243 lines
7.7 KiB
HTML
243 lines
7.7 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Sentry Firewall CD HOWTO: Overview of Available Configuration Directives</TITLE>
|
|
<LINK HREF="Sentry-Firewall-CD-HOWTO-6.html" REL=next>
|
|
<LINK HREF="Sentry-Firewall-CD-HOWTO-4.html" REL=previous>
|
|
<LINK HREF="Sentry-Firewall-CD-HOWTO.html#toc5" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO-6.html">Next</A>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO-4.html">Previous</A>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc5">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s5">5. Overview of Available Configuration Directives</A></H2>
|
|
|
|
<H2><A NAME="ss5.1">5.1 Replacing rc/config files</A>
|
|
</H2>
|
|
|
|
<P> To replace a file that is supported by the configuration scripts, you may
|
|
use the following syntax:
|
|
<PRE>
|
|
filename_directive = /location/of/filename
|
|
</PRE>
|
|
<P>Where "filename_directive is one of the directives listed below, and the location
|
|
of the file is often '/floppy/filename'. The file location can also be a URL.
|
|
The supported prefixed include "http://", "https://", "ftp://", "sftp://", and "scp://".
|
|
<P>As previously mentioned, there are at least two Sentry Firewall CD branches with varying
|
|
names like "SENTRYCD" and "SENTRY-RH". The only difference between these branches is
|
|
the "host" Linux distribution that is utilized. And since Linux distributions utilize
|
|
different files during bootup, the accepted directives for the two branches vary. For example,
|
|
a Slackware system utilizes files such as "rc.S" and "rc.M" to boot into single and multi-user
|
|
modes. Other Linux distributions, such as Red Hat, utilize different files such as
|
|
"rc.sysinit" and various files located in /etc/rc.d/init.d/. Therefore, when running
|
|
a sentrycd-RH system, which is not Slackware based, it would be pointless to have a
|
|
directive that states the following:
|
|
<PRE>
|
|
rc.M = /floppy/rc.M
|
|
</PRE>
|
|
|
|
since a non-Slackware system wouldn't know to do with a file called "rc.M". In any case, it
|
|
is for this reason that the configuration directives vary a bit between branches. The
|
|
directives that are available can be found in the sentry.conf file in the SENTRY/scripts/cd-config/
|
|
directory, or on the website.
|
|
<P><BR>The "sysconf_dir" and "xinetd_dir" are unique to the "SENTRYCD-RH" branch. Unlike
|
|
the other directives, these are used to replace the files located in the /etc/xinetd.d/
|
|
and the /etc/sysconfig/ directories. The /etc/sysconfig/ directory contains most of the
|
|
configuration files used by the init scripts(in /etc/rc.d/init.d/) on systems such as
|
|
Red Hat systems.
|
|
<P>Example:
|
|
<PRE>
|
|
sysconf_dir = /floppy/sysconfig
|
|
or
|
|
sysconf_dir = ftp://123.123.123.123/node1234/sysconfig
|
|
</PRE>
|
|
|
|
Please note that "/floppy/sysconfig" and "/node1234/sysconfig" are <I>directories</I>
|
|
that contain files you want placed in /etc/sysconfig/. The "xinetd_dir" directive is
|
|
used in the same way.
|
|
<P>
|
|
<P><BR><B>NOTE:</B> To replace files not supported by the configuration scripts, use the
|
|
'|=' file copy directive discussed below.
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.2">5.2 'device' directive support</A>
|
|
</H2>
|
|
|
|
<P> Set up an ethernet device to use during configuration.
|
|
<P>
|
|
<PRE>
|
|
device[#] = [device_name]:[driver_name]:[IP_Address]<|gateway>
|
|
device[#] = [device_name]:[driver_name]:dhcp<|hostname>
|
|
|
|
NOTE: 1) <hostname> and <gateway> are optional, but sometimes required.
|
|
2) Most ethernet devices are supported. If you find one that isn't
|
|
and you think it should be, please let me know.
|
|
3) "device1" to "device10" are supported.
|
|
|
|
Examples:
|
|
device1 = eth0:tulip:192.168.1.50|192.168.1.1
|
|
device2 = eth1:via-rhine:dhcp
|
|
</PRE>
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.3">5.3 'nameserver' directive</A>
|
|
</H2>
|
|
|
|
<P> Set up a nameserver to use during configuration.
|
|
<P>
|
|
<PRE>
|
|
nameserver = <DNS_IP>
|
|
</PRE>
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.4">5.4 Proxy Support Directives</A>
|
|
</H2>
|
|
|
|
<P> Set up a proxy for pulling files via http(s), or ftp.
|
|
<PRE>
|
|
http_proxy = http://<hostname>/
|
|
ftp_proxy = http://<hostname>/
|
|
proxy-user = <PROXY_USER>
|
|
proxy-passwd = <PROXY_PASSWORD>
|
|
</PRE>
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.5">5.5 Passive FTP Support</A>
|
|
</H2>
|
|
|
|
<P> Use passive ftp instead of active ftp to retrieve files.
