PakSecured Installation and Configuration

Previous page
Table of content
Next page
   
PakSecured Installation and Configuration

Minimum System Requirements

  • Pentium Processor

  • 16MB RAM

  • 500MB IDE Hard drive

  • Network Interface Card

  • Bootable CD-ROM or 3.5" floppy drive

Phase I ”Initial Files Install

The installation of PakSecured Linux will destroy any data you have on your hard drive. Make sure that you have a new hard drive or that you have backed up all critical data from your existing hard drive. Once you are ready to proceed, collect the following information, which will be necessary for the installation:

IP address in CIDR notation for your server

Example: 192.168.1.1/24

IP address of your default router

Example: 192.168.1.254

Note that this can be set to the interface address if you do not have a default router

IP address of your nameserver

Example: 192.168.1.128

As with the router this can be set to the interface address

FQDN (Fully Qualified Domain Name ) for this server

Example: paksecured.mynet.com

Root user password

You must supply all of this information on the appropriate screen. The way the install is designed, if you do not provide any single part of this information the install routine will assume that you do not want to continue and will stop the installation process. However, your hard disk will have already been partitioned.

CD-ROM Install Process

  1. Boot from the CD.

  2. Press enter at the LILO prompt to start.

  3. When prompted for "Select Installation Media," select CDROM.

    At this point in the installation process, the CD-ROM is mounted, and the hard drive is partitioned as follows :

    hda1 is 64MB swap

    hda2 is 400MB for /

    hda3 is the rest of the hard drive for /var

  4. You will then be prompted to enter your networking information.

    Enter all of the information you collected above.

  5. PakSecured Linux is installed on the drive.

  6. When the installation is finished, supply the root password.

After providing the root user password, lilo will be installed and the CD-ROM will be ejected. At this point the system will ask you to reboot. Press Enter and then continue on to the next phase.

HTTP/FTP Install Process

  1. Boot install floppy ( disk1-boot.img ).

  2. Press Enter at the LILO prompt to start.

  3. When prompted for "Select Installation Media," select http/ftp.

    You will then be prompted to enter the driver floppy disk ( disk2-drivers.img ).

  4. Enter your networking information.

    If you do not have a default router, enter your local interface. You will need to have already set up a Web server on that local network.

  5. Select the location of the PakSecured image file:

    Example: http://205.138.121.147/software/paksecured.tar.bz2

    If you have set up your own server, note that you MUST use the IP address of that server and the server needs to respond on that address. There is no DNS capability at this point in the install.

  6. PakSecured Linux is installed on the drive.

  7. When the installation is finished, supply the root password.

After providing the root user password, lilo will be installed and you need to remove all floppy disks from the drives . The system will request confirmation of reboot and continue into the next phase of the install.

Phase II ”Kernel Configuration

Once the initial files install is completed, you will be prompted to reboot the PC. Remove all disks and CDs from the drives and press Enter to reboot. The system will come up automatically into the menuconfig kernel configuration screen. Select all the relevant network card drivers and other devices needed for your system. At a minimum you will only need to select your network card driver. All other options needed for running PakSecured are already selected.

Warning

Do Not Change any of the already selected options, especially in the networking sections, unless you REALLY KNOW what you are doing. Deselecting some of the options in the kernel configuration could cause your system to be completely useless.


Minimum Kernel Configuration

The system will boot straight into Make Menuconfig so that you may select the appropriate network drivers for your kernel.

Select Network Device Support from the menu.

Select Ethernet (10 or 100Mbit) (or TokenRing or ).

Now select the drivers for all your network interface cards.

Select Exit twice.

When prompted to save your configuration select Yes.

Your kernel will be compiled and installed automatically.

The system will automatically compile and install the kernel and all modules needed for operation. After this is done, the system will reboot to use the newly compiled kernel.

Final Phase ”PakSecured Configuration

Once the system has rebooted with your new kernel image, you will be given a standard login prompt. You may now login as root to the system. Note that as part of the previous installation phases several parts of the system were configured. These are as follows:

A user called "tech" was created during install

The password for "tech" is what you typed in during install

tech's ssh keys were generated

System SSH keys were generated

The basic networking as entered in the install process was configured.

You will now want to perform any advanced configuration of the system. The initial networking values you entered during the install process have already been saved, so you should have device eth0 already functional. You can check this by entering the following commands:

ip addr (will show the address you entered for eth0 )

ip route (will show the route for the gateway you entered)

Note that this system does not have ifconfig or route installed. The only networking utilities are ip, tc, and the set from Alexey's iputils package.

PakSecured is designed to allow for simple operation through a global firewall system configuration file. All standard networking is performed through standard independent configuration files such as listed below. Within the global configuration file is allowance for calling scripts to perform advanced Policy Routing structures. The following listing provides some of the relevant files for configuring and maintaining the system.

  • Networking configuration files and the advanced policy scripts are located in /etc/sysconfig/network-scripts/.

  • Within this directory are the ip4cfg-{ network} configuration files for the network interface cards. You should already have an ip4cfg-eth0 in this directory from the install.

  • There is a sample-ip4cfg provided as a template to configure any other interfaces you may need ( ip4cfg-eth1, ip4cfg-tr0, and so on). Note that you cannot use the ip4cfg-* files from any other distribution because they do not use Policy Routing.

  • The routes needed for the system on startup are contained within the ip4cfg-routes file in this directory as well. Look inside that file for the current routing setup and some samples for additional routes.

  • Also within this directory are some sample files for performing advanced Policy Routing structures. The mail.fw file is a simple single machine policy for allowing a unique route for a single machine. Note that this file also contains the commands for setting up the firewalling functions that are associated with the policy.

  • You can find some advanced configuration files on the Web site that implement parts of the book examples. These files would be placed into this directory for use.

pakfw.config

The global configuration file for the firewall part of the system is the pakfw.config file located in /etc/sysconfig. The file is commented. Note that many of the sections in the file contain loop structures. This is one of the more powerful uses of the configuration structures. To best illustrate how it works consider the final section, MISC: 

 
 MISC_HIGH=0 MISC0="mail.fw" MISC1="" MISC2=""

As you can see, there are variables that are numbered consecutively. These are the actual run variables . In this case the MISC0 variable contains the name mail.fw. The loop variable is the MISC_HIGH variable.

When the loop variable is set to 0 as it is here, this section is deactivated even if the variable MISC (located at the top of pakfw.config ) is set. This loop variable controls the number f procedures that would be run. So if you want to run the mail.fw script you can set the MISC_HIGH variable to 1. Note that this is one greater than the number of the variable. This is where the looping comes in. Say you wanted to code up all 8 examples from Chapter 5, "Simple Network Examples," to run as MISC additions. You would set the loop variable MISC_HIGH to 9 and place the names of the files you created to run the examples in the appropriate lines. You may end up with a MISC section that looks like this: 

 
 MISC_HIGH=9 MISC0="example5.1" MISC1="example5.2" MISC2="example5.3" MISC3="example5.4" MISC4="example5.5" MISC5="example5.6" MISC6="example5.7" MISC7="example5.8"

Now the fun part is that you can also set the loop variable to 3, in which case you would only run examples 5.1 “5.3.

These variables control the information needed to run the system. If you want to see how these variables are used, look in the function definitions. These are located in /etc/rc.d/init.d and are the pakfw.functions and pakvpn.functions files. There are other function definitions located in /etc/sysconfig/network-scripts.

Enjoy your PakSecured system.

   
Top

Previous page
Table of content
Next page
Policy Routing Using Linux
Policy Routing Using Linux
ISBN: B000C4SRVI
EAN: N/A
Year: 2000
Pages: 105
Authors: Matthew G. Marsh
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Adobe After Effects 7.0 Studio Techniques
WebLogic: The Definitive Guide
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Sap Bw: a Step By Step Guide for Bw 2.0
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy