Code Changes

Several issues need to be considered when you compile the Toolkit components. These issues revolve primarily around the definition of sys_errlist. To resolve the problem, you must change the declaration of sys_errlist in all places where it is declared. For example, sys_errlist is defined in the code as:

extern  char    *sys_errlist[];

Commenting out the line using the C comment symbols (/* */) results in a successful compile of the source code:

/* extern       char    *sys_errlist[]; */

Installing the TIS Firewall Toolkit

After the compile process completes successfully, you must install the files in the appropriate place. The easiest way to install these files is to use the command:

make install

This command uses information in the Makefile to place the objects in the correct place. The process is shown in the following command sequence:

pc# make install
if [ ! -d /usr/local/etc ]; then mkdir /usr/local/etc; fi
for a in config lib auth smap smapd netacl plug-gw ftp-gw tn-gw rlogin-gw
http-g
w; do  ( cd $a; echo install: ‘pwd’; make install );  done
install: /usr/tis/fwtk/config
if [ ! -f /usr/local/etc/netperm-table ]; then cp netperm-table
/usr/local/etc; chmod 644 /usr/local/etc/netperm-table; fi
install: /usr/tis/fwtk/lib
install: /usr/tis/fwtk/auth
if [ -f /usr/local/etc/authsrv ]; then mv /usr/local/etc/authsrv /u
sr/local/etc/authsrv.old; fi
cp authsrv /usr/local/etc
chmod 755 /usr/local/etc/authsrv
if [ -f /usr/local/etc/authmgr ]; then mv /usr/local/etc/authmgr /u
sr/local/etc/authmgr.old; fi
cp authmgr /usr/local/etc
chmod 755 /usr/local/etc/authmgr
if [ -f /usr/local/etc/authload ]; then mv /usr/local/etc/authload
/usr/local/etc/authload.old; fi
cp authload /usr/local/etc
chmod 755 /usr/local/etc/authload
if [ -f /usr/local/etc/authdump ]; then mv /usr/local/etc/authdump
/usr/local/etc/authdump.old; fi
cp authdump /usr/local/etc
chmod 755 /usr/local/etc/authdump
install: /usr/tis/fwtk/smap
if [ -f /usr/local/etc/smap ]; then mv /usr/local/etc/smap /usr/local/etc/
smap.old; fi
cp smap /usr/local/etc
chmod 755 /usr/local/etc/smap
install: /usr/tis/fwtk/smapd
if [ -f /usr/local/etc/smapd ]; then mv /usr/local/etc/smapd
/usr/local/etc/ smapd.old; fi
cp smapd /usr/local/etc
chmod 755 /usr/local/etc/smapd
install: /usr/tis/fwtk/netacl
if [ -f /usr/local/etc/netacl ]; then mv /usr/local/etc/netacl /usr
/local/etc/netacl.old; fi
cp netacl /usr/local/etc
chmod 755 /usr/local/etc/netacl
install: /usr/tis/fwtk/plug-gw
if [ -f /usr/local/etc/plug-gw ]; then mv /usr/local/etc/plug-gw /u
sr/local/etc/plug-gw.old; fi
cp plug-gw /usr/local/etc
chmod 755 /usr/local/etc/plug-gw
install: /usr/tis/fwtk/ftp-gw
if [ -f /usr/local/etc/ftp-gw ]; then mv /usr/local/etc/ftp-gw /usr
/local/etc/ftp-gw.old; fi
cp ftp-gw /usr/local/etc
chmod 755 /usr/local/etc/ftp-gw
install: /usr/tis/fwtk/tn-gw
if [ -f /usr/local/etc/tn-gw ]; then mv /usr/local/etc/tn-gw
/usr/local/etc/tn-gw.old; fi
cp tn-gw /usr/local/etc
chmod 755 /usr/local/etc/tn-gw
install: /usr/tis/fwtk/rlogin-gw
if [ -f /usr/local/etc/rlogin-gw ]; then mv /usr/local/etc/rlogin-g
w /usr/local/etc/rlogin-gw.old; fi
cp rlogin-gw /usr/local/etc
chmod 755 /usr/local/etc/rlogin-gw
install: /usr/tis/fwtk/http-gw
if [ -f /usr/local/etc/http-gw ]; then mv /usr/local/etc/http-gw
/usr/local/etc
/http-gw.old; fi
cp http-gw /usr/local/etc
chmod 755 /usr/local/etc/http-gw

With the Toolkit successfully installed and compiled, the next step is the security policy and the configuration of the Toolkit.

Preparing for Configuration

When configuring the Toolkit, the first step is to turn off all unnecessary services that are running on the system that will affect your firewall. This requires that you have some level of Unix knowledge regarding the system startup procedure and services for your system. For example, you may have to:

•  Edit the /etc/inetd.conf file

•  Edit the system startup scripts such as /etc/rc /etc/rc2.d/* and others

•  Edit the operating system configuration to disable unnecessary kernel-based services

You can use the ps command to see that a number of services are in operation. The following output shows such services on a sample system:

pc# ps -aux
USER   PID %CPU %MEM   VSZ  RSS  TT  STAT  STARTED  TIME    COMMAND
root   442  0.0  1.7   144  240  p0  R+    3:34AM   0:00.04 ps -aux
root     1  0.0  1.7   124  244  ??  Is    3:02AM   0:00.08 /sbin/init --
root     2  0.0  0.1     0   12  ??  DL    3:02AM   0:00.01 (pagedaemon)
root    15  0.0  6.0   816  888  ??  Is    3:03AM   0:00.47 mfs -o rw -s 1
root    36  0.0  1.5   124  220  ??  Ss    3:03AM   0:00.21 syslogd
root    40  0.0  1.2   116  176  ??  Ss    3:03AM   0:00.06 routed -q
root    77  0.0  0.5    72   72  ??  Ss    3:03AM   0:00.34 update
root    79  0.0  1.6   284  232  ??  Is    3:03AM   0:00.08 cron
root    85  0.0  0.3    72   36  ??  I     3:03AM   0:00.01 nfsiod 4
root    86  0.0  0.3    72   36  ??  I     3:03AM   0:00.01 nfsiod 4
root    87  0.0  0.3    72   36  ??  I     3:03AM   0:00.01 nfsiod 4
root    88  0.0  0.3    72   36  ??  I     3:03AM   0:00.01 nfsiod 4
root    91  0.0  1.0    96  144  ??  Is    3:03AM   0:00.07 rwhod
root    93  0.0  1.3   112  180  co- I     3:03AM   0:00.05 rstatd
root    95  0.0  1.3   128  192  ??  Is    3:03AM   0:00.07 lpd
root    97  0.0  1.3   104  184  ??  Ss    3:03AM   0:00.13 portmap
root   102  0.0  1.6   332  224  ??  Is    3:03AM   0:00.05 (sendmail)
root   108  0.0  1.4   144  200  ??  Is    3:03AM   0:00.11 inetd
root   117  0.0  2.1   228  300  co  Is+   3:03AM   0:00.90 -csh (csh)
root   425  0.0  2.0   156  292  ??  S     3:33AM   0:00.15 telnetd
chrish 426  0.0  2.1   280  304  p0  Ss    3:33AM   0:00.26 -ksh (ksh)
root   440  0.4  1.9   220  280  p0  S     3:34AM   0:00.17 -su (csh)
root     0  0.0  0.1     0    0  ??  DLs   3:02AM   0:00.01 (swapper)
pc#