HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_296
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 296 Freeswan version number is 1_3 Packages Kernel Homepage: http://www.kernelnotes.org/ You must be sure to download: linux-2_2_14_tar.gz Freeswan Homepage Site: http://www.freeswan.org/ You must be sure to download: freeswan-1_3_tar.gz Tarballs It is a good idea to make a list of files on the system before you install FreeS/WAN, and one afterwards, and then compare them using ‘diff’ to find out what file it placed where. Simply run find /* > vpn1’ before and ‘find /* > vpn2’ after you install the software, and use ‘diff vpn1 vpn2 > vpn’ to get a list of what changed. Prerequisites The installation of IPSEC FreeS/WAN Virtual Private Network software requires some modification of your original kernel since FreeS/WAN must be included and incorporated in your kernel before you can use it. For this reason the first step to do for installing FreeS/WAN software is to go to the Linux Kernel section in this book and follow the instructions to install Linux Kernel in your system (even if you are already do this before) and come back to “Linux FreeS/WAN VPN” (this section) after you have executed the “make dep; make clean” commands and before the “make bzImage” command in the Linux Kernel section. CAUTION: It is highly recommended to not compile anything in the kernel with a flags optimization if you’re intend to install FreeSWAN software in your system. Any optimization flags added to the Linux kernel will produce an errors message in the FreeSWAN IPSEC software when it will try to run, this is an important caution you must care about or nothing will work for FreeSWAN. Optimization flags we show you in the chapter 5 “Configuring and Building a Secure, Optimized kernels” apply without any problem to all sections and chapters of this book but exception exist for the FreeSWAN IPSEC software. Once again I repeat, don’t put/add any optimization option/flags to your Linux kernel when compiling and patching it to support FreeSWAN. Compilation of FreeS/WAN  Decompress the tarball (tar.gz). [root@deep /]# cp freeswan-version_tar.gz /usr/src/ [root@deep /]# cd /usr/src [root@deep src]# tar xzpf freeswan-version_tar.gz [root@deep src]# chown -R 0.0 /usr/src/freeswan-version Compile and insert FreeS/WAN to the kernel You must modify the “Makefile” under FreeS/WAN source directory and subdirectories named “utils”, “klips/utils”, “Pluto”, and “lib” to specify installation paths. We must modify these files to be compliant with Red Hat file system structure and install FreeS/WAN files under our PATH ENVIRONMENT VARIABLE. Step 1 Move to the top-level directory of the new FreeS/WAN distribution and type the following commands on your terminal: Edit the Makefile file (vi Makefile) and change the following lines: