LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Sentry-Firewall-CD-HOWTO-2....

87 lines
4.2 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Sentry Firewall CD HOWTO: How the CD Works (Overview)</TITLE>
<LINK HREF="Sentry-Firewall-CD-HOWTO-3.html" REL=next>
<LINK HREF="Sentry-Firewall-CD-HOWTO-1.html" REL=previous>
<LINK HREF="Sentry-Firewall-CD-HOWTO.html#toc2" REL=contents>
</HEAD>
<BODY>
<A HREF="Sentry-Firewall-CD-HOWTO-3.html">Next</A>
<A HREF="Sentry-Firewall-CD-HOWTO-1.html">Previous</A>
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc2">Contents</A>
<HR>
<H2><A NAME="s2">2. How the CD Works (Overview)</A></H2>
<P> This section is just an overview to explain how the Sentry Firewall CD works,
that is, from the process of loading the kernel to running the Sentry Firewall
CD configuration scripts located on the RAMDisk.
<P><BR>
<H2><A NAME="ss2.1">2.1 The Boot Process</A>
</H2>
<P> Booting from the CDROM is a fairly familiar process. The BIOS execs the
bootloader(Syslinux) - which then displays a bootprompt and loads the kernel and
ramdisk into memory. Once the kernel is running, the ramdisk is then mounted as
root(/).
<P>An obvious necessity for deploying CDROM based systems is the ability to
dynamically configure the system for various environments with different
configurations, which is what a good majority of this project is dedicated to
building. A simple way to do this is to give the user the ability to customize
the startup scripts located in /etc/rc.d before they are actually used, as well
as the ability to customize other important system configuration files.
<P>At boot time, the /etc and /etc/rc.d directories are nearly empty. On a
Slackware system the first rc file to run is /etc/rc.d/rc.S - and it is from
this file where we run the configuration scripts that look for a configuration
file(sentry.conf), and place the proper configuration and system files in /etc
and various subdirectories under /etc. On other Linux systems, such as RedHat,
the configuration scripts would be run from rc.sysinit. If there is not a
configuration directive for a specific file, or if a configuration file cannot be
found, then the default system files are used - which are located in /etc/default/*
on the ramdisk.
<P>
<P><BR>
<H2><A NAME="ss2.2">2.2 ISOLINUX</A>
</H2>
<P> Early versions of the Sentry Firewall CD utilized the 2.88MB floppy
emulation method, along with either lilo or syslinux to boot the kernel and load
the ramdisk. This method proved very limiting for two reasons; A) the total
size of the compressed ramdisk AND kernel was limited to 2.88MB, and B) it was
quite slow compared to the current method.
<P>The Sentry Firewall CD is currently utilizing the isolinux.bin boot record
with no emulation in order to properly boot the CDs. This allows us to use a
much larger ramdisk and offer a choice of several kernels to boot at boot time.
<P>More information about syslinux can be found at
<A HREF="http://syslinux.zytor.com/">syslinux.zytor.com</A>.
<P>
<P><BR>
<H2><A NAME="ss2.3">2.3 The CD Configuration Scripts</A>
</H2>
<P> As previously mentioned, our configuration scripts which reside in
/etc/rc.d/SENTRY/ on the ramdisk are generally run from an rc script in /etc/rc.d/.
The first script to run is called 'cd-config.pl', which is essentially the mainline
for the entire program. The other scripts that are used are called 'get_config.pl',
'process_conf.pl', 'do_config.pl' and 'networking.pl'. These scripts were written
specifically for this project, and are essentially the mainstay of the entire
configuration process.
<P>In depth review of these scripts is a little beyond the scope of this
document, but is covered a bit in the file called 'DOCUMENTATION' available on
the website (
<A HREF="http://www.SentryFirewall.com/">http://www.SentryFirewall.com/</A>). The files are written
in perl, and do several important things; read in and parse the configuration
file(sentry.conf), locate and retrieve the important files detailed in the
sentry.conf file, and replace the system default files with the ones the user
has defined in the configuration file.
<P>
<P>
<P><BR>
<HR>
<A HREF="Sentry-Firewall-CD-HOWTO-3.html">Next</A>
<A HREF="Sentry-Firewall-CD-HOWTO-1.html">Previous</A>
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc2">Contents</A>
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink