125 lines
5.8 KiB
HTML
125 lines
5.8 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Sentry Firewall CD HOWTO: Introduction</TITLE>
|
|
<LINK HREF="Sentry-Firewall-CD-HOWTO-2.html" REL=next>
|
|
|
|
<LINK HREF="Sentry-Firewall-CD-HOWTO.html#toc1" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO-2.html">Next</A>
|
|
Previous
|
|
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc1">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s1">1. Introduction</A></H2>
|
|
|
|
<P> This is the long-overdue Sentry Firewall CDROM howto. I hope this
|
|
document helps get you started using the Sentry Firewall CD and answers
|
|
any questions you might have regarding how the system works. The most
|
|
current version of this howto can be obtained at the following URL:
|
|
<A HREF="http://www.SentryFirewall.com/files/howto/">http://www.SentryFirewall.com/files/howto/</A>.
|
|
<P>If you would like to add anything to this document, or if you have any
|
|
questions or comments please feel free to email me,
|
|
<A HREF="mailto:Obsid@Sentry.net?subject=HOWTO">Obsid@Sentry.net</A>.
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss1.1">1.1 What is the Sentry Firewall CD?</A>
|
|
</H2>
|
|
|
|
<P> The Sentry Firewall CD is a Linux-based bootable CDROM suitable
|
|
for use in a variety of different operating environments. The system is
|
|
designed to be configured dynamically via a floppy disk or over a network.
|
|
This allows one to configure the system dynamically, eventho much of the actual
|
|
system is on read-only(CDROM) media.
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss1.2">1.2 Why would I use a CD-based firewall or server?</A>
|
|
</H2>
|
|
|
|
<P> There are several advantages of using a CDROM based system in various
|
|
security related environments. The main system is centered around the ramdisk;
|
|
a compressed file system image which is loaded into RAM at boot time. Any
|
|
changes to the ramdisk image are temporary, and will be undone upon the next
|
|
reboot. Furthermore, the ramdisk, kernel, binaries, etc, related to the
|
|
operating system are kept on read-only media(CDROM). This means that if the
|
|
security of a box running a CDROM based system is ever compromised the attacker
|
|
can at best own the box until the next reboot. So there is no real threat of
|
|
having to go through the tedious task of rebuilding and hardening the system
|
|
after a successful attack is discovered.
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss1.3">1.3 I'm a Linux newbie, will the Sentry Firewall CD be a good choice for me?</A>
|
|
</H2>
|
|
|
|
<P> At the moment, there are at least a couple variations of the Sentry Firewall CD
|
|
that are based on various Linux distributions. You should first choose the Linux
|
|
distribution you are most familiar with. More information on the different types can
|
|
be found on the web site - http://www.SentryFirewall.com/.
|
|
<P>
|
|
<P> Basically, the Sentry Firewall CD is meant to be configured just like a normal
|
|
Slackware or Redhat or whatever Linux system. There are no GUIs, no scripts to do it
|
|
for you. The idea behind the configuration of the CD is that you are able to
|
|
reconfigure the system by replacing the startup scripts and the various configuration
|
|
files normally present on the system at boot time. Most of these are simply text
|
|
files and shell scripts that you need to edit by hand in order configure properly.
|
|
There are, however, usually plenty of resources available to assist you in
|
|
configuring a specific service or daemon(HOWTOs on linux.org, for example).
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss1.4">1.4 What's with all these branches(SENTRYCD/SENTRYCD-RH/SENTRYCD-xxx)? What's the difference between the branches?</A>
|
|
</H2>
|
|
|
|
<P> First, let me explain briefly how the Sentry Firewall CD works. Basically, there is the
|
|
"host" system, a Linux system that is based on one of several Linux distributions. Then there
|
|
are the configuration scripts, written in perl, that run after the kernel boots and help
|
|
configure the system on the fly. In general, it is possible to create a Sentry Firewall CD
|
|
system based on nearly any Linux distribution while only modifying one of the five perl scripts.
|
|
<P>
|
|
<P> So, to answer your question, each Sentry Firewall CD branch utilizes similar configuration
|
|
methods, but are simply based on different Linux distributions. Since I'm a Slackware fan, I used
|
|
that distribution as the foundation for the original Sentry Firewall CD(the "SENTRYCD" branch).
|
|
It has always been my desire to utilize other Linux distributions for this project, which is why
|
|
I created the "SENTRYCD-RH" branche. There will no doubt eventually be other branches and
|
|
variations.
|
|
<P>
|
|
<P><B>Sentry Firewall CD Development Branches:</B>
|
|
<UL>
|
|
<LI> <B>SENTRYCD</B> - Slackware-like Sentry Firewall CD.</LI>
|
|
<LI> <B>SENTRYCD-DEB</B> - Debian-like Sentry Firewall CD. (In Development)</LI>
|
|
<LI> <B>SENTRYCD-RH</B> - RedHat-like Sentry Firewall CD. (Deprecated)</LI>
|
|
</UL>
|
|
<P>
|
|
<P> In any case, all the basic functionality is present in each branch. But since different
|
|
Linux distributions are configured differently, using different rc files or files in /etc/sysconfig
|
|
for example, some of the configuration directives(explained below) will vary between the two branches.
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss1.5">1.5 Minimum Requirements</A>
|
|
</H2>
|
|
|
|
<P>
|
|
<UL>
|
|
<LI> x86 computer with CD-ROM</LI>
|
|
<LI> BIOS that supports the eltorito standard(booting from the cdrom).</LI>
|
|
<LI> 32MB RAM(64MB or more recommended)</LI>
|
|
<LI> Easy access to coffee/tea/soda or equivalent stimulant.</LI>
|
|
<LI> Floppy disk drive(optional)</LI>
|
|
</UL>
|
|
<P><BR>
|
|
<H2><A NAME="ss1.6">1.6 Copyrights and Disclaimer</A>
|
|
</H2>
|
|
|
|
<P> The current copyright and disclaimer can be found on the website;
|
|
<A HREF="http://www.SentryFirewall.com/files/COPYRIGHT">http://www.SentryFirewall.com/files/COPYRIGHT</A>. It applies to the Sentry
|
|
Firewall CD, and all the scripts and documentation associated with it.
|
|
<P>
|
|
<P>
|
|
<P><BR>
|
|
<HR>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO-2.html">Next</A>
|
|
Previous
|
|
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc1">Contents</A>
|
|
</BODY>
|
|
</HTML>
|