LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Sentry-Firewall-CD-HOWTO-5....

243 lines
7.7 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Sentry Firewall CD HOWTO: Overview of Available Configuration Directives</TITLE>
<LINK HREF="Sentry-Firewall-CD-HOWTO-6.html" REL=next>
<LINK HREF="Sentry-Firewall-CD-HOWTO-4.html" REL=previous>
<LINK HREF="Sentry-Firewall-CD-HOWTO.html#toc5" REL=contents>
</HEAD>
<BODY>
<A HREF="Sentry-Firewall-CD-HOWTO-6.html">Next</A>
<A HREF="Sentry-Firewall-CD-HOWTO-4.html">Previous</A>
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc5">Contents</A>
<HR>
<H2><A NAME="s5">5. Overview of Available Configuration Directives</A></H2>
<H2><A NAME="ss5.1">5.1 Replacing rc/config files</A>
</H2>
<P> To replace a file that is supported by the configuration scripts, you may
use the following syntax:
<PRE>
filename_directive = /location/of/filename
</PRE>
<P>Where "filename_directive is one of the directives listed below, and the location
of the file is often '/floppy/filename'. The file location can also be a URL.
The supported prefixed include "http://", "https://", "ftp://", "sftp://", and "scp://".
<P>As previously mentioned, there are at least two Sentry Firewall CD branches with varying
names like "SENTRYCD" and "SENTRY-RH". The only difference between these branches is
the "host" Linux distribution that is utilized. And since Linux distributions utilize
different files during bootup, the accepted directives for the two branches vary. For example,
a Slackware system utilizes files such as "rc.S" and "rc.M" to boot into single and multi-user
modes. Other Linux distributions, such as Red Hat, utilize different files such as
"rc.sysinit" and various files located in /etc/rc.d/init.d/. Therefore, when running
a sentrycd-RH system, which is not Slackware based, it would be pointless to have a
directive that states the following:
<PRE>
rc.M = /floppy/rc.M
</PRE>
since a non-Slackware system wouldn't know to do with a file called "rc.M". In any case, it
is for this reason that the configuration directives vary a bit between branches. The
directives that are available can be found in the sentry.conf file in the SENTRY/scripts/cd-config/
directory, or on the website.
<P><BR>The "sysconf_dir" and "xinetd_dir" are unique to the "SENTRYCD-RH" branch. Unlike
the other directives, these are used to replace the files located in the /etc/xinetd.d/
and the /etc/sysconfig/ directories. The /etc/sysconfig/ directory contains most of the
configuration files used by the init scripts(in /etc/rc.d/init.d/) on systems such as
Red Hat systems.
<P>Example:
<PRE>
sysconf_dir = /floppy/sysconfig
or
sysconf_dir = ftp://123.123.123.123/node1234/sysconfig
</PRE>
Please note that "/floppy/sysconfig" and "/node1234/sysconfig" are <I>directories</I>
that contain files you want placed in /etc/sysconfig/. The "xinetd_dir" directive is
used in the same way.
<P>
<P><BR><B>NOTE:</B> To replace files not supported by the configuration scripts, use the
'|=' file copy directive discussed below.
<P>
<P><BR>
<H2><A NAME="ss5.2">5.2 'device' directive support</A>
</H2>
<P> Set up an ethernet device to use during configuration.
<P>
<PRE>
device[#] = [device_name]:[driver_name]:[IP_Address]&lt;|gateway>
device[#] = [device_name]:[driver_name]:dhcp&lt;|hostname>
NOTE: 1) &lt;hostname&gt; and &lt;gateway&gt; are optional, but sometimes required.
2) Most ethernet devices are supported. If you find one that isn't
and you think it should be, please let me know.
3) "device1" to "device10" are supported.
Examples:
device1 = eth0:tulip:192.168.1.50|192.168.1.1
device2 = eth1:via-rhine:dhcp
</PRE>
<P>
<P><BR>
<H2><A NAME="ss5.3">5.3 'nameserver' directive</A>
</H2>
<P> Set up a nameserver to use during configuration.
<P>
<PRE>
nameserver = &lt;DNS_IP&gt;
</PRE>
<P>
<P><BR>
<H2><A NAME="ss5.4">5.4 Proxy Support Directives</A>
</H2>
<P> Set up a proxy for pulling files via http(s), or ftp.
<PRE>
http_proxy = http://&lt;hostname&gt;/
ftp_proxy = http://&lt;hostname&gt;/
proxy-user = &lt;PROXY_USER&gt;
proxy-passwd = &lt;PROXY_PASSWORD&gt;
</PRE>
<P>
<P><BR>
<H2><A NAME="ss5.5">5.5 Passive FTP Support</A>
</H2>
<P> Use passive ftp instead of active ftp to retrieve files.
