
<revision>
<revnumber>v3.4</revnumber>
<date>2002-06-29</date>
<authorinitials>sa</authorinitials>
<revremark>
Added the section "How to generate a CSR"
</revremark>
</revision>
<revision>
<revnumber>v3.3</revnumber>
<date>2002-04-14</date>
<authorinitials>sa</authorinitials>
<revremark>
Add the section of DAV server management.
</revremark>
</revision>
</revhistory>
@ -253,7 +245,7 @@ mysql 3256 3237 0 May29 ? 00:06:58 /usr/local/mysql/bin/mysqld --de
<command># gzip -d httpd-2.0.46.tar.gz </command>
<command># tar -xvf httpd-2.0.46.tar</command>
<command># cd httpd-2.0.46</command>
<command>#./configure --enable-so --enable-mods-shared="ldap auth-ldap" --with-ldap --with-auth-ldap --with-ldap-lib=/usr/local/iplanet-ldap-sdk.5/ --with-ldap-include=/usr/local/iplanet-ldap-sdk.5/ --with-ssl --enable-ssl --enable-rewrite --enable-dav</command>
<command>#./configure --enable-so --with-ssl --enable-ssl --enable-rewrite --enable-dav</command>
</screen>
<para>Next run the make command</para>
<screen><command># make</command>
@ -728,6 +720,12 @@ An optional company name []:
</screen>
<note><title>"PRNG not seeded"</title><para>If you do not have <filename>/dev/random</filename> on your system you will get a <emphasis>"PRNG not seeded"</emphasis> error message. In that case you can use the following command:</para>
<screen><command># /usr/local/ssl/bin/openssl req -rand <emphasis>some_file.ext</emphasis> -new -nodes -keyout private.key -out public.csr </command>
</screen>
<para>Replace some_file.ext with the name of a existing file on your file system. Any file can be specified. Openssl will use that file to generate the seed</para>
</note>
<para>
At this point you will be asked several questions about your server to generate the Certificate Singning Request</para>

2
LDP/howto/docbook/HOWTO-INDEX/adminSect.sgml
View File

@ -628,7 +628,7 @@ secure a Linux installation from intrusion
Sentry-Firewall-CD-HOWTO</ULink>,
<CiteTitle>Sentry Firewall CD HOWTO</CiteTitle>
</Para><Para>
<CiteTitle>Updated: October 2002</CiteTitle>.
<CiteTitle>Updated: August 2003</CiteTitle>.
An introduction on how the Sentry Firewall CDROM
works and how to get started using the system. </Para>
</ListItem>

4
LDP/howto/docbook/HOWTO-INDEX/appsSect.sgml
View File

@ -885,9 +885,9 @@ M$Frontpage Server Extensions. </Para>
<Para>
<ULINK URL="../Apache-WebDAV-LDAP-HOWTO/index.html">
Apache-WebDAV-LDAP-HOWTO</ULink>,
<CiteTitle>Apache WebDAV and LDAP HOWTO</CiteTitle>
<CiteTitle>Apache based WebDAV Server with LDAP and SSL HOWTO</CiteTitle>
</Para><Para>
<CiteTitle>Updated: July 2002</CiteTitle>.
<CiteTitle>Updated: August 2003</CiteTitle>.
A HOWTO on implementing WebDAV services using Apache - with LDAP for
authentication and SSL for ensuring security of the DAV stores. </Para>
</ListItem>

4
LDP/howto/docbook/HOWTO-INDEX/howtoChap.sgml
View File

@ -260,9 +260,9 @@ MS Frontpage Server Extensions. </Para>
<Para>
<ULINK URL="../Apache-WebDAV-LDAP-HOWTO/index.html">
Apache-WebDAV-LDAP-HOWTO</ULink>,
<CiteTitle>Apache WebDAV and LDAP HOWTO</CiteTitle>
<CiteTitle>Apache based WebDAV Server with LDAP and SSL HOWTO</CiteTitle>
</Para><Para>
<CiteTitle>Updated: July 2002</CiteTitle>.
<CiteTitle>Updated: August 2003</CiteTitle>.
A HOWTO on implementing WebDAV services using Apache - with LDAP for
authentication and SSL for ensuring security of the DAV stores. </Para>
</ListItem>

375
LDP/howto/linuxdoc/Sentry-Firewall-CD-HOWTO.sgml
View File

@ -2,7 +2,7 @@
<article>
<title>Sentry Firewall CD HOWTO
<author>Stephen A. Zarkos, <url url="mailto:Obsid@Sentry.net" name="Obsid@Sentry.net">
<date>v1.2.3, 2002-10-22
<date>v1.3.1, 2003-08-18
<abstract>
This document is designed as an introduction on how the
@ -22,7 +22,7 @@ current version of this howto can be obtained at the following URL:
<url url="http://www.SentryFirewall.com/files/howto/">.
If you would like to add anything to this document, or if you have any
questions or comments please feel free to email me, <url url="mailto:Obsid@Sentry.net?subject=HOWTO"
questions or comments please feel free to email me, <url url="mailto:Obsid@Sentry.net?subject=HOWTO"
name="Obsid@Sentry.net">.
@ -56,41 +56,44 @@ that are based on various Linux distributions. You should first choose the Linu
distribution you are most familiar with. More information on the different types can
be found on the web site - http://www.SentryFirewall.com/.
<p>Basically, the Sentry Firewall CD is meant to be configured no more easily than
a normal Slackware or Redhat or whatever Linux system. There are no GUIs, no scripts
to do it for you. The idea behind the configuration of the CD is that you are able to
reconfigure the system by replacing the startup scripts and the various system and
configuration files present on the system at boot time. Most of these are simply text
files and shell scripts that you need to edit by hand in order to be configured properly.
<p> Basically, the Sentry Firewall CD is meant to be configured just like a normal
Slackware or Redhat or whatever Linux system. There are no GUIs, no scripts to do it
for you. The idea behind the configuration of the CD is that you are able to
reconfigure the system by replacing the startup scripts and the various configuration
files normally present on the system at boot time. Most of these are simply text
files and shell scripts that you need to edit by hand in order configure properly.
There are, however, usually plenty of resources available to assist you in
configuring a specific service or daemon(HOWTOs on linux.org, for example).
<newline>
<sect1> What's with this new branch "sentrycd-RH"? What's the difference between the branches?
<p> First, let me explain briefly about how the Sentry Firewall CD works. Basically,
there is the "host" system, a Linux system that is based on one of several Linux distributions.
Then there are the configuration scripts, written in perl, that run after the kernel boots
and help configure the system on the fly. In general, it is possible to create a Sentry
Firewall CD system based on nearly any Linux distribution while only modifying one of the
five perl scripts.
<sect1> What's with all these branches(SENTRYCD/SENTRYCD-RH/SENTRYCD-xxx)? What's the difference between the branches?
<p> So, to answer your question, "sentrycd-RH" is based on a different Linux distribution
than the original branch "sentrycd". Since I'm a Slackware fan, I used that distribution as
the foundation for the original Sentry Firewall CD(the sentrycd branch). It has always been my
desire to utilize other Linux distributions for this project, which is why I created the sentrycd-RH
branch.
<p> First, let me explain briefly how the Sentry Firewall CD works. Basically, there is the
"host" system, a Linux system that is based on one of several Linux distributions. Then there
are the configuration scripts, written in perl, that run after the kernel boots and help
configure the system on the fly. In general, it is possible to create a Sentry Firewall CD
system based on nearly any Linux distribution while only modifying one of the five perl scripts.
<p> In any case, all the basic functionality is present in both versions. But since different
<p> So, to answer your question, each Sentry Firewall CD branch utilizes similar configuration
methods, but are simply based on different Linux distributions. Since I'm a Slackware fan, I used
that distribution as the foundation for the original Sentry Firewall CD(the "SENTRYCD" branch).
It has always been my desire to utilize other Linux distributions for this project, which is why
I created the "SENTRYCD-RH" branche. There will no doubt eventually be other branches and
variations.
<P>
<bf>Sentry Firewall CD Development Branches:</bf>
<itemize>
<item> <bf>SENTRYCD</bf> - Slackware-like Sentry Firewall CD.
<item> <bf>SENTRYCD-DEB</bf> - Debian-like Sentry Firewall CD. (In Development)
<item> <bf>SENTRYCD-RH</bf> - RedHat-like Sentry Firewall CD. (Deprecated)
</itemize>
<p> In any case, all the basic functionality is present in each branch. But since different
Linux distributions are configured differently, using different rc files or files in /etc/sysconfig
for example, some of the configuration directives(explained below) will vary between the two branches.
<p> You may be asking yourself, "then what Linux distro is the sentrycd-RH branch based on?" Well,
since I'm not about to violate any current
<url url="http://www.redhat.com/about/corporate/trademark/guidelines.html" name="trademark guidlines">,
I'll leave that as an exercise to the reader. Of course, you can always
<url url="http://www.sentryfirewall.com/#download" name="download"> the ISO and find out for yourself :-)
<newline>
<sect1> Minimum Requirements
@ -109,6 +112,7 @@ I'll leave that as an exercise to the reader. Of course, you can always
<url url="http://www.SentryFirewall.com/files/COPYRIGHT">. It applies to the Sentry
Firewall CD, and all the scripts and documentation associated with it.
<!-- END SECTION 1.0 -->
<!-- BEGIN SECTION 2.0 -->
@ -186,7 +190,7 @@ has defined in the configuration file.
<sect1> Downloading
<p> The CDROM is distributed as a gzip or bzip2 compressed iso image, and is
generally between 95-105MB in size. ISO images for the sentyrcd-RH branch are
generally much larger, between 150-200MB in size. Available download mirrors
generally much larger, between 150-200MB in size. Available download mirrors
are listed on the websites; <url url="http://www.SentryFirewall.com/"> or
<url url="http://Sentry.Sourceforge.net/">.
@ -205,7 +209,9 @@ For more information about these services, please
<sect1> Burning the CDROM
<p> This section will attempt a general overview on how to burn the CD iso
image once you have obtained it from one of the mirrors. All the commands
presume you're working in Linux, if not, then I'm afraid you're on your own.
presume you're working in Linux. Buring ISO images in Windows is not covered
in this howto. If you are using windows then check out the
<url url="http://www.e-smith.org/docs/howto/CD_burning_howto.php3" name="CD Burning Howto">
First, let's decompress the iso image: <newline>
<bf>NOTE:</bf> Make sure you have enough disk space, the decompressed iso image can be
@ -239,7 +245,7 @@ blah@wherever:&tilde;&dollar; cdrecord -v -data speed=$SPEED dev=$DEV sentrycd.i
</verb></tscreen>
That's it, you now have a Sentry Firewall CDROM. By the way, you
may have to be root to do all this.
may have to be 'root' to do all this.
Keep in mind, if you simply want to look at the ISO image without actually
burning the CD, you can mount the image on a loopback device;
@ -271,7 +277,9 @@ files are.
A good example of a sentry.conf file can be found on the Sentry Firewall CD
in the directory /SENTRY/scripts/cd-config/. Configuration floppy disk
images(1.44M) can also be found in /SENTRY/images/ on the CD.
images(1.44M) can also be found in /SENTRY/images/ on the CD. These files are also
available on the website, <url url="http://www.SentryFirewall.com/" name="http://www.SentryFirewall.com/">
<newline>
<sect1> The sentry.conf file
@ -329,8 +337,9 @@ following will likely not be parsed correctly:
</verb>
The configuration scripts only recognize a certain number of configuration
files. There are other very easy ways to copy configuration files into their
proper location, however. These methods will be discussed below.
files, so it probably won't know what to do with "foo.conf". There are other
very easy ways to copy configuration files into their proper location, however.
These methods will be discussed below.
<newline>
@ -410,7 +419,7 @@ IP(192.168.1.2) and a default gateway(192.168.1.1):
<bf>NOTE:</bf> It is important to keep in mind that whatever devices you set up during the
configuration process will be promptly taken down after the configuration is
complete. This setup is only used so you can retrieve configuration files over
the network, via http and ftp. For more permanent network configuration, please
the network, via http(s)/ftp/scp/sftp. For more permanent network configuration, please
use the rc.inet1 file.
@ -422,7 +431,7 @@ use the rc.inet1 file.
&num;&num; Basic Sentry Firewall CD config file to retrieve files via HTTP(s)/FTP/SCP/SFTP.
device1 = eth0:tulip:192.168.1.2|192.168.1.1
nameserver = &lt;MY_DNS_IP&gt;
nameserver = 123.123.123.123 ## This should be the IP of your DNS server.
rc.M = ftp://user:pass@config.sentry.net/node1/rc.M
rc.inet1 = http://user:pass@config.sentry.net/all_nodes/rc.inet1
@ -507,18 +516,15 @@ blah@wherever:&tilde;&dollar; dd if=/cdrom/SENTRY/images/ext2-144.img of=/dev/fd
2880+0 records out
</verb></tscreen>
The disk images and a sample sentry.conf file can also be found on the website at
the following locations:
<itemize>
<item><bf>sentry.conf</bf> - <url url="http://www.SentryFirewall.com/files/scripts/cd-config/" name="http://www.SentryFirewall.com/files/scripts/cd-config/">
<item><bf>Disk Images</bf> - <url url="http://www.SentryFirewall.com/files/images/" name="http://www.SentryFirewall.com/files/images/">
</itemize>
The disk images and a sample sentry.conf file can also be found on the website,
<url url="http://www.SentryFirewall.com/" name="http://www.SentryFirewall.com/">
<!-- END SECTION 4.0 -->
<!-- BEGIN SECTION 5.0 -->
<newline>
<sect> Overview of Available Configuration Directives
<sect1> Replacing rc/config files
@ -533,7 +539,7 @@ of the file is often '/floppy/filename'. The file location can also be a URL.
The supported prefixed include "http://", "https://", "ftp://", "sftp://", and "scp://".
As previously mentioned, there are at least two Sentry Firewall CD branches with varying
names like "sentrycd" and "sentrycd-RH". The only difference between these branches is
names like "SENTRYCD" and "SENTRY-RH". The only difference between these branches is
the "host" Linux distribution that is utilized. And since Linux distributions utilize
different files during bootup, the accepted directives for the two branches vary. For example,
a Slackware system utilizes files such as "rc.S" and "rc.M" to boot into single and multi-user
@ -544,112 +550,13 @@ directive that states the following:
<verb>
rc.M = /floppy/rc.M
</verb>
Since a non-Slackware system wouldn't know to do with a file called "rc.M". In any case, it
is for this reason that the configuration directives vary a bit between branches.
since a non-Slackware system wouldn't know to do with a file called "rc.M". In any case, it
is for this reason that the configuration directives vary a bit between branches. The
directives that are available can be found in the sentry.conf file in the SENTRY/scripts/cd-config/
directory, or on the website.
<newline>
Branch: <bf>sentrycd</bf> <newline>
The following rc/config files are currently supported:
<tscreen><verb>
rc.M
rc.netdevice
rc.inet1
rc.inet2
rc.local
rc.modules
rc.firewall
rc.firewall.nat
fstab
passwd
shadow
group
shells
profile
resolv.conf
hosts
ftpusers
hostname
newsyslog.conf
openssl.cnf
syslog.conf
syslog-ng.conf
inetd.conf
modules.conf
proftpd.conf
squid.conf
httpd.conf
smb.conf
snort.conf
pptpd.conf
pppoe.conf
gated.conf
zebra.conf
hosts.equiv
shosts.equiv
ssh_config
sshd_config
ssh_host_key
ssh_host_key.pub
ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub
ssh_known_hosts
ssh_known_hosts2
</verb></tscreen>
<newline>
Branch: <bf>sentrycd-RH</bf> <newline>
The following rc/config files are currently supported:
<tscreen><verb>
rc.local
rc.news
rc.firewall
rc.firewall.nat
fstab
ftpusers
group
hosts.equiv
hostname
hosts
openssl.cnf
passwd
profile
resolv.conf
shadow
shells
gated.conf
httpd.conf
named.conf
pppoe.conf
proftpd.conf
pptpd.conf
smb.conf
snort.conf
squid.conf
syslog-ng.conf
syslog.conf
xinetd.conf
zebra.conf
shosts.equiv
ssh_config
sshd_config
ssh_host_key
ssh_host_key.pub
ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub
ssh_known_hosts
ssh_known_hosts2
sysconf_dir **
xinetd_dir **
</verb></tscreen>
** The "sysconf_dir" and "xinetd_dir" are unique to the "sentrycd-RH" branch. Unlike
The "sysconf_dir" and "xinetd_dir" are unique to the "SENTRYCD-RH" branch. Unlike
the other directives, these are used to replace the files located in the /etc/xinetd.d/
and the /etc/sysconfig/ directories. The /etc/sysconfig/ directory contains most of the
configuration files used by the init scripts(in /etc/rc.d/init.d/) on systems such as
@ -805,7 +712,7 @@ define the hostname itself.
<newline>
<sect1> Other sentrycd-RH Specific Directives
<sect1> Other SENTRY-{RH,DEB} Specific Directives
<p> Besides the "xinetd_dir" and "sysconf_dir" directives, mentioned above,
there is another directive that is unique to the sentrycd-RH branch.
@ -831,14 +738,158 @@ usually not necessary, but is used to actually replace the startup script locate
To get a better idea of how this works, please take a look at the sample "sentry.conf"
file located either on the CD or online at
<url url="http://www.SentryFirewall.com/files/scripts/cd-config/sentrycd-rh/sentry.conf"
name="http://www.SentryFirewall.com/files/scripts/cd-config/sentrycd-rh/sentry.conf">
<url url="http://www.sentryfirewall.com/files/sentrycd-rh-devel/scripts/cd-config/sentry.conf"
name="http://www.sentryfirewall.com/files/sentrycd-rh-devel/scripts/cd-config/sentry.conf">
<!-- END SECTION 5.0 -->
<!-- BEGIN SECTION 6.0 -->
<newline>
<sect> Setting Up a Firewall
<sect1> Starting the Firewall
<P>
Ok, so the project is called the Sentry *Firewall* CD. So where's the firewall?
Well, it's important to note that this system is capable of quite a bit more than your
standard bootable floppy or CD firewall. In fact it is a pretty complete Linux system
on a CD, and as with any Linux system the "firewall" is set up using scripts and various
userland utilities such as ipchains or iptables.
IPChains or IPTables firewall scripts generally take the form of shell scripts
that are customized by the user and run at boot-time. If you already have a
ruleset for your firewall simply edit the "rc.firewall" directive in your
"sentry.conf" file to point to your firewall script on your floppy or on a
remote HTTP(S)/FTP/SCP/SFTP server as explained above. The firewall will
then be run at boot time.
<newline>
<sect1> Using FWBuilder with the Sentry Firewall CD
<p>
FWBuilder(http://www.FWBuilder.org/) is a firewall configuration and management
system. The advantage to this application is that it provides a graphical user
interface to develop and modify firewall rulesets on various platforms using
various utilities. The Firewall rulesets that are created with FWBuilder are
completely compatible with the Sentry Firewall CD, and with just about any Linux
firewall.
As with most Linux firewalls there are no X11 binaries or libraries on the Sentry
Firewall CD, so you will need to develop the firewall ruleset on a separate workstation
using fwbuilder and then upload the ruleset to the various firewalls/routers/nodes
on the network. The following are the basic steps required to get your new fwbuilder
ruleset running on the Sentry CD:
<itemize>
<item> Configure your new firewall to your liking with fwbuilder(duh).
<item> Save your firewall. Choose File->Save As, and choose an appropriate name.
The file will normally be saved as "whatever.xml".
<item> Compile the firewall. Choose Rules->Compile. The ruleset will be compiled
and turned into a shell script called "whatever.fw".
<item> You will then want to copy "whatever.fw" to your configuration floppy and use
the "rc.firewall" configuration directive in your sentry.conf file to point to
your new firewall script. The firewall script will be copied to
/etc/rc.d/rc.firewall during the configuration process and run at boot-time.
</itemize>
<p>
Please note that it is not necessary to reboot the Sentry Firewall CD every time
you update your firewall script. You may simply upload the new script to the
Sentry Firewall and run it. But just make sure that you copy the final draft of
your script to the configuration floppy so that it will be run at boot-time.
<newline>
<sect1> Using Webmin with the Sentry Firewall CD
<p>
As of version 1.5.0-rc3 Webmin(http://www.webmin.com/) is available on the CD.
Among many of the other default modules available with webmin - of which not all
have been fully tested - Webmin includes two modules for generating and managing
your firewall setup. These modules are located in the "Networking" section of the
webmin interface. In this section you will see the "Linux Firewall" and "Shorewall
Firewall" modules, either of which are available for your use.
The addition of Webmin also adds four new configuration directives -
<verb>
start_webmin = <enable | disable> ## enable|disable webmin. Default == disable.
webmin_config = <path/to/config> ## Main webmin config(/etc/webmin/config).
miniserv.conf = <path/to/miniserv.conf> ## Config file for webmin http(s) daemon.
miniserv.pem = <path/to/miniserv.pem> ## SSL cert for webmin http(s) daemon.
## An SSL cert will be created by rc.webmin if
## one is not specified.
miniserv.users = <path/to/miniserv.users> ## Password file used for webmin.
## Default user:pass is sentry:SENTRY.
## NOTE: If this file is not replaced webmin
## will NOT start!
</verb>
<p>
<bf>Note:</bf> The modifications made by these web interface tools are, of course, not
permanent. Any files altered will need to be placed on a floppy or on a remote server and
declared in your sentry.conf file as explained in previous sections.
<p>
Many of these web interface tools do not simply generate a firewall script, but rather
set up a firewall and use the 'iptables-save' and 'iptables-restore' utilities to dump and
load the firewall. The file created by 'iptables-save' must be loaded using 'iptables-restore',
it cannot be run like a shell script. By default this file is placed in "/etc/rc.d/rc.firewall.save".
Once you configure your firewall to your liking you will need to place the rc.firewall.save file on a
floppy or a remote server and declare its location using the "rc.firewall.save" directive in the
sentry.conf file. With the sentrycd and sentyrcd-devel branches, the rc.firewall and rc.firewall.save
files are normally run automatically at boot-time from rc.inet2.
<p>
As of verions 1.5.0-rc3 the Shorewall(http://www.shorewall.net/) firewall scripts are available on
the Sentry Firewall CD. Webmin also comes with a module to configure and set up Shorewall, although
Shorewall can be configured manually as well. Shorewall utilizes a number of configuration files
located in /etc/shorewall. The sentry.conf file recognizes the "shorewall.conf" configuration directive,
but if any of the other configuration files in /etc/shorewall need to be replaced you will need to do
so manually using the "|=" configuration directive.
<newline>
<sect1> Other Sample Firewall Scripts and Tools
<p> Sample firewall scripts can be found in the /SENTRY/scripts/firewall
directory on the CD. These are just a few firewall scripts I found on the
Internet and have put here for your convenience. If you do a search on
<url url="http://www.google.com/" name="google">
or
<url url="http://www.freshmeat.net/" name="freshmeat.net">
you will probably find several others pretty easily.
<p>
I have also added "Easy Firewall Generator" (http://easyfwgen.morizot.net/) and
"IPTables Script Generator" (http://iptables.linux.dk/) to the CD. These are PHP
scripts that can assist you in creating a ruleset for your Sentry Firewall CD system.
In order to view these you will need to start the Apache web server on a running Sentry
Firewall CD system, and then direct your browser to the IP address of your Sentry
Firewall. The scripts should be available in the "firewall" directory.
<p>
Please note that these web-based scripts will often generate a script for you, but you
will still need to take that generated script and place at on a floppy or on a remote
server and edit the "rc.firewall" directive in the sentry.conf file to point to your
new script.
<newline>
<sect1> Links to Other Firewall Resources
<p>
<url url="http://www.netfilter.org/documentation/index.html#HOWTO" name="Netfilter HOWTO"><newline>
<url url="http://www.netfilter.org/documentation/index.html#FAQ" name="Netfilter FAQ"><newline>
<url url="http://www.netfilter.org/documentation/index.html#tutorials" name="Netfilter Tutorials">
<p>
If there are any other resources you think I should add to this section, please email me at
<url url="mailto:Obsid@Sentry.net" name="Obsid@Sentry.net">.
<!-- END SECTION 6.0 -->
<!-- BEGIN SECTION 7.0 -->
<newline>
<sect> Troubleshooting
<sect1> Booting Problems
@ -911,9 +962,9 @@ Sentry-Users mailing list. Other mailing lists are listed at
</itemize>
<!-- END SECTION 6.0 -->
<!-- END SECTION 7.0 -->
<!-- BEGIN SECTION 7.0 -->
<!-- BEGIN SECTION 8.0 -->
<newline>
<sect> Building a Custom Sentry CD
@ -941,8 +992,8 @@ system, and it is from here that I compile the needed tools, kernels, etc and
basically run everything.
To make this easy for you, the Sentry Firewall CD ISO is basically an exact
copy of what's in /mnt/CD-FW/ on my hard drive. All I did was use the 'mkisofs'
utility on /mnt/CD-FW.
copy of what's in /mnt/CD-FW/ on my hard drive. I simply use the 'mkisofs'
utility on /mnt/CD-FW to create the ISO image.
If you simply want to get started, perhaps try the following steps:
<itemize>
@ -968,7 +1019,7 @@ If you simply want to get started, perhaps try the following steps:
cp -Rdp /mnt/usr/man /mnt/CD-FW/usr/
</verb>
</itemize>
<bf>NOTE:</bf> The above commands may spit out errors when working with certain
files(ie. hard links). These errors are annoying, but they're not critical at all.
@ -1013,7 +1064,7 @@ the rootdisk. Please read that file and the disclaimer before you decide to
use it. It runs perfectly on my system, but may not run well at all on yours.
It basically attempts to create a rootdisk image to use with the Sentry CD, but
it is very long and may be somewhat difficult to comprehend at times. This is
what happens when I start a project and fail to utilize proper child safety
what happens when I start hacking around and fail to utilize proper child safety
restraints.
@ -1035,8 +1086,8 @@ root@mybox:/mnt/CD-FW# mkisofs -o sentrycd.iso -R -V "Sentry Firewall CD [v1.x.x
</verb></tscreen>
And that's it, I burn the CD and test it. For reference, the following
files are available on the CDROM and online at
<url url="http://www.SentryFirewall.com/files/scripts/MK-CD/" name="http://www.SentryFirewall.com/files/scripts/MK-CD/">
files are available on the CDROM and online at
<url url="http://www.SentryFirewall.com/" name="http://www.SentryFirewall.com/">
<itemize>
<item> /SENTRY/scripts/MK-CD/mkrootdsk.sh (builds the rootdisk)
<item> /SENTRY/scripts/MK-CD/mkiso.sh (builds final ISO image)
@ -1045,10 +1096,10 @@ files are available on the CDROM and online at
<!-- END SECTION 7.0 -->
<!-- END SECTION 8.0 -->
<!-- BEGIN SECTION 8.0 -->
<!-- BEGIN SECTION 9.0 -->
<newline>
<sect> More About the Sentry Firewall Project
@ -1071,7 +1122,7 @@ utilize the system in a test or production environment and send me suggestions,
feedback. For those interested in assisting with the enhancement of any of the Sentry Firewall CD
branches, please check out the TODO file located in /SENTRY/docs/TODO on the CD image, or online at
<url url="http://www.SentryFirewall.com/files/sentrycd/docs/TODO" name="http://www.SentryFirewall.com/files/sentrycd/docs/TODO">
or
or
<url url="http://www.SentryFirewall.com/files/sentrycd-rh/docs/TODO" name="http://www.SentryFirewall.com/files/sentrycd-rh/docs/TODO">.
I do, on occasion, make the Sentry Firewall CD available for purchase. I also accept donations including hardware,
@ -1087,7 +1138,7 @@ I began work on the project around April of 2000, probably ruining 200 CD-Rs bef
Sentry Firewall CD. And for the last two years I have been continuing to develop, enhance and maintain the project -
give or take a few months here and there while I took a short hiatus(marriage, education, etc).
From the beginning, this project has proven to be quite popular, and has received a great deal of support
From the beginning, this project has proven to be quite popular, and has received a great deal of support
and feedback from its loyal users. This kind of support has proven invaluable, and has kept me motivated
to continue to develop this project. There is nothing I would rather do right now than work on and enhance
this system, however since I do not get paid to develop this project, it is only a part-time endeavor.
@ -1106,7 +1157,7 @@ Bellevue, WA 98008 <newline>
<bf>Email:</bf> <url url="mailto:Obsid@Sentry.net" name="Obsid@Sentry.net">
<!-- END SECTION 8.0 -->
<!-- END SECTION 9.0 -->
</article>