Next Previous Contents

8. Building a Custom Sentry CD

8.1 Introduction

This section will attempt to describe how to create a custom Sentry Firewall CDROM. Unfortunately, I do not have time to go into every detail. But at the very least I will try and provide for you an overview of the CD creation process.


8.2 The development system(How I do it)

My development system consists of two separate Linux installations of the same distribution, depending on what branch I'm working on. First, I have a very complete <insert Linux distro here> installation on my main hard drive(/dev/hda). I then have /dev/hdb1, upon which I have another, bare bones, installation - this installation generally has no compiling tools or X stuff.

I usually have /dev/hdb1 mounted on /mnt, that's not a critical element, but I thought I'd mention it since I will refer to /mnt alot from now on. I then have a directory called /CD-FW on the /dev/hdb1 installation, that is, if /dev/hdb1 is mounted on /mnt, then the directory would be called /mnt/CD-FW/. Throughout this entire process, the installation on /dev/hda is the live running system, and it is from here that I compile the needed tools, kernels, etc and basically run everything.

To make this easy for you, the Sentry Firewall CD ISO is basically an exact copy of what's in /mnt/CD-FW/ on my hard drive. I simply use the 'mkisofs' utility on /mnt/CD-FW to create the ISO image.

If you simply want to get started, perhaps try the following steps:

NOTE: The above commands may spit out errors when working with certain files(ie. hard links). These errors are annoying, but they're not critical at all.

You now have a development system like, or similar to, my own :-)

Now, if you ever want to install an rpm update or a Slackware package update(with upgradpkg), you can do the following:

root@mybox:~# cd /mnt; chroot /mnt

root@mybox:/# upgradepkg update.tgz
or
root@mybox:/# rpm --upgrade update.rpm

$ exit

Then, all I need to do is re-run the script mentioned above, the one that copies all those files, to update the /mnt/CD-FW directory.


8.3 The RAMdisk Image

That's all nifty, but now comes the hard part... making the ramdisk. If you take a look at the /isolinux directory on the CDROM, you will see a bunch of files, one of them is called 'initrd.img' - there are several others as well, such as isolinux.cfg, message.txt, and isolinux.bin. These files are required by isolinux in order to work properly. Take a look at those files and the documentation that comes with syslinux to get a better idea of what all that does. In any case, the 'initrd.img' file is, in fact, the compressed ramdisk image.

To take a look at the image, do something like the following:

blah@wherever:~$ cp /cdrom/isolinux/initrd.img /tmp/initrd.img.gz
blah@wherever:~$ gzip -d /tmp/initrd.img.gz
blah@wherever:~$ mount -o loop /tmp/initrd.img /MOUNT_POINT

In a nutshell, I use the file '/SENTRY/scripts/MK-CD/mkrootdsk.sh' to create the rootdisk. Please read that file and the disclaimer before you decide to use it. It runs perfectly on my system, but may not run well at all on yours. It basically attempts to create a rootdisk image to use with the Sentry CD, but it is very long and may be somewhat difficult to comprehend at times. This is what happens when I start hacking around and fail to utilize proper child safety restraints.


8.4 Making the ISO Image

The next file I use is called 'mkiso.sh'. The script generally just declares a few variables and runs the 'mkisofs' utility. The command I normally run looks like the following:

root@mybox:~# cd /mnt/CD-FW
root@mybox:/mnt/CD-FW# mkisofs -o sentrycd.iso -R -V "Sentry Firewall CD [v1.x.x]" -v \
   -T -d -D -N \
   -b isolinux/isolinux.bin \
   -c isolinux/eltorito.cat \
   -no-emul-boot -boot-load-size 4 -boot-info-table \
   -A "Sentry Firewall CD v1.x.x" .
........

And that's it, I burn the CD and test it. For reference, the following files are available on the CDROM and online at http://www.SentryFirewall.com/



Next Previous Contents