Next Previous Contents

5. Overview of Available Configuration Directives

5.1 Replacing rc/config files

To replace a file that is supported by the configuration scripts, you may use the following syntax:

     filename_directive = /location/of/filename

Where "filename_directive is one of the directives listed below, and the location of the file is often '/floppy/filename'. The file location can also be a URL. The supported prefixed include "http://", "https://", "ftp://", "sftp://", and "scp://".

As previously mentioned, there are at least two Sentry Firewall CD branches with varying names like "SENTRYCD" and "SENTRY-RH". The only difference between these branches is the "host" Linux distribution that is utilized. And since Linux distributions utilize different files during bootup, the accepted directives for the two branches vary. For example, a Slackware system utilizes files such as "rc.S" and "rc.M" to boot into single and multi-user modes. Other Linux distributions, such as Red Hat, utilize different files such as "rc.sysinit" and various files located in /etc/rc.d/init.d/. Therefore, when running a sentrycd-RH system, which is not Slackware based, it would be pointless to have a directive that states the following:

rc.M = /floppy/rc.M
since a non-Slackware system wouldn't know to do with a file called "rc.M". In any case, it is for this reason that the configuration directives vary a bit between branches. The directives that are available can be found in the sentry.conf file in the SENTRY/scripts/cd-config/ directory, or on the website.


The "sysconf_dir" and "xinetd_dir" are unique to the "SENTRYCD-RH" branch. Unlike the other directives, these are used to replace the files located in the /etc/xinetd.d/ and the /etc/sysconfig/ directories. The /etc/sysconfig/ directory contains most of the configuration files used by the init scripts(in /etc/rc.d/init.d/) on systems such as Red Hat systems.

Example:

   sysconf_dir = /floppy/sysconfig
   or
   sysconf_dir = ftp://123.123.123.123/node1234/sysconfig
Please note that "/floppy/sysconfig" and "/node1234/sysconfig" are directories that contain files you want placed in /etc/sysconfig/. The "xinetd_dir" directive is used in the same way.


NOTE: To replace files not supported by the configuration scripts, use the '|=' file copy directive discussed below.


5.2 'device' directive support

Set up an ethernet device to use during configuration.

     device[#] = [device_name]:[driver_name]:[IP_Address]<|gateway>
     device[#] = [device_name]:[driver_name]:dhcp<|hostname>

     NOTE: 1) <hostname> and <gateway> are optional, but sometimes required.
           2) Most ethernet devices are supported.  If you find one that isn't
              and you think it should be, please let me know.
           3) "device1" to "device10" are supported.

Examples:
     device1 = eth0:tulip:192.168.1.50|192.168.1.1
     device2 = eth1:via-rhine:dhcp


5.3 'nameserver' directive

Set up a nameserver to use during configuration.

     nameserver = <DNS_IP>


5.4 Proxy Support Directives

Set up a proxy for pulling files via http(s), or ftp.

     http_proxy = http://<hostname>/
     ftp_proxy = http://<hostname>/
     proxy-user = <PROXY_USER>
     proxy-passwd = <PROXY_PASSWORD>


5.5 Passive FTP Support

Use passive ftp instead of active ftp to retrieve files.

     passive-ftp = <on|off>  ## Default == off


5.6 'include' directive

Retrieve and parse another 'sentry.conf' file.

     include = </location/of/sentry.conf>

     Or, with network support -

     include = <ftp|http>://[<user>:<pass>@]<SERVER_IP></path/to/sentry.conf>


5.7 Copying files (|=)

Copy file from one location to the other.

     Syntax: source_file |= dest_file, OR
             dest_file = source_file

Example:  Copy file /floppy/daemon.conf to /etc/daemon.conf

          /floppy/daemon.conf |= /etc/daemon.conf
          or
          /etc/daemon.conf = /floppy/daemon.conf
          or
          /etc/daemon.conf = scp://<user>:<pass>@<server>/config/daemon.conf
NOTE: http(s)/(s)ftp/scp support is only available with Sentry Firewall CD versions >= 1.3.0.


5.8 Making Symlinks (=>)

Create a symlink

     Syntax: dest_file => source_file(where the symlink points to)

Example:
     Make symlink called /etc/somefile.conf that points to /etc/otherfile.conf
     /etc/somefile.conf => /etc/otherfile.conf


5.9 'cdrom' directive

Defines which device the CDROM is. Most of the time the CDROM is detected and mounted using the /etc/rc.d/rc.cdrom script. But this makes the process less error-prone.

     Syntax: cdrom = <DEVICE>

Example:
     cdrom = /dev/hdc


5.10 'cron' directive

Replace a user's crontab file(located in /var/spool/cron/crontabs/).

Syntax: cron:<USERNAME> = </LOCATION/OF/CRONTAB_FILE>


5.11 hostname

Defines the hostname of the local machine. This directive can be used to either point to a file containing the hostname of the local machine, or to define the hostname itself.

     Syntax: hostname = </path/to/file>
             or
             hostname = MYHOSTNAME


5.12 Other SENTRY-{RH,DEB} Specific Directives

Besides the "xinetd_dir" and "sysconf_dir" directives, mentioned above, there is another directive that is unique to the sentrycd-RH branch.


Start/Stop a Service or Daemon

This directive gives you the ability to start or stop a service at bootup. The syntax looks like the following:

     service:[start|stop] = <path/to/service_init_file>
For example:
     httpd:stop
     or
     httpd:start = /floppy/config/httpd

In the above example, we are telling the Sentry Firewall CD to either start or stop the http daemon at bootup. The optional argument "<path/to/service_init_file>" is usually not necessary, but is used to actually replace the startup script located in /etc/rc.d/init.d/, in case you ever wanted to do so.

To get a better idea of how this works, please take a look at the sample "sentry.conf" file located either on the CD or online at http://www.sentryfirewall.com/files/sentrycd-rh-devel/scripts/cd-config/sentry.conf



Next Previous Contents