5. Overview of Available Configuration Directives
5.1 Replacing rc/config files
To replace a file that is supported by the configuration scripts, you may use the following syntax:
filename_directive = /location/of/filename
Where "filename_directive is one of the directives listed below, and the location of the file is often '/floppy/filename'. The file location can also be a URL. The supported prefixed include "http://", "https://", "ftp://", "sftp://", and "scp://".
As previously mentioned, there are at least two Sentry Firewall CD branches with varying names like "SENTRYCD" and "SENTRY-RH". The only difference between these branches is the "host" Linux distribution that is utilized. And since Linux distributions utilize different files during bootup, the accepted directives for the two branches vary. For example, a Slackware system utilizes files such as "rc.S" and "rc.M" to boot into single and multi-user modes. Other Linux distributions, such as Red Hat, utilize different files such as "rc.sysinit" and various files located in /etc/rc.d/init.d/. Therefore, when running a sentrycd-RH system, which is not Slackware based, it would be pointless to have a directive that states the following:
rc.M = /floppy/rc.Msince a non-Slackware system wouldn't know to do with a file called "rc.M". In any case, it is for this reason that the configuration directives vary a bit between branches. The directives that are available can be found in the sentry.conf file in the SENTRY/scripts/cd-config/ directory, or on the website.
The "sysconf_dir" and "xinetd_dir" are unique to the "SENTRYCD-RH" branch. Unlike
the other directives, these are used to replace the files located in the /etc/xinetd.d/
and the /etc/sysconfig/ directories. The /etc/sysconfig/ directory contains most of the
configuration files used by the init scripts(in /etc/rc.d/init.d/) on systems such as
Red Hat systems.
Example:
sysconf_dir = /floppy/sysconfig or sysconf_dir = ftp://123.123.123.123/node1234/sysconfigPlease note that "/floppy/sysconfig" and "/node1234/sysconfig" are directories that contain files you want placed in /etc/sysconfig/. The "xinetd_dir" directive is used in the same way.
NOTE: To replace files not supported by the configuration scripts, use the
'|=' file copy directive discussed below.
5.2 'device' directive support
Set up an ethernet device to use during configuration.
device[#] = [device_name]:[driver_name]:[IP_Address]<|gateway> device[#] = [device_name]:[driver_name]:dhcp<|hostname> NOTE: 1) <hostname> and <gateway> are optional, but sometimes required. 2) Most ethernet devices are supported. If you find one that isn't and you think it should be, please let me know. 3) "device1" to "device10" are supported. Examples: device1 = eth0:tulip:192.168.1.50|192.168.1.1 device2 = eth1:via-rhine:dhcp
5.3 'nameserver' directive
Set up a nameserver to use during configuration.
nameserver = <DNS_IP>
5.4 Proxy Support Directives
Set up a proxy for pulling files via http(s), or ftp.
http_proxy = http://<hostname>/ ftp_proxy = http://<hostname>/ proxy-user = <PROXY_USER> proxy-passwd = <PROXY_PASSWORD>
5.5 Passive FTP Support
Use passive ftp instead of active ftp to retrieve files.
passive-ftp = <on|off> ## Default == off
5.6 'include' directive
Retrieve and parse another 'sentry.conf' file.
include = </location/of/sentry.conf> Or, with network support - include = <ftp|http>://[<user>:<pass>@]<SERVER_IP></path/to/sentry.conf>
5.7 Copying files (|=)
Copy file from one location to the other.
Syntax: source_file |= dest_file, OR dest_file = source_file Example: Copy file /floppy/daemon.conf to /etc/daemon.conf /floppy/daemon.conf |= /etc/daemon.conf or /etc/daemon.conf = /floppy/daemon.conf or /etc/daemon.conf = scp://<user>:<pass>@<server>/config/daemon.confNOTE: http(s)/(s)ftp/scp support is only available with Sentry Firewall CD versions >= 1.3.0.
5.8 Making Symlinks (=>)
Create a symlink
Syntax: dest_file => source_file(where the symlink points to) Example: Make symlink called /etc/somefile.conf that points to /etc/otherfile.conf /etc/somefile.conf => /etc/otherfile.conf
5.9 'cdrom' directive
Defines which device the CDROM is. Most of the time the CDROM is detected and mounted using the /etc/rc.d/rc.cdrom script. But this makes the process less error-prone.
Syntax: cdrom = <DEVICE> Example: cdrom = /dev/hdc
5.10 'cron' directive
Replace a user's crontab file(located in /var/spool/cron/crontabs/).
Syntax: cron:<USERNAME> = </LOCATION/OF/CRONTAB_FILE>
5.11 hostname
Defines the hostname of the local machine. This directive can be used to either point to a file containing the hostname of the local machine, or to define the hostname itself.
Syntax: hostname = </path/to/file> or hostname = MYHOSTNAME
5.12 Other SENTRY-{RH,DEB} Specific Directives
Besides the "xinetd_dir" and "sysconf_dir" directives, mentioned above, there is another directive that is unique to the sentrycd-RH branch.
Start/Stop a Service or Daemon
This directive gives you the ability to start or stop a service at bootup. The syntax looks like the following:
service:[start|stop] = <path/to/service_init_file>For example:
httpd:stop or httpd:start = /floppy/config/httpd
In the above example, we are telling the Sentry Firewall CD to either start or stop the http daemon at bootup. The optional argument "<path/to/service_init_file>" is usually not necessary, but is used to actually replace the startup script located in /etc/rc.d/init.d/, in case you ever wanted to do so.
To get a better idea of how this works, please take a look at the sample "sentry.conf" file located either on the CD or online at http://www.sentryfirewall.com/files/sentrycd-rh-devel/scripts/cd-config/sentry.conf
Next Previous Contents