LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Sentry-Firewall-CD-HOWTO-1....

125 lines
5.8 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Sentry Firewall CD HOWTO: Introduction</TITLE>
<LINK HREF="Sentry-Firewall-CD-HOWTO-2.html" REL=next>
<LINK HREF="Sentry-Firewall-CD-HOWTO.html#toc1" REL=contents>
</HEAD>
<BODY>
<A HREF="Sentry-Firewall-CD-HOWTO-2.html">Next</A>
Previous
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc1">Contents</A>
<HR>
<H2><A NAME="s1">1. Introduction</A></H2>
<P> This is the long-overdue Sentry Firewall CDROM howto. I hope this
document helps get you started using the Sentry Firewall CD and answers
any questions you might have regarding how the system works. The most
current version of this howto can be obtained at the following URL:
<A HREF="http://www.SentryFirewall.com/files/howto/">http://www.SentryFirewall.com/files/howto/</A>.
<P>If you would like to add anything to this document, or if you have any
questions or comments please feel free to email me,
<A HREF="mailto:Obsid@Sentry.net?subject=HOWTO">Obsid@Sentry.net</A>.
<P>
<P><BR>
<H2><A NAME="ss1.1">1.1 What is the Sentry Firewall CD?</A>
</H2>
<P> The Sentry Firewall CD is a Linux-based bootable CDROM suitable
for use in a variety of different operating environments. The system is
designed to be configured dynamically via a floppy disk or over a network.
This allows one to configure the system dynamically, eventho much of the actual
system is on read-only(CDROM) media.
<P>
<P><BR>
<H2><A NAME="ss1.2">1.2 Why would I use a CD-based firewall or server?</A>
</H2>
<P> There are several advantages of using a CDROM based system in various
security related environments. The main system is centered around the ramdisk;
a compressed file system image which is loaded into RAM at boot time. Any
changes to the ramdisk image are temporary, and will be undone upon the next
reboot. Furthermore, the ramdisk, kernel, binaries, etc, related to the
operating system are kept on read-only media(CDROM). This means that if the
security of a box running a CDROM based system is ever compromised the attacker
can at best own the box until the next reboot. So there is no real threat of
having to go through the tedious task of rebuilding and hardening the system
after a successful attack is discovered.
<P>
<P><BR>
<H2><A NAME="ss1.3">1.3 I'm a Linux newbie, will the Sentry Firewall CD be a good choice for me?</A>
</H2>
<P> At the moment, there are at least a couple variations of the Sentry Firewall CD
that are based on various Linux distributions. You should first choose the Linux
distribution you are most familiar with. More information on the different types can
be found on the web site - http://www.SentryFirewall.com/.
<P>
<P> Basically, the Sentry Firewall CD is meant to be configured just like a normal
Slackware or Redhat or whatever Linux system. There are no GUIs, no scripts to do it
for you. The idea behind the configuration of the CD is that you are able to
reconfigure the system by replacing the startup scripts and the various configuration
files normally present on the system at boot time. Most of these are simply text
files and shell scripts that you need to edit by hand in order configure properly.
There are, however, usually plenty of resources available to assist you in
configuring a specific service or daemon(HOWTOs on linux.org, for example).
<P>
<P><BR>
<H2><A NAME="ss1.4">1.4 What's with all these branches(SENTRYCD/SENTRYCD-RH/SENTRYCD-xxx)? What's the difference between the branches?</A>
</H2>
<P> First, let me explain briefly how the Sentry Firewall CD works. Basically, there is the
"host" system, a Linux system that is based on one of several Linux distributions. Then there
are the configuration scripts, written in perl, that run after the kernel boots and help
configure the system on the fly. In general, it is possible to create a Sentry Firewall CD
system based on nearly any Linux distribution while only modifying one of the five perl scripts.
<P>
<P> So, to answer your question, each Sentry Firewall CD branch utilizes similar configuration
methods, but are simply based on different Linux distributions. Since I'm a Slackware fan, I used
that distribution as the foundation for the original Sentry Firewall CD(the "SENTRYCD" branch).
It has always been my desire to utilize other Linux distributions for this project, which is why
I created the "SENTRYCD-RH" branche. There will no doubt eventually be other branches and
variations.
<P>
<P><B>Sentry Firewall CD Development Branches:</B>
<UL>
<LI> <B>SENTRYCD</B> - Slackware-like Sentry Firewall CD.</LI>
<LI> <B>SENTRYCD-DEB</B> - Debian-like Sentry Firewall CD. (In Development)</LI>
<LI> <B>SENTRYCD-RH</B> - RedHat-like Sentry Firewall CD. (Deprecated)</LI>
</UL>
<P>
<P> In any case, all the basic functionality is present in each branch. But since different
Linux distributions are configured differently, using different rc files or files in /etc/sysconfig
for example, some of the configuration directives(explained below) will vary between the two branches.
<P>
<P><BR>
<H2><A NAME="ss1.5">1.5 Minimum Requirements</A>
</H2>
<P>
<UL>
<LI> x86 computer with CD-ROM</LI>
<LI> BIOS that supports the eltorito standard(booting from the cdrom).</LI>
<LI> 32MB RAM(64MB or more recommended)</LI>
<LI> Easy access to coffee/tea/soda or equivalent stimulant.</LI>
<LI> Floppy disk drive(optional)</LI>
</UL>
<P><BR>
<H2><A NAME="ss1.6">1.6 Copyrights and Disclaimer</A>
</H2>
<P> The current copyright and disclaimer can be found on the website;
<A HREF="http://www.SentryFirewall.com/files/COPYRIGHT">http://www.SentryFirewall.com/files/COPYRIGHT</A>. It applies to the Sentry
Firewall CD, and all the scripts and documentation associated with it.
<P>
<P>
<P><BR>
<HR>
<A HREF="Sentry-Firewall-CD-HOWTO-2.html">Next</A>
Previous
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc1">Contents</A>
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink