|
Previous | Table of Contents | Next |
Code Changes
Several issues need to be considered when you compile the Toolkit components. These issues revolve primarily around the definition of sys_errlist. To resolve the problem, you must change the declaration of sys_errlist in all places where it is declared. For example, sys_errlist is defined in the code as:
extern char *sys_errlist[];
Commenting out the line using the C comment symbols (/* */) results in a successful compile of the source code:
/* extern char *sys_errlist[]; */
After the compile process completes successfully, you must install the files in the appropriate place. The easiest way to install these files is to use the command:
make install
This command uses information in the Makefile to place the objects in the correct place. The process is shown in the following command sequence:
pc# make install if [ ! -d /usr/local/etc ]; then mkdir /usr/local/etc; fi for a in config lib auth smap smapd netacl plug-gw ftp-gw tn-gw rlogin-gw http-g w; do ( cd $a; echo install: pwd; make install ); done install: /usr/tis/fwtk/config if [ ! -f /usr/local/etc/netperm-table ]; then cp netperm-table /usr/local/etc; chmod 644 /usr/local/etc/netperm-table; fi install: /usr/tis/fwtk/lib install: /usr/tis/fwtk/auth if [ -f /usr/local/etc/authsrv ]; then mv /usr/local/etc/authsrv /u sr/local/etc/authsrv.old; fi cp authsrv /usr/local/etc chmod 755 /usr/local/etc/authsrv if [ -f /usr/local/etc/authmgr ]; then mv /usr/local/etc/authmgr /u sr/local/etc/authmgr.old; fi cp authmgr /usr/local/etc chmod 755 /usr/local/etc/authmgr if [ -f /usr/local/etc/authload ]; then mv /usr/local/etc/authload /usr/local/etc/authload.old; fi cp authload /usr/local/etc chmod 755 /usr/local/etc/authload if [ -f /usr/local/etc/authdump ]; then mv /usr/local/etc/authdump /usr/local/etc/authdump.old; fi cp authdump /usr/local/etc chmod 755 /usr/local/etc/authdump install: /usr/tis/fwtk/smap if [ -f /usr/local/etc/smap ]; then mv /usr/local/etc/smap /usr/local/etc/ smap.old; fi cp smap /usr/local/etc chmod 755 /usr/local/etc/smap install: /usr/tis/fwtk/smapd if [ -f /usr/local/etc/smapd ]; then mv /usr/local/etc/smapd /usr/local/etc/ smapd.old; fi cp smapd /usr/local/etc chmod 755 /usr/local/etc/smapd install: /usr/tis/fwtk/netacl if [ -f /usr/local/etc/netacl ]; then mv /usr/local/etc/netacl /usr /local/etc/netacl.old; fi cp netacl /usr/local/etc chmod 755 /usr/local/etc/netacl install: /usr/tis/fwtk/plug-gw if [ -f /usr/local/etc/plug-gw ]; then mv /usr/local/etc/plug-gw /u sr/local/etc/plug-gw.old; fi cp plug-gw /usr/local/etc chmod 755 /usr/local/etc/plug-gw install: /usr/tis/fwtk/ftp-gw if [ -f /usr/local/etc/ftp-gw ]; then mv /usr/local/etc/ftp-gw /usr /local/etc/ftp-gw.old; fi cp ftp-gw /usr/local/etc chmod 755 /usr/local/etc/ftp-gw install: /usr/tis/fwtk/tn-gw if [ -f /usr/local/etc/tn-gw ]; then mv /usr/local/etc/tn-gw /usr/local/etc/tn-gw.old; fi cp tn-gw /usr/local/etc chmod 755 /usr/local/etc/tn-gw install: /usr/tis/fwtk/rlogin-gw if [ -f /usr/local/etc/rlogin-gw ]; then mv /usr/local/etc/rlogin-g w /usr/local/etc/rlogin-gw.old; fi cp rlogin-gw /usr/local/etc chmod 755 /usr/local/etc/rlogin-gw install: /usr/tis/fwtk/http-gw if [ -f /usr/local/etc/http-gw ]; then mv /usr/local/etc/http-gw /usr/local/etc /http-gw.old; fi cp http-gw /usr/local/etc chmod 755 /usr/local/etc/http-gw
With the Toolkit successfully installed and compiled, the next step is the security policy and the configuration of the Toolkit.
When configuring the Toolkit, the first step is to turn off all unnecessary services that are running on the system that will affect your firewall. This requires that you have some level of Unix knowledge regarding the system startup procedure and services for your system. For example, you may have to:
You can use the ps command to see that a number of services are in operation. The following output shows such services on a sample system:
pc# ps -aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 442 0.0 1.7 144 240 p0 R+ 3:34AM 0:00.04 ps -aux root 1 0.0 1.7 124 244 ?? Is 3:02AM 0:00.08 /sbin/init -- root 2 0.0 0.1 0 12 ?? DL 3:02AM 0:00.01 (pagedaemon) root 15 0.0 6.0 816 888 ?? Is 3:03AM 0:00.47 mfs -o rw -s 1 root 36 0.0 1.5 124 220 ?? Ss 3:03AM 0:00.21 syslogd root 40 0.0 1.2 116 176 ?? Ss 3:03AM 0:00.06 routed -q root 77 0.0 0.5 72 72 ?? Ss 3:03AM 0:00.34 update root 79 0.0 1.6 284 232 ?? Is 3:03AM 0:00.08 cron root 85 0.0 0.3 72 36 ?? I 3:03AM 0:00.01 nfsiod 4 root 86 0.0 0.3 72 36 ?? I 3:03AM 0:00.01 nfsiod 4 root 87 0.0 0.3 72 36 ?? I 3:03AM 0:00.01 nfsiod 4 root 88 0.0 0.3 72 36 ?? I 3:03AM 0:00.01 nfsiod 4 root 91 0.0 1.0 96 144 ?? Is 3:03AM 0:00.07 rwhod root 93 0.0 1.3 112 180 co- I 3:03AM 0:00.05 rstatd root 95 0.0 1.3 128 192 ?? Is 3:03AM 0:00.07 lpd root 97 0.0 1.3 104 184 ?? Ss 3:03AM 0:00.13 portmap root 102 0.0 1.6 332 224 ?? Is 3:03AM 0:00.05 (sendmail) root 108 0.0 1.4 144 200 ?? Is 3:03AM 0:00.11 inetd root 117 0.0 2.1 228 300 co Is+ 3:03AM 0:00.90 -csh (csh) root 425 0.0 2.0 156 292 ?? S 3:33AM 0:00.15 telnetd chrish 426 0.0 2.1 280 304 p0 Ss 3:33AM 0:00.26 -ksh (ksh) root 440 0.4 1.9 220 280 p0 S 3:34AM 0:00.17 -su (csh) root 0 0.0 0.1 0 0 ?? DLs 3:02AM 0:00.01 (swapper) pc#
Previous | Table of Contents | Next |