This section is just an overview to explain how the Sentry Firewall CD works, that is, from the process of loading the kernel to running the Sentry Firewall CD configuration scripts located on the RAMDisk.
Booting from the CDROM is a fairly familiar process. The BIOS execs the bootloader(Syslinux) - which then displays a bootprompt and loads the kernel and ramdisk into memory. Once the kernel is running, the ramdisk is then mounted as root(/).
An obvious necessity for deploying CDROM based systems is the ability to dynamically configure the system for various environments with different configurations, which is what a good majority of this project is dedicated to building. A simple way to do this is to give the user the ability to customize the startup scripts located in /etc/rc.d before they are actually used, as well as the ability to customize other important system configuration files.
At boot time, the /etc and /etc/rc.d directories are nearly empty. On a Slackware system the first rc file to run is /etc/rc.d/rc.S - and it is from this file where we run the configuration scripts that look for a configuration file(sentry.conf), and place the proper configuration and system files in /etc and various subdirectories under /etc. On other Linux systems, such as RedHat, the configuration scripts would be run from rc.sysinit. If there is not a configuration directive for a specific file, or if a configuration file cannot be found, then the default system files are used - which are located in /etc/default/* on the ramdisk.
Early versions of the Sentry Firewall CD utilized the 2.88MB floppy emulation method, along with either lilo or syslinux to boot the kernel and load the ramdisk. This method proved very limiting for two reasons; A) the total size of the compressed ramdisk AND kernel was limited to 2.88MB, and B) it was quite slow compared to the current method.
The Sentry Firewall CD is currently utilizing the isolinux.bin boot record with no emulation in order to properly boot the CDs. This allows us to use a much larger ramdisk and offer a choice of several kernels to boot at boot time.
More information about syslinux can be found at syslinux.zytor.com.
As previously mentioned, our configuration scripts which reside in /etc/rc.d/SENTRY/ on the ramdisk are generally run from an rc script in /etc/rc.d/. The first script to run is called 'cd-config.pl', which is essentially the mainline for the entire program. The other scripts that are used are called 'get_config.pl', 'process_conf.pl', 'do_config.pl' and 'networking.pl'. These scripts were written specifically for this project, and are essentially the mainstay of the entire configuration process.
In depth review of these scripts is a little beyond the scope of this document, but is covered a bit in the file called 'DOCUMENTATION' available on the website ( http://www.SentryFirewall.com/). The files are written in perl, and do several important things; read in and parse the configuration file(sentry.conf), locate and retrieve the important files detailed in the sentry.conf file, and replace the system default files with the ones the user has defined in the configuration file.
Hosting by: Hurra Communications Ltd.
Generated: 2007-01-26 17:58:11