The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Поиск:  Каталог документации

Next Previous Contents

5. Overview of Available Configuration Directives

5.1 Replacing rc/config files

To replace a file that is supported by the configuration scripts, you may use the following syntax:

     filename_directive = /location/of/filename

Where "filename_directive is one of the directives listed below, and the location of the file is often '/floppy/filename'. The file location can also be a URL. The supported prefixed include "http://", "https://", "ftp://", "sftp://", and "scp://".

As previously mentioned, there are at least two Sentry Firewall CD branches with varying names like "sentrycd" and "sentrycd-RH". The only difference between these branches is the "host" Linux distribution that is utilized. And since Linux distributions utilize different files during bootup, the accepted directives for the two branches vary. For example, a Slackware system utilizes files such as "rc.S" and "rc.M" to boot into single and multi-user modes. Other Linux distributions, such as Red Hat, utilize different files such as "rc.sysinit" and various files located in /etc/rc.d/init.d/. Therefore, when running a sentrycd-RH system, which is not Slackware based, it would be pointless to have a directive that states the following:

rc.M = /floppy/rc.M
Since a non-Slackware system wouldn't know to do with a file called "rc.M". In any case, it is for this reason that the configuration directives vary a bit between branches.


Branch: sentrycd
The following rc/config files are currently supported:

rc.M
rc.netdevice
rc.inet1
rc.inet2
rc.local
rc.modules
rc.firewall
rc.firewall.nat
fstab
passwd
shadow
group
shells
profile
resolv.conf
hosts
ftpusers
hostname
newsyslog.conf
openssl.cnf
syslog.conf
syslog-ng.conf
inetd.conf
modules.conf
proftpd.conf
squid.conf
httpd.conf
smb.conf
snort.conf
pptpd.conf
pppoe.conf
gated.conf
zebra.conf
hosts.equiv
shosts.equiv
ssh_config
sshd_config
ssh_host_key
ssh_host_key.pub
ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub
ssh_known_hosts
ssh_known_hosts2


Branch: sentrycd-RH
The following rc/config files are currently supported:

rc.local
rc.news
rc.firewall
rc.firewall.nat
fstab
ftpusers
group
hosts.equiv
hostname
hosts
openssl.cnf
passwd
profile
resolv.conf
shadow
shells
gated.conf
httpd.conf
named.conf
pppoe.conf
proftpd.conf
pptpd.conf
smb.conf
snort.conf
squid.conf
syslog-ng.conf
syslog.conf
xinetd.conf
zebra.conf
shosts.equiv
ssh_config
sshd_config
ssh_host_key
ssh_host_key.pub
ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub
ssh_known_hosts
ssh_known_hosts2

sysconf_dir **
xinetd_dir **

** The "sysconf_dir" and "xinetd_dir" are unique to the "sentrycd-RH" branch. Unlike the other directives, these are used to replace the files located in the /etc/xinetd.d/ and the /etc/sysconfig/ directories. The /etc/sysconfig/ directory contains most of the configuration files used by the init scripts(in /etc/rc.d/init.d/) on systems such as Red Hat systems.

Example:

   sysconf_dir = /floppy/sysconfig
   or
   sysconf_dir = ftp://123.123.123.123/node1234/sysconfig
Please note that "/floppy/sysconfig" and "/node1234/sysconfig" are directories that contain files you want placed in /etc/sysconfig/. The "xinetd_dir" directive is used in the same way.


NOTE: To replace files not supported by the configuration scripts, use the '|=' file copy directive discussed below.


5.2 'device' directive support

Set up an ethernet device to use during configuration.

     device[#] = [device_name]:[driver_name]:[IP_Address]<|gateway>
     device[#] = [device_name]:[driver_name]:dhcp<|hostname>

     NOTE: 1) <hostname> and <gateway> are optional, but sometimes required.
           2) Most ethernet devices are supported.  If you find one that isn't
              and you think it should be, please let me know.
           3) "device1" to "device10" are supported.

Examples:
     device1 = eth0:tulip:192.168.1.50|192.168.1.1
     device2 = eth1:via-rhine:dhcp


5.3 'nameserver' directive

Set up a nameserver to use during configuration.

     nameserver = <DNS_IP>


5.4 Proxy Support Directives

Set up a proxy for pulling files via http(s), or ftp.

     http_proxy = http://<hostname>/
     ftp_proxy = http://<hostname>/
     proxy-user = <PROXY_USER>
     proxy-passwd = <PROXY_PASSWORD>


5.5 Passive FTP Support

Use passive ftp instead of active ftp to retrieve files.

     passive-ftp = <on|off>  ## Default == off


5.6 'include' directive

Retrieve and parse another 'sentry.conf' file.

     include = </location/of/sentry.conf>

     Or, with network support -

     include = <ftp|http>://[<user>:<pass>@]<SERVER_IP></path/to/sentry.conf>


5.7 Copying files (|=)

Copy file from one location to the other.

     Syntax: source_file |= dest_file, OR
             dest_file = source_file

Example:  Copy file /floppy/daemon.conf to /etc/daemon.conf

          /floppy/daemon.conf |= /etc/daemon.conf
          or
          /etc/daemon.conf = /floppy/daemon.conf
          or
          /etc/daemon.conf = scp://<user>:<pass>@<server>/config/daemon.conf
NOTE: http(s)/(s)ftp/scp support is only available with Sentry Firewall CD versions >= 1.3.0.


5.8 Making Symlinks (=>)

Create a symlink

     Syntax: dest_file => source_file(where the symlink points to)

Example:
     Make symlink called /etc/somefile.conf that points to /etc/otherfile.conf
     /etc/somefile.conf => /etc/otherfile.conf


5.9 'cdrom' directive

Defines which device the CDROM is. Most of the time the CDROM is detected and mounted using the /etc/rc.d/rc.cdrom script. But this makes the process less error-prone.

     Syntax: cdrom = <DEVICE>

Example:
     cdrom = /dev/hdc


5.10 'cron' directive

Replace a user's crontab file(located in /var/spool/cron/crontabs/).

Syntax: cron:<USERNAME> = </LOCATION/OF/CRONTAB_FILE>


5.11 hostname

Defines the hostname of the local machine. This directive can be used to either point to a file containing the hostname of the local machine, or to define the hostname itself.

     Syntax: hostname = </path/to/file>
             or
             hostname = MYHOSTNAME


5.12 Other sentrycd-RH Specific Directives

Besides the "xinetd_dir" and "sysconf_dir" directives, mentioned above, there is another directive that is unique to the sentrycd-RH branch.


Start/Stop a Service or Daemon

This directive gives you the ability to start or stop a service at bootup. The syntax looks like the following:

     service:[start|stop] = <path/to/service_init_file>
For example:
     httpd:stop
     or
     httpd:start = /floppy/config/httpd

In the above example, we are telling the Sentry Firewall CD to either start or stop the http daemon at bootup. The optional argument "<path/to/service_init_file>" is usually not necessary, but is used to actually replace the startup script located in /etc/rc.d/init.d/, in case you ever wanted to do so.

To get a better idea of how this works, please take a look at the sample "sentry.conf" file located either on the CD or online at http://www.SentryFirewall.com/files/scripts/cd-config/sentrycd-rh/sentry.conf



Next Previous Contents


Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру