Sentry Firewall CD-ROM is a Linux based bootable CD-ROM suitable for use as an inexpensive and easy to maintain Firewall or IDS.
Version: 1.5.0 RC16Sentry Firewall CD-ROM is a Linux-based bootable CDROM suitable for use as an inexpensive and easy to maintain firewall, server, or IDS(Intrusion Detection System) Node. The system is designed to be immediately configurable for a variety of different operating environments via a configuration file located on a floppy disk, a local hard drive, and/or a network via HTTP(S), FTP, SFTP, or SCP.
Operating System: Linux
The Sentry Firewall CD is a complete Linux system that runs off of an initial ramdisk, much like a floppy-based system, and a CD. The default kernel is a current 2.4.x series kernel with various Netfilter patches applied. An OpenWall-patched current 2.2.x kernel is also available on the CD.
Booting from the CDROM is a fairly familiar process. The BIOS execs the bootloader(Syslinux) - which then displays a bootprompt and loads the kernel and ramdisk into memory. Once the kernel is running, the ramdisk is then mounted as root(/). At this point our configuration scripts are run(written in perl) that configure the rest of the system. It is the job of these configure scripts to put the various startup and system files into the proper location using either what is declared in the configuration file(sentry.conf) or the system defaults located in the /etc/default directory.
Most of the critical files used at boot time can be replaced with your own copy when declared in the configuration file. This is essentially how we allow the user to configure the system using his/her own configuration and init files.
All of the binaries, files, scripts, etc, used to create the CD-ROM are also available on the CD-ROM. So, with a little practice, you can easily build and customize your own bootable Sentry Firewall CD.
Here are some key features of "Sentry Firewall CD":
· Current Linux Kernel: 2.4.28-ow1
· OpenWall security patch(-ow1).
· Ebtables bridge+netfilter patch.
· Linux-WLAN modules.
· MPPE patch.
· Modules-off patch [ More Info | Patch ]
· iptables v1.2.11.
· ebtables v2.0.6.
· IProute2 utilities.
· PPTP Client/Server.
· Snort IDS v2.2.0
· OpenSSH and OpenSSL
· Many other daemons and binaries you may need -- Apache, Sendmail, Squid, Perl, BIND (static/chroot), and more.