Next Previous Contents

3. Directive Reference

The following is a list of file directives currently supported by the various branches of the Sentry Firewall CD. Please note that this information is highly subject to change. Currently supported configuration directives can be found in the sample sentry.conf file available on the ISO image in the "SENTRY/scripts/cd-config" directory, or online at

3.1 SENTRYCD(-DEVEL) Branches

The following is a list of file directives currently supported in the SENTRYCD and SENTRYCD-DEVEL branches(slackware-based).

Initialization scripts:

   rc.M                         Multiuser init script(runlevel 3).
   rc.6                         Halt or reboot
   rc.dhcpd                     Startup script for ISC DHCP daemon.
   rc.netdevice                 Load modules for network devices(before rc.inet1 is run).
   rc.inet1                     Set up ethernet interfaces.
   rc.inet1.conf                Configuration file for rc.inet1.
   rc.inet2                     Start network daemons.
   rc.inet2.conf                Configuration file for rc.inet2.
   rc.keymap                    Load keyboard map.
   rc.local                     Local system init script.
   rc.modules                   Load any needed modules.
   rc.firewall                  Firewall script.
   rc.firewall.nat              Nat-specific firewall script(not always used).             Use if firewall script was generated using iptables-save.
   rc.ntpd                      ntpd initialization script.
   rc.sendmail                  Sendmail initialization script.
   rc.snort                     Snort initialization script.

Important system configuration files:

   fstab                        fstab(5)
   ftpusers                     ftpusers(5)
   group                        group(5)
   hosts                        hosts(5)
   hosts.equiv                  hosts.equiv(5)
   hosts.allow                  hosts_access(5)
   hosts.deny                   hosts_access(5)
   inittab                      inittab
   modules.conf                 modules.conf(5)
   openssl.cnf                  OpenSSL configuration file.
   passwd                       passwd(5)
   profile                      bash(1)
   resolv.conf                  resolv.conf(5)
   shadow                       shadow(5)
   shells                       shells(5)

Daemon configuration files:

   bgpd.conf                    Configuration file for bgpd(
   dhcpd.conf                   Configuration file for dhcpd.
   dnsmasq.conf                 Configuration file for dnsmasq.
   httpd.conf                   Configuration file for Apache HTTP Daemon(
   inetd.conf                   Configuration file for inetd(8).
   ipsec.conf                   Configuration file for ipsec(
   ipsec.secrets                IPSec secrets file for IKE/IPsec authentication.
   named.conf                   Configuration file for named(8).
   l2tpd.conf                   Configuration file for l2tpd, Layer 2 Tunnelling Protocol Daemon(
   newsyslog.conf               Configuration file for newsyslog.
   ospfd.conf                   Configuration file for ospfd(
   portsentry.conf              Configuration file for portsentry.
   pppoe.conf                   Configuration file for RP-PPPOE(
   pptpd.conf                   Configuration file for pptpd(
   proftpd.conf                 Configuration file for proftpd(
   ntp.conf                     Configuration file for ntpd.
   rinetd.conf                  Configuration file for rinetd.
   ripd.conf                    Configuration file for ripd(
   rndc.conf                    Configuration file for named control utility, rndc(8).                  Configuration file for sendmail(
   smb.conf                     Configuration file for Samba(
   snort.conf                   Configuration file for snort(
   squid.conf                   Configuration file for squid(
   ss5.conf                     Configuration file for Socks Server 5(
   stunnel.conf                 Configuration file for stunnel(
   stunnel.pem                  Certificate chain PEM file for stunnel.
   syslog.conf                  syslogd(8) configuration file.
   syslog-ng.conf               Configuration file for syslog-ng(
   vsftpd.conf                  Configuration file for vsftp daemon(
   wlan.conf                    Configuration for prism based wireless cards(
   gated.conf                   Configuration for GateD.
   ulogd.conf                   Configuration file for ulogd.
   zebra.conf                   Configuration file for zebra(

OpenSSH configuration files:

   ssh_config                   Configuration file for ssh(1).
   sshd_config                  Configuration file for sshd(8).
   shosts.equiv                 Like hosts.equiv(5) but for ssh.
   ssh_host_key                 Private rsa1 host key file.             Private rsa1 host key file.
   ssh_host_dsa_key             Private rsa1 host key file.         Private rsa1 host key file.
   ssh_host_rsa_key             Private rsa1 host key file.         Private rsa1 host key file.
   ssh_known_hosts              Public host keys of known ssh servers.
   ssh_known_hosts2             Public host keys of known ssh servers.

Configuration directives for Webmin(

   start_webmin                 enable|disable Webmin.  Default is "disable".
   webmin_config                Main Webmin configuration file(/etc/webmin/config).
   miniserv.conf                Config file for Webmin http(s) daemon.
   miniserv.pem                 SSL cert for Webmin http(s) daemon.
                                An SSL cert will be created by rc.webmin if
                                one is not specified.
   miniserv.users               Password file used for Webmin.
                                Default user:pass is sentry:SENTRY.
                                NOTE: If this file is not replaced webmin
                                will NOT start.

Misc. configuration directives.

   cron:<user>                       Replace <user>'s crontab with specified file.
   add_swap                     Initialize a swap partition at configuration time.
   root_size                    Change the size of root(/) at configuration time.

3.2 SENTRYCD-DEB(-DEVEL) Branch Directives

The following is a list of file directives currently supported in the SENTRYCD-DEB and SENTRYCD-DEB-DEVEL branches(debian-based).


Next Previous Contents