<PRE>
passive-ftp = &lt;on|off> ## Default == off
</PRE>
<P>
<P><BR>
<H2><A NAME="ss5.6">5.6 'include' directive</A>
</H2>
<P> Retrieve and parse another 'sentry.conf' file.
<P>
<PRE>
include = &lt;/location/of/sentry.conf&gt;
Or, with network support -
include = &lt;ftp|http&gt;://[&lt;user&gt;:&lt;pass&gt;@]&lt;SERVER_IP&gt;&lt;/path/to/sentry.conf&gt;
</PRE>
<P>
<P><BR>
<H2><A NAME="ss5.7">5.7 Copying files (|=)</A>
</H2>
<P> Copy file from one location to the other.
<P>
<PRE>
Syntax: source_file |= dest_file, OR
dest_file = source_file
Example: Copy file /floppy/daemon.conf to /etc/daemon.conf
/floppy/daemon.conf |= /etc/daemon.conf
or
/etc/daemon.conf = /floppy/daemon.conf
or
/etc/daemon.conf = scp://&lt;user>:&lt;pass>@&lt;server>/config/daemon.conf
</PRE>
<B>NOTE:</B> http(s)/(s)ftp/scp support is only available with Sentry Firewall CD
versions >= 1.3.0.
<P>
<P><BR>
<H2><A NAME="ss5.8">5.8 Making Symlinks (=>)</A>
</H2>
<P> Create a symlink
<P>
<PRE>
Syntax: dest_file => source_file(where the symlink points to)
Example:
Make symlink called /etc/somefile.conf that points to /etc/otherfile.conf
/etc/somefile.conf => /etc/otherfile.conf
</PRE>
<P>
<P><BR>
<H2><A NAME="ss5.9">5.9 'cdrom' directive</A>
</H2>
<P> Defines which device the CDROM is. Most of the time the CDROM is detected
and mounted using the /etc/rc.d/rc.cdrom script. But this makes the process
less error-prone.
<P>
<PRE>
Syntax: cdrom = &lt;DEVICE&gt;
Example:
cdrom = /dev/hdc
</PRE>
<P>
<P><BR>
<H2><A NAME="ss5.10">5.10 'cron' directive</A>
</H2>
<P> Replace a user's crontab file(located in /var/spool/cron/crontabs/).
<P>
<PRE>
Syntax: cron:&lt;USERNAME&gt; = &lt;/LOCATION/OF/CRONTAB_FILE&gt;
</PRE>
<P>
<P><BR>
<H2><A NAME="ss5.11">5.11 hostname</A>
</H2>
<P> Defines the hostname of the local machine. This directive can be used to
either point to a file containing the hostname of the local machine, or to
define the hostname itself.
<P>
<PRE>
Syntax: hostname = &lt;/path/to/file&gt;
or
hostname = MYHOSTNAME
</PRE>
<P>
<P><BR>
<H2><A NAME="ss5.12">5.12 Other SENTRY-{RH,DEB} Specific Directives</A>
</H2>
<P> Besides the "xinetd_dir" and "sysconf_dir" directives, mentioned above,
there is another directive that is unique to the sentrycd-RH branch.
<P><BR>
<H3>Start/Stop a Service or Daemon</H3>
<P> This directive gives you the ability to start or stop a service at bootup.
The syntax looks like the following:
<P>
<PRE>
service:[start|stop] = &lt;path/to/service_init_file&gt;
</PRE>
For example:
<PRE>
httpd:stop
or
httpd:start = /floppy/config/httpd
</PRE>
<P>In the above example, we are telling the Sentry Firewall CD to either start or stop
the http daemon at bootup. The optional argument "&lt;path/to/service_init_file&gt;" is
usually not necessary, but is used to actually replace the startup script located in
/etc/rc.d/init.d/, in case you ever wanted to do so.
<P>To get a better idea of how this works, please take a look at the sample "sentry.conf"
file located either on the CD or online at
<A HREF="http://www.sentryfirewall.com/files/sentrycd-rh-devel/scripts/cd-config/sentry.conf">http://www.sentryfirewall.com/files/sentrycd-rh-devel/scripts/cd-config/sentry.conf</A><P>
<P>
<P>
<P>
<P><BR>
<HR>
<A HREF="Sentry-Firewall-CD-HOWTO-6.html">Next</A>
<A HREF="Sentry-Firewall-CD-HOWTO-4.html">Previous</A>
<A HREF="Sentry-Firewall-CD-HOWTO.html#toc5">Contents</A>
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink