This is the long-overdue Sentry Firewall CDROM howto. I hope this document helps get you started using the Sentry Firewall CD and answers any questions you might have regarding how the system works. The most current version of this howto can be obtained at the following URL: http://www.SentryFirewall.com/files/howto/.
If you would like to add anything to this document, or if you have any questions or comments please feel free to email me, Obsid@Sentry.net.
The Sentry Firewall CD is a Linux-based bootable CDROM suitable for use in a variety of different operating environments. The system is designed to be configured dynamically via a floppy disk or over a network. This allows one to configure the system dynamically, eventho much of the actual system is on read-only(CDROM) media.
There are several advantages of using a CDROM based system in various security related environments. The main system is centered around the ramdisk; a compressed file system image which is loaded into RAM at boot time. Any changes to the ramdisk image are temporary, and will be undone upon the next reboot. Furthermore, the ramdisk, kernel, binaries, etc, related to the operating system are kept on read-only media(CDROM). This means that if the security of a box running a CDROM based system is ever compromised the attacker can at best own the box until the next reboot. So there is no real threat of having to go through the tedious task of rebuilding and hardening the system after a successful attack is discovered.
At the moment, there are at least a couple variations of the Sentry Firewall CD that are based on various Linux distributions. You should first choose the Linux distribution you are most familiar with. More information on the different types can be found on the web site - http://www.SentryFirewall.com/.
Basically, the Sentry Firewall CD is meant to be configured no more easily than a normal Slackware or Redhat or whatever Linux system. There are no GUIs, no scripts to do it for you. The idea behind the configuration of the CD is that you are able to reconfigure the system by replacing the startup scripts and the various system and configuration files present on the system at boot time. Most of these are simply text files and shell scripts that you need to edit by hand in order to be configured properly. There are, however, usually plenty of resources available to assist you in configuring a specific service or daemon(HOWTOs on linux.org, for example).
First, let me explain briefly about how the Sentry Firewall CD works. Basically, there is the "host" system, a Linux system that is based on one of several Linux distributions. Then there are the configuration scripts, written in perl, that run after the kernel boots and help configure the system on the fly. In general, it is possible to create a Sentry Firewall CD system based on nearly any Linux distribution while only modifying one of the five perl scripts.
So, to answer your question, "sentrycd-RH" is based on a different Linux distribution than the original branch "sentrycd". Since I'm a Slackware fan, I used that distribution as the foundation for the original Sentry Firewall CD(the sentrycd branch). It has always been my desire to utilize other Linux distributions for this project, which is why I created the sentrycd-RH branch.
In any case, all the basic functionality is present in both versions. But since different Linux distributions are configured differently, using different rc files or files in /etc/sysconfig for example, some of the configuration directives(explained below) will vary between the two branches.
You may be asking yourself, "then what Linux distro is the sentrycd-RH branch based on?" Well, since I'm not about to violate any current trademark guidlines, I'll leave that as an exercise to the reader. Of course, you can always download the ISO and find out for yourself :-)
The current copyright and disclaimer can be found on the website; http://www.SentryFirewall.com/files/COPYRIGHT. It applies to the Sentry Firewall CD, and all the scripts and documentation associated with it.
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |