87 lines
4.2 KiB
HTML
87 lines
4.2 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Sentry Firewall CD HOWTO: How the CD Works (Overview)</TITLE>
|
|
<LINK HREF="Sentry-Firewall-CD-HOWTO-3.html" REL=next>
|
|
<LINK HREF="Sentry-Firewall-CD-HOWTO-1.html" REL=previous>
|
|
<LINK HREF="Sentry-Firewall-CD-HOWTO.html#toc2" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO-3.html">Next</A>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO-1.html">Previous</A>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc2">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s2">2. How the CD Works (Overview)</A></H2>
|
|
|
|
<P> This section is just an overview to explain how the Sentry Firewall CD works,
|
|
that is, from the process of loading the kernel to running the Sentry Firewall
|
|
CD configuration scripts located on the RAMDisk.
|
|
<P><BR>
|
|
<H2><A NAME="ss2.1">2.1 The Boot Process</A>
|
|
</H2>
|
|
|
|
<P> Booting from the CDROM is a fairly familiar process. The BIOS execs the
|
|
bootloader(Syslinux) - which then displays a bootprompt and loads the kernel and
|
|
ramdisk into memory. Once the kernel is running, the ramdisk is then mounted as
|
|
root(/).
|
|
<P>An obvious necessity for deploying CDROM based systems is the ability to
|
|
dynamically configure the system for various environments with different
|
|
configurations, which is what a good majority of this project is dedicated to
|
|
building. A simple way to do this is to give the user the ability to customize
|
|
the startup scripts located in /etc/rc.d before they are actually used, as well
|
|
as the ability to customize other important system configuration files.
|
|
<P>At boot time, the /etc and /etc/rc.d directories are nearly empty. On a
|
|
Slackware system the first rc file to run is /etc/rc.d/rc.S - and it is from
|
|
this file where we run the configuration scripts that look for a configuration
|
|
file(sentry.conf), and place the proper configuration and system files in /etc
|
|
and various subdirectories under /etc. On other Linux systems, such as RedHat,
|
|
the configuration scripts would be run from rc.sysinit. If there is not a
|
|
configuration directive for a specific file, or if a configuration file cannot be
|
|
found, then the default system files are used - which are located in /etc/default/*
|
|
on the ramdisk.
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss2.2">2.2 ISOLINUX</A>
|
|
</H2>
|
|
|
|
<P> Early versions of the Sentry Firewall CD utilized the 2.88MB floppy
|
|
emulation method, along with either lilo or syslinux to boot the kernel and load
|
|
the ramdisk. This method proved very limiting for two reasons; A) the total
|
|
size of the compressed ramdisk AND kernel was limited to 2.88MB, and B) it was
|
|
quite slow compared to the current method.
|
|
<P>The Sentry Firewall CD is currently utilizing the isolinux.bin boot record
|
|
with no emulation in order to properly boot the CDs. This allows us to use a
|
|
much larger ramdisk and offer a choice of several kernels to boot at boot time.
|
|
<P>More information about syslinux can be found at
|
|
<A HREF="http://syslinux.zytor.com/">syslinux.zytor.com</A>.
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss2.3">2.3 The CD Configuration Scripts</A>
|
|
</H2>
|
|
|
|
<P> As previously mentioned, our configuration scripts which reside in
|
|
/etc/rc.d/SENTRY/ on the ramdisk are generally run from an rc script in /etc/rc.d/.
|
|
The first script to run is called 'cd-config.pl', which is essentially the mainline
|
|
for the entire program. The other scripts that are used are called 'get_config.pl',
|
|
'process_conf.pl', 'do_config.pl' and 'networking.pl'. These scripts were written
|
|
specifically for this project, and are essentially the mainstay of the entire
|
|
configuration process.
|
|
<P>In depth review of these scripts is a little beyond the scope of this
|
|
document, but is covered a bit in the file called 'DOCUMENTATION' available on
|
|
the website (
|
|
<A HREF="http://www.SentryFirewall.com/">http://www.SentryFirewall.com/</A>). The files are written
|
|
in perl, and do several important things; read in and parse the configuration
|
|
file(sentry.conf), locate and retrieve the important files detailed in the
|
|
sentry.conf file, and replace the system default files with the ones the user
|
|
has defined in the configuration file.
|
|
<P>
|
|
<P>
|
|
<P><BR>
|
|
<HR>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO-3.html">Next</A>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO-1.html">Previous</A>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc2">Contents</A>
|
|
</BODY>
|
|
</HTML>
|