|
|
<PRE>
|
|
passive-ftp = <on|off> ## Default == off
|
|
</PRE>
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.6">5.6 'include' directive</A>
|
|
</H2>
|
|
|
|
<P> Retrieve and parse another 'sentry.conf' file.
|
|
<P>
|
|
<PRE>
|
|
include = </location/of/sentry.conf>
|
|
|
|
Or, with network support -
|
|
|
|
include = <ftp|http>://[<user>:<pass>@]<SERVER_IP></path/to/sentry.conf>
|
|
</PRE>
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.7">5.7 Copying files (|=)</A>
|
|
</H2>
|
|
|
|
<P> Copy file from one location to the other.
|
|
<P>
|
|
<PRE>
|
|
Syntax: source_file |= dest_file, OR
|
|
dest_file = source_file
|
|
|
|
Example: Copy file /floppy/daemon.conf to /etc/daemon.conf
|
|
|
|
/floppy/daemon.conf |= /etc/daemon.conf
|
|
or
|
|
/etc/daemon.conf = /floppy/daemon.conf
|
|
or
|
|
/etc/daemon.conf = scp://<user>:<pass>@<server>/config/daemon.conf
|
|
</PRE>
|
|
|
|
<B>NOTE:</B> http(s)/(s)ftp/scp support is only available with Sentry Firewall CD
|
|
versions >= 1.3.0.
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.8">5.8 Making Symlinks (=>)</A>
|
|
</H2>
|
|
|
|
<P> Create a symlink
|
|
<P>
|
|
<PRE>
|
|
Syntax: dest_file => source_file(where the symlink points to)
|
|
|
|
Example:
|
|
Make symlink called /etc/somefile.conf that points to /etc/otherfile.conf
|
|
/etc/somefile.conf => /etc/otherfile.conf
|
|
</PRE>
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.9">5.9 'cdrom' directive</A>
|
|
</H2>
|
|
|
|
<P> Defines which device the CDROM is. Most of the time the CDROM is detected
|
|
and mounted using the /etc/rc.d/rc.cdrom script. But this makes the process
|
|
less error-prone.
|
|
<P>
|
|
<PRE>
|
|
Syntax: cdrom = <DEVICE>
|
|
|
|
Example:
|
|
cdrom = /dev/hdc
|
|
</PRE>
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.10">5.10 'cron' directive</A>
|
|
</H2>
|
|
|
|
<P> Replace a user's crontab file(located in /var/spool/cron/crontabs/).
|
|
<P>
|
|
<PRE>
|
|
Syntax: cron:<USERNAME> = </LOCATION/OF/CRONTAB_FILE>
|
|
</PRE>
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.11">5.11 hostname</A>
|
|
</H2>
|
|
|
|
<P> Defines the hostname of the local machine. This directive can be used to
|
|
either point to a file containing the hostname of the local machine, or to
|
|
define the hostname itself.
|
|
<P>
|
|
<PRE>
|
|
Syntax: hostname = </path/to/file>
|
|
or
|
|
hostname = MYHOSTNAME
|
|
</PRE>
|
|
<P>
|
|
<P><BR>
|
|
<H2><A NAME="ss5.12">5.12 Other SENTRY-{RH,DEB} Specific Directives</A>
|
|
</H2>
|
|
|
|
<P> Besides the "xinetd_dir" and "sysconf_dir" directives, mentioned above,
|
|
there is another directive that is unique to the sentrycd-RH branch.
|
|
<P><BR>
|
|
<H3>Start/Stop a Service or Daemon</H3>
|
|
|
|
<P> This directive gives you the ability to start or stop a service at bootup.
|
|
The syntax looks like the following:
|
|
<P>
|
|
<PRE>
|
|
service:[start|stop] = <path/to/service_init_file>
|
|
</PRE>
|
|
|
|
For example:
|
|
<PRE>
|
|
httpd:stop
|
|
or
|
|
httpd:start = /floppy/config/httpd
|
|
</PRE>
|
|
<P>In the above example, we are telling the Sentry Firewall CD to either start or stop
|
|
the http daemon at bootup. The optional argument "<path/to/service_init_file>" is
|
|
usually not necessary, but is used to actually replace the startup script located in
|
|
/etc/rc.d/init.d/, in case you ever wanted to do so.
|
|
<P>To get a better idea of how this works, please take a look at the sample "sentry.conf"
|
|
file located either on the CD or online at
|
|
<A HREF="http://www.sentryfirewall.com/files/sentrycd-rh-devel/scripts/cd-config/sentry.conf">http://www.sentryfirewall.com/files/sentrycd-rh-devel/scripts/cd-config/sentry.conf</A><P>
|
|
<P>
|
|
<P>
|
|
<P>
|
|
<P><BR>
|
|
<HR>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO-6.html">Next</A>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO-4.html">Previous</A>
|
|
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc5">Contents</A>
|
|
</BODY>
|
|
</HTML>
|