Sentry Firewall CD v1.x (www.SentryFirewall.com) Obsid@Sentry.net http://www.SentryFirewall.com/files/CHANGES 01.13.05 Sentry Firewall CD version 1.5.0-rc16 Released. 01.13.05 Fixed but in do_include() that caused infinite loop when using relative path[#] statements and the `include' directive. 01.13.05 Updated Webmin(http://www.webmin.com/) to 1.170. 01.12.05 Recompiled iproute2 with HTB support(http://luxik.cdi.cz/~devik/qos/htb/). Credits: Santiago Bosio 01.12.05 Recompiled iptables v1.2.11 with IMQ patch(www.linuximq.net). 01.12.05 Updated GENERIC Linux kernel. - Kernel version 2.4.28. - OpenWall(http://www.openwall.com/) security patch(-ow1). - StrongSwan(http://www.strongswan.org/) version 2.30 -- FreeS/WAN replacement. - Updated ebtables(http://ebtables.sourceforge.net/) brnf-8-2(bridge+netfilter) patch. - Added IMQ patch(http://www.linuximq.net/). - MPPE patch v1.2(http://www.polbox.com/h/hs001/). - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre25. 01.12.05 Added "PATH" statement in `/usr/bin/run-parts'. Cron was not able to find the `basename' command and generated errors which were sent to root@localhost. Credits: Engelbert Gruber 01.05.05 Upgraded syslinux(http://syslinux.zytor.com/) to version 3.02. 01.04.05 Upgraded pppd to version 2.4.3+mppe-mppc-1.1, with IPV6 support. - http://www.polbox.com/h/hs001/ppp-2.4.3-mppe-mppc-1.1.patch.gz 01.04.05 Updated zlib(http://www.gzip.org/zlib/) to version 1.2.2. 01.04.05 Updated dnsmasq(http://www.thekelleys.org.uk/dnsmasq/) to version 2.19. 01.04.05 Upgraded pptpd(http://www.poptop.org/) to version 1.2.1. Also enabled the bcrelay option. Credits: Guido Andreini 11.01.04 Fixed bug in mkrootdsk.sh that caused script to fail to add some binaries to the root image if the date format from the output of the "ls -la" command on the system was not POSIX compliant. This hasn't effected the official distribution. Credits: Guido Andreini 09.25.04 Added /var/spool/pop directory to rootdisk, needed for popa3d. Credits: Engelbert Gruber ------------------------------------------------------------------------------------ 09.21.04 Sentry Firewall CD version 1.5.0-rc15 Released. 09.21.04 Updated GENERIC Linux kernel. - Kernel version 2.4.27. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.05 + x509 patch. - Updated ebtables(http://ebtables.sourceforge.net/) brnf-7(bridge+netfilter) patch. - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre21. - REMOVED MPPE patch(http://www.polbox.com/h/hs001/). 09.21.04 Fixed bug in do_config.pl where $m_point was being unmounted too early. Credits: Engelbert Gruber 09.21.04 Added `nameif' utility to rootdisk. ------------------------------------------------------------------------------------ 09.20.04 Sentry Firewall CD version 1.5.0-rc14 Released. 09.20.04 Updated dnsmasq(http://www.thekelleys.org.uk/dnsmasq/) to version 2.15. 09.15.04 Added kmod() to get_config.pl. Disables/Enables kernel module autoloading while probing devices to find a valid sentry.conf file. 09.15.04 Code cleanup in get_config() to avoid annoying modprobe errors when testing for the presence of a USB storage device. 09.14.04 Added rc.squid init script to ISO. Added "START_SQUID" variable to rc.inet2.conf. 09.14.04 Added "SYSLOGD_OPTS" and "KLOGD_OPTS" variables to rc.inet2.conf to set options passed to syslogd and klogd. These variables are used in rc.syslog. 09.14.04 Added "START_SYSLOGNG" variable to rc.inet2.conf to start syslog-ng instead of syslogd. Also added "SYSLOGNG_OPTS" variable to set options to be passed to syslog-ng. 09.14.04 Added rc.syslog-ng init script to ISO. 09.14.04 Commented out entries for `fwanalog.sh', `adcfw-log', `fwreport' in "/etc/cron.daily/firewall". Users will need to uncomment and replace this script via their sentry.conf file if they want these utilities to run. Also commented out entry in "/etc/cron.hourly/snortsnarf". 09.14.04 Changed `mount' command in get_config() for mounting /dev/sda1(USB Drive) to use the option `-tvfat,ext2,umsdos,msdos'. Users reported that auto determination of file system often mounted /dev/sda1 as umsdos instead of vfat, resulting in unrecognized 8.3 format file names. 09.14.04 Increased number of inodes on floppy disk image(ext2-144.img) from 256 to 384. 09.11.04 Updated syslog-ng(http://www.balabit.com/downloads/syslog-ng/) to version 1.6.5. Credits: Guido Andreini 09.11.04 Updated dnsmasq(http://www.thekelleys.org.uk/dnsmasq/) to version 2.14. Credits: Guido Andreini 09.11.04 Updated squid(http://www.squid-cache.org/) to 2.5.STABLE6. Credits: Guido Andreini 09.11.04 Updated sendmail(http://www.sendmail.org/) to version 8.13.1. Credits: Guido Andreini 09.11.04 Updates to rc.inet2{.conf}: - Entries to start sendmail and squid. - Fix mysqld entry to call "rc.mysqld start". - Added delay after calling rc.mysqld to allow the mysql daemon to start. Credits: Guido Andreini 09.11.04 Updated /etc/apache/php.ini with correct values. Credits: Guido Andreini 09.11.04 Updated GENERIC Linux kernel. - Kernel version 2.4.27. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.05 + x509 patch. - Updated ebtables(http://ebtables.sourceforge.net/) brnf-7(bridge+netfilter) patch. - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre21. - MPPE patch(http://www.polbox.com/h/hs001/). 09.11.04 Recompiled kernel with current MPPE patch. Recompiled PPPD and PPTP client. Credits: Guido Andreini 09.10.04 Added information in HOWTO for setting the timezone within the sentry.conf file. Credits: Engelbert Gruber 09.07.04 Added test in rc.dnsmasq to check if /var/lib/misc exists. Credits: Engelbert Gruber 08.30.04 Documentation and Howto updates: - Added information about the `mkdir' directive. - Added documentation about new functions; vrfy_file(), locate_file(), retr_file_net(), vrfy_path(), and pcopy(). 08.30.04 Updated iptables(http://www.netfilter.org/) utility to version 1.2.11. 08.30.04 Added create_dir() function. Added 'mkdir' directive to sentry.conf. 08.30.04 Moved do_log(), vrfy_file(), locate_file(), retr_file_net(), vrfy_path(), and pcopy() to new file called file_functions.pl. 08.29.04 More code cleanup in do_config.pl. Removed excessive usage of $_(old habits...). 08.29.04 Code cleanup in merge_passwd(). 08.29.04 Rewrote fix_fstab(), renamed function to merge_fstab(). 08.29.04 Added pcopy() and vrfy_path() functions. Credits: Engelbert Gruber 08.28.04 Fixed busybox issue where "tail" would crash when tailing more than one file. Credits: Engelbert Gruber 08.28.04 Added issue, issue.net, and motd directives to sentry.conf. 08.27.04 Added '-oNumberOfPasswordPrompts=1' to scp/sftp options for network configuration support. Prevents a useless password prompt from appearing if a wrong password is passed from sentry.conf. 08.27.04 mkrootdsk.sh: Fixed ppp and ipsec.d directory structures when building ramdisk. Credits: Philippe Marzouk 08.27.04 Tweeked rc.S to sync before unmounting /initrd, hopefully fixing an intermittent "umount: /initrd: device is busy" error. Credits: Philippe Marzouk 08.27.04 Fixed bug in rc.S where it was trying to clear /var/log/setup/tmp(which does not exist). Credits: Engelbert Gruber 08.27.04 Changed isolinux boot timeout to 5 seconds. ------------------------------------------------------------------------------------ 08.25.04 Version 1.5.0-rc13 Released. 08.25.04 Added portknocking(http://www.portknocking.org/) scripts(knockclient/knockdaemon). Added knockclient.conf and knockdaemon.conf directives to sentry.conf. 08.17.04 Added "path1..path10" statements to sentry.conf. This allows users to set multiple local or remote paths which can be used to locate files declared in sentry.conf. See the default sentry.conf file or the HOWTO for more details. 08.17.04 Massive code cleanup, mainly in do_config.pl. 08.16.04 Updated GENERIC Linux kernel. - Kernel version 2.4.27. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.05 + x509 patch. - Updated ebtables(http://ebtables.sourceforge.net/) brnf-6(bridge+netfilter) patch. - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre21. - MPPE patch(http://www.polbox.com/h/hs001/). 08.16.04 Upgraded Snort(http://www.snort.org/) to version 2.2.0. Snort rules updated with snortrules-snapshot-2_2. 08.08.04 Upgraded shorewall firewall(http://www.shorewall.net/) to version 2.0.6. 06.18.04 Added bluetooth utilities(http://www.bluez.org). 05.24.04 Added START_MYSQLD and START_SAMBA variables to rc.inet2.conf. 05.11.04 Added ss5.passwd, chap-secrets, options, options.l2tpd, and options.pptpd directives to sentry.conf. Credits: Guido Andreini 05.11.04 Corrected "exension_dir" directive in php.ini(should be /usr/lib/php/extensions). Credits: Guido Andreini 05.11.04 Made rc.mysqld and rc.samba executable. Credits: Guido Andreini 05.11.04 Significant code cleanup to do_config.pl. Merged @ssh_vars and %spec_dirs into %etc_vars. 05.11.04 Removed "$IF" variable from rc.dhcpd, moved it to rc.inet2.conf. Credits: Bastian Friedrich ------------------------------------------------------------------------------------ 04.28.04 Version 1.5.0-rc12 Released. 04.28.04 Updated GENERIC Linux kernel. - Kernel version 2.4.26. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.05 + x509 patch. - Updated ebtables(http://ebtables.sourceforge.net/) brnf-6(bridge+netfilter) patch. - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre20. - MPPE patch(http://www.polbox.com/h/hs001/). 04.28.04 Added vsftpd(http://vsftpd.beasts.org/) version 1.2.2 to ISO. Added entry in inetd.conf for vsftpd, however proftpd is still the default ftp daemon(for now). Added 'vsftpd.conf' directive to sentry.conf. Credits: Chris Taylor 04.28.04 Added SUSE Proxy-Suite(ftp-proxy) version 1.9.2.2 to ISO. Added 'ftp-proxy.conf' directive to sentry.conf. Credits: Chris Taylor 04.28.04 Added "START_INETD" variable to rc.inet2.conf to start the INET daemon at boot time. Credits: Bastian Friedrich 04.28.04 Added entry in rc.inet2 to start the DHCP daemon. Added "START_DHCPD" variable in rc.inet2.conf. Credits: Bastian Friedrich 04.28.04 Added rc.inet2.conf file to ISO. This file holds variables used by rc.inet2 to start daemons and services at boot time. Also added 'rc.inet2.conf' directive to sentry.conf. Credits: Bastian Friedrich 04.19.04 Upgraded Snort(http://www.snort.org/) to version 2.1.2. Snort rules updated with snortrules-snapshot-2_1. 04.19.04 Added cups(http://www.cups.org/) to the ISO. 04.19.04 Upgraded dnsmasq(http://thekelleys.org.uk/dnsmasq/) to version 2.6. 03.29.04 Bugfix to do_config.pl(521-523); changed "$prefs{$_}" to "$_" when matching ssh_host_*key files. This caused problems when pulling these files from a FAT formatted configuration floppy. Credits: Gundlach, Stefan 03.28.04 Updated PHP package to fix library incompatibility with PHP extensions mysql.so and gettext.so. Credits: Guido Andreini 03.28.04 Updated ulogd(http://gnumonks.org/projects/ulogd) to fix library incompatibility with ulogd extension "ulogd_MYSQL.so". Credits: Guido Andreini 03.28.04 Fixed configuration directory patch in rc.l2tpd. Credits: Guido Andreini 03.28.04 Added close.patch and pty.patch to l2tpd(http://www.l2tpd.org/). ------------------------------------------------------------------------------------ 03.17.04 Version 1.5.0-rc11 Released. 03.16.04 Updated GNU libc to version 2.3.2. 03.15.04 Updated mysql(http://www.mysql.com/) to version 4.0.15a. Re-added mysql daemon to ISO. 03.15.04 Fixed Mysql and SSHD user/group designations in passwd/group files. Credits: Guido Andreini 03.10.04 Released: mkconfig version 0.3-BETA. Multiple changes to /sbin/mkconfig script, which was designed to assist users in creating a configuration floppy on a running Sentry Firewall system. This script should actually be usable now, but is still considered beta. 03.10.04 Updated dnsmasq(http://www.thekelleys.org.uk/dnsmasq/) to version 2.3. 03.08.04 Updated GENERIC Linux kernel. - Kernel version 2.4.25. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.05 + x509 patch. - Updated ebtables(http://ebtables.sourceforge.net/) brnf-5(bridge+netfilter) patch. - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre20. - MPPE patch(http://www.polbox.com/h/hs001/). 03.08.04 Added PPTP Client(http://pptpclient.sourceforge.net/) version 1.4.0 to ISO. 03.08.04 Upgraded pppd to version 2.4.2+mppe-mppc-0.82, with IPV6 support. This adds MPPE and MS-CHAP support for pptp clients. - ftp://ftp.samba.org/pub/ppp/ppp-2.4.2.tar.gz - http://www.polbox.com/h/hs001/ppp-2.4.2-mppe-mppc-0.82.patch.gz 03.07.04 Documentation and Howto updates: - Added information regarding tmpfs and the new boot sequence for the Sentry Firewall CD. - Added information about the new 'add_swap' and 'root_size' directives. - Added note in section 9 of the howto regarding the 8.3 naming limitation on naming kernels and syslinux config files. 03.07.04 Added Socks Server 5(http://digilander.libero.it/matteo.ricchetti/) to ISO. Credits: Guido Andreini 03.07.04 Added l2tpd(http://www.l2tpd.org/) daemon to ISO. Added l2tpd.conf directive to sentry.conf. Credits: Guido Andreini 03.07.04 Added lpd.conf directive to sentry.conf. Added lpd.perms file to ISO. Credits: Guido Andreini 03.06.04 Added rc.bgpd, rc.ripd, rc.ospfd, and rc.zebra to ISO. Added 'bgpd.conf', 'ripd.conf', and 'ospfd.conf' directives to sentry.conf Credits: Guido Andreini 03.06.04 Added 'sendmail.cf' directive to sentry.conf. Credits: Guido Andreini 03.03.04 Added vconfig(http://www.candelatech.com/~greear/vlan.html) version 1.8 to ISO. 03.03.04 Upgraded nmap(http://www.insecure.org/nmap/) to version 3.5.0. 03.03.04 Upgraded Snort(http://www.snort.org/) to version 2.1.1. Snort rules updated with snortrules-snapshot-2_1. 03.03.04 Upgraded shorewall firewall(http://shorewall.sf.net/) to version 1.4.10c. 03.03.04 Multiple changes to rc.inet1{.conf}. - Added ETHx_ALIAS_NETMASK[x] variable to support different netmasks for each secondary(alias) IP address on the interface. Credits: Shannon Mann - Added "FORCE_RESTART[x]" variable to force rc.inet1 to take the interface down before bringing it back up again in eth_ip(). Credits: Shannon Mann - Significant code cleanup in rc.inet1. 03.01.04 Added add_swap configuration directive to allow users to add a swap partition via the sentry.conf file. 03.01.04 Added "root_size" configuration directive to allow users to change the size of the root partition via the sentry.conf file. 03.01.04 Major changes to mkrootdsk.sh. Script now creates a 7MB initrd(~5MB compressed) that contains the following: - linuxrc ## Script that configures everything. - bin ## Just busybox in here, basically. - dev ## /dev/console, /dev/null(that's about it). - root ## This will be the new root(/) - root.tar.gz ## This contains all the files for the new root(/). 03.01.04 Changed boot sequence to mount root(/) on a tmpfs file system. Using tmpfs as the root filesystem provides two major advantages: - tmpfs file systems can be swapped out. - the size of the tmpfs(root) partition can be changed at will. This development changes the boot sequence to the following: - Isolinux boots kernel - Kernel decompresses, boots, mounts initrd as root(/) on /dev/ram0. - /linurc is run which - - Mounts a tmpfs file system on /root - Places the files for the new root in /root. - Moves old root to /root/initrd and makes /root the new root. - init is run, rc.S unmounts/deletes /initrd and flushes /dev/ram0. ------------------------------------------------------------------------------------ 02.24.04 Version 1.5.0-rc10 Released. 