Партнёры:
Хостинг:
To replace a file that is supported by the configuration scripts, you may use the following syntax:
filename_directive = /location/of/filename
Where "filename_directive is one of the directives listed below, and the location of the file is often '/floppy/filename'. The file location can also be a URL. The supported prefixed include "http://", "https://", "ftp://", "sftp://", and "scp://".
As previously mentioned, there are at least two Sentry Firewall CD branches with varying names like "sentrycd" and "sentrycd-RH". The only difference between these branches is the "host" Linux distribution that is utilized. And since Linux distributions utilize different files during bootup, the accepted directives for the two branches vary. For example, a Slackware system utilizes files such as "rc.S" and "rc.M" to boot into single and multi-user modes. Other Linux distributions, such as Red Hat, utilize different files such as "rc.sysinit" and various files located in /etc/rc.d/init.d/. Therefore, when running a sentrycd-RH system, which is not Slackware based, it would be pointless to have a directive that states the following:
rc.M = /floppy/rc.MSince a non-Slackware system wouldn't know to do with a file called "rc.M". In any case, it is for this reason that the configuration directives vary a bit between branches.
Branch: sentrycd
The following rc/config files are currently supported:
rc.M
rc.netdevice
rc.inet1
rc.inet2
rc.local
rc.modules
rc.firewall
rc.firewall.nat
fstab
passwd
shadow
group
shells
profile
resolv.conf
hosts
ftpusers
hostname
newsyslog.conf
openssl.cnf
syslog.conf
syslog-ng.conf
inetd.conf
modules.conf
proftpd.conf
squid.conf
httpd.conf
smb.conf
snort.conf
pptpd.conf
pppoe.conf
gated.conf
zebra.conf
hosts.equiv
shosts.equiv
ssh_config
sshd_config
ssh_host_key
ssh_host_key.pub
ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub
ssh_known_hosts
ssh_known_hosts2
Branch: sentrycd-RH
The following rc/config files are currently supported:
rc.local
rc.news
rc.firewall
rc.firewall.nat
fstab
ftpusers
group
hosts.equiv
hostname
hosts
openssl.cnf
passwd
profile
resolv.conf
shadow
shells
gated.conf
httpd.conf
named.conf
pppoe.conf
proftpd.conf
pptpd.conf
smb.conf
snort.conf
squid.conf
syslog-ng.conf
syslog.conf
xinetd.conf
zebra.conf
shosts.equiv
ssh_config
sshd_config
ssh_host_key
ssh_host_key.pub
ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub
ssh_known_hosts
ssh_known_hosts2
sysconf_dir **
xinetd_dir **
** The "sysconf_dir" and "xinetd_dir" are unique to the "sentrycd-RH" branch. Unlike the other directives, these are used to replace the files located in the /etc/xinetd.d/ and the /etc/sysconfig/ directories. The /etc/sysconfig/ directory contains most of the configuration files used by the init scripts(in /etc/rc.d/init.d/) on systems such as Red Hat systems.
Example:
sysconf_dir = /floppy/sysconfig or sysconf_dir = ftp://123.123.123.123/node1234/sysconfigPlease note that "/floppy/sysconfig" and "/node1234/sysconfig" are directories that contain files you want placed in /etc/sysconfig/. The "xinetd_dir" directive is used in the same way.
NOTE: To replace files not supported by the configuration scripts, use the
'|=' file copy directive discussed below.
Set up an ethernet device to use during configuration.
device[#] = [device_name]:[driver_name]:[IP_Address]<|gateway>
device[#] = [device_name]:[driver_name]:dhcp<|hostname>
NOTE: 1) <hostname> and <gateway> are optional, but sometimes required.
2) Most ethernet devices are supported. If you find one that isn't
and you think it should be, please let me know.
3) "device1" to "device10" are supported.
Examples:
device1 = eth0:tulip:192.168.1.50|192.168.1.1
device2 = eth1:via-rhine:dhcp
Set up a nameserver to use during configuration.
nameserver = <DNS_IP>
Set up a proxy for pulling files via http(s), or ftp.
http_proxy = http://<hostname>/
ftp_proxy = http://<hostname>/
proxy-user = <PROXY_USER>
proxy-passwd = <PROXY_PASSWORD>
Use passive ftp instead of active ftp to retrieve files.
passive-ftp = <on|off> ## Default == off
Retrieve and parse another 'sentry.conf' file.
include = </location/of/sentry.conf>
Or, with network support -
include = <ftp|http>://[<user>:<pass>@]<SERVER_IP></path/to/sentry.conf>
Copy file from one location to the other.
Syntax: source_file |= dest_file, OR
dest_file = source_file
Example: Copy file /floppy/daemon.conf to /etc/daemon.conf
/floppy/daemon.conf |= /etc/daemon.conf
or
/etc/daemon.conf = /floppy/daemon.conf
or
/etc/daemon.conf = scp://<user>:<pass>@<server>/config/daemon.conf
NOTE: http(s)/(s)ftp/scp support is only available with Sentry Firewall CD
versions >= 1.3.0.
Create a symlink
Syntax: dest_file => source_file(where the symlink points to)
Example:
Make symlink called /etc/somefile.conf that points to /etc/otherfile.conf
/etc/somefile.conf => /etc/otherfile.conf
Defines which device the CDROM is. Most of the time the CDROM is detected and mounted using the /etc/rc.d/rc.cdrom script. But this makes the process less error-prone.
Syntax: cdrom = <DEVICE>
Example:
cdrom = /dev/hdc
Replace a user's crontab file(located in /var/spool/cron/crontabs/).
Syntax: cron:<USERNAME> = </LOCATION/OF/CRONTAB_FILE>
Defines the hostname of the local machine. This directive can be used to either point to a file containing the hostname of the local machine, or to define the hostname itself.
Syntax: hostname = </path/to/file>
or
hostname = MYHOSTNAME
Besides the "xinetd_dir" and "sysconf_dir" directives, mentioned above, there is another directive that is unique to the sentrycd-RH branch.
This directive gives you the ability to start or stop a service at bootup. The syntax looks like the following:
service:[start|stop] = <path/to/service_init_file>
For example:
httpd:stop
or
httpd:start = /floppy/config/httpd
In the above example, we are telling the Sentry Firewall CD to either start or stop the http daemon at bootup. The optional argument "<path/to/service_init_file>" is usually not necessary, but is used to actually replace the startup script located in /etc/rc.d/init.d/, in case you ever wanted to do so.
To get a better idea of how this works, please take a look at the sample "sentry.conf" file located either on the CD or online at http://www.SentryFirewall.com/files/scripts/cd-config/sentrycd-rh/sentry.conf
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |