8. Building a Custom Sentry CD
8.1 Introduction
This section will attempt to describe how to create a custom Sentry Firewall CDROM. Unfortunately, I do not have time to go into every detail. But at the very least I will try and provide for you an overview of the CD creation process.
8.2 The development system(How I do it)
My development system consists of two separate Linux installations of the same distribution, depending on what branch I'm working on. First, I have a very complete <insert Linux distro here> installation on my main hard drive(/dev/hda). I then have /dev/hdb1, upon which I have another, bare bones, installation - this installation generally has no compiling tools or X stuff.
I usually have /dev/hdb1 mounted on /mnt, that's not a critical element, but I thought I'd mention it since I will refer to /mnt alot from now on. I then have a directory called /CD-FW on the /dev/hdb1 installation, that is, if /dev/hdb1 is mounted on /mnt, then the directory would be called /mnt/CD-FW/. Throughout this entire process, the installation on /dev/hda is the live running system, and it is from here that I compile the needed tools, kernels, etc and basically run everything.
To make this easy for you, the Sentry Firewall CD ISO is basically an exact copy of what's in /mnt/CD-FW/ on my hard drive. I simply use the 'mkisofs' utility on /mnt/CD-FW to create the ISO image.
If you simply want to get started, perhaps try the following steps:
- Install a basic slackware system on some other partition, /dev/hdb1 perhaps.
- Reboot into your normal(linux) system and mount this new partition, let's say on /mnt.
- Mount the Sentry CD somewhere, let's say on /mnt2
- type: mkdir /mnt/CD-FW
- type: cp -Rdp /mnt2/* /mnt/CD-FW/
- type: find /mnt/CD-FW/ -name 'TRANS.TBL' -type f -print | xargs rm -f
This removes those 'TRANS.TBL' files that are created by mkisofs. - Unmount /mnt2
- Run the following commands(in a script if you like) to update the /mnt/CD-FW/ directory:
cp -Rdp /mnt/bin /mnt/CD-FW/ cp -Rdp /mnt/sbin /mnt/CD-FW/ cp -Rdp /mnt/lib /mnt/CD-FW/ cp -Rdp /mnt/usr/bin /mnt/CD-FW/usr/ cp -Rdp /mnt/usr/sbin /mnt/CD-FW/usr/ cp -Rdp /mnt/usr/local/bin /mnt/CD-FW/usr/local/ cp -Rdp /mnt/usr/lib /mnt/CD-FW/usr/ cp -Rdp /mnt/usr/libexec /mnt/CD-FW/usr/ cp -Rdp /mnt/usr/share /mnt/CD-FW/usr/ cp -Rdp /mnt/usr/man /mnt/CD-FW/usr/
NOTE: The above commands may spit out errors when working with certain files(ie. hard links). These errors are annoying, but they're not critical at all.
You now have a development system like, or similar to, my own :-)
Now, if you ever want to install an rpm update or a Slackware package update(with upgradpkg), you can do the following:
root@mybox:~# cd /mnt; chroot /mnt
root@mybox:/# upgradepkg update.tgz
or
root@mybox:/# rpm --upgrade update.rpm
$ exit
Then, all I need to do is re-run the script mentioned above, the one that copies all those files, to update the /mnt/CD-FW directory.
8.3 The RAMdisk Image
That's all nifty, but now comes the hard part... making the ramdisk. If you take a look at the /isolinux directory on the CDROM, you will see a bunch of files, one of them is called 'initrd.img' - there are several others as well, such as isolinux.cfg, message.txt, and isolinux.bin. These files are required by isolinux in order to work properly. Take a look at those files and the documentation that comes with syslinux to get a better idea of what all that does. In any case, the 'initrd.img' file is, in fact, the compressed ramdisk image.
To take a look at the image, do something like the following:
blah@wherever:~$ cp /cdrom/isolinux/initrd.img /tmp/initrd.img.gz
blah@wherever:~$ gzip -d /tmp/initrd.img.gz
blah@wherever:~$ mount -o loop /tmp/initrd.img /MOUNT_POINT
In a nutshell, I use the file '/SENTRY/scripts/MK-CD/mkrootdsk.sh' to create the rootdisk. Please read that file and the disclaimer before you decide to use it. It runs perfectly on my system, but may not run well at all on yours. It basically attempts to create a rootdisk image to use with the Sentry CD, but it is very long and may be somewhat difficult to comprehend at times. This is what happens when I start hacking around and fail to utilize proper child safety restraints.
8.4 Making the ISO Image
The next file I use is called 'mkiso.sh'. The script generally just declares a few variables and runs the 'mkisofs' utility. The command I normally run looks like the following:
root@mybox:~# cd /mnt/CD-FW
root@mybox:/mnt/CD-FW# mkisofs -o sentrycd.iso -R -V "Sentry Firewall CD [v1.x.x]" -v \
-T -d -D -N \
-b isolinux/isolinux.bin \
-c isolinux/eltorito.cat \
-no-emul-boot -boot-load-size 4 -boot-info-table \
-A "Sentry Firewall CD v1.x.x" .
........
And that's it, I burn the CD and test it. For reference, the following files are available on the CDROM and online at http://www.SentryFirewall.com/
- /SENTRY/scripts/MK-CD/mkrootdsk.sh (builds the rootdisk)
- /SENTRY/scripts/MK-CD/mkiso.sh (builds final ISO image)
- /SENTRY/scripts/MK-CD/record-cd.sh (burns the ISO to a CD)
Next Previous Contents