02.23.04 Updated GENERIC Linux kernel. - Kernel version 2.4.25. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.05 + x509 patch. - Updated ebtables(http://ebtables.sourceforge.net/) brnf-5(bridge+netfilter) patch. - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre20. 02.22.04 Added NRPE(http://www.nagios.org/) to ISO. Added plugins directory to /opt/nagios/{plugins,libexec}. 02.21.04 Added userspace tools for ECI HiFocus ADSL USB and Globespan-based modems to ISO image. 02.21.04 Added USB modem Analog chipset Eagle 8051(adiusbadsl.o) driver and utils to ISO image. ------------------------------------------------------------------------------------ 02.11.04 Version 1.5.0-rc9 Released. 02.09.04 Added openvpn(http://openvpn.sourceforge.net/) to ISO. 02.01.04 Numerous changes to /sbin/mkconfig(creates/updates sentry.conf). This software is still considered alpha. 02.01.04 Added USB thumbdrive support. The configuration scripts will now attempt to locate the sentry.conf file on the following devices, in the following order: - /dev/fd0, if present is mounted on /floppy. - /dev/sda1, if present is mounted on /floppy. - /dev/hda1, if present is mounted on /mnt. 01.26.04 Added kernel patches listed below to /SENTRY/configs/PATCHES/. 01.26.04 Updated GENERIC Linux kernel. - Kernel version 2.4.24. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.04 + x509 patch. - Updated ebtables(http://ebtables.sourceforge.net/) brnf-4(bridge+netfilter) patch. - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre16. 01.26.04 Upgraded BIND8(http://www.isc.org/) to version 8.4.4. 01.07.04 Upgraded net-snmp(http://www.net-snmp.org/) to version 5.1. 01.07.04 Added radvd(http://www.litech.org/radvd/) to ISO. 01.07.04 Recompiled pppd with IPv6 support. 01.07.04 Upgraded zebra(http://www.zebra.org/) to version 0.94. 01.07.04 Upgraded Snort(http://www.snort.org/) to version 2.1.0. Snort rules updated with snortrules-stable. 12.16.03 Updated GENERIC Linux kernel. - Kernel version 2.4.23. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.04 + x509 patch. - Updated ebtables(http://ebtables.sourceforge.net/) brnf-3(bridge+netfilter) patch. - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre16. 12.16.03 Updated BusyBox(http://www.busybox.net/) to version v1.00-pre4. 12.16.03 Upgraded lftp to version 2.6.10. 12.11.03 Fixed bug in rc.snort when running snort on multiple interfaces. Thanks to Thomas Nilsen for pointing this out. ------------------------------------------------------------------------------------ 12.04.03 Version 1.5.0-rc8 Released. 12.04.03 Updated GENERIC Linux kernel. - Kernel version 2.4.23. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.04 + x509 patch. - ebtables(http://ebtables.sourceforge.net/) brnf-3(bridge+netfilter) patch. - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre15. 12.04.03 Fixed module dependency loading problem in load_mods()(in networking.pl) that caused module loading to fail if the module was already loaded. Thanks to Dag Nygren for pointing this out. ------------------------------------------------------------------------------------ 11.26.03 Version 1.5.0-rc7 Released. 11.25.03 Updated ebtables(http://ebtables.sourceforge.net/) to version 2.0.6. 11.25.03 Updated iptables(http://www.netfilter.org/) utility to version 1.2.9. 11.25.03 Recompiled GENERIC Linux kernel: - Kernel version 2.4.22. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.04 + x509 patch. - ebtables(http://ebtables.sourceforge.net/) brnf-3(bridge+netfilter) patch. - Modules-off patch(echo "off" > /proc/modules). - Linux-wlan(http://www.linux-wlan.org/) version 0.2.1-pre15. 11.25.03 Updated the Sentry Firewall CD HOWTO and Reference Guide. Removed Snort and BIND configuration information from the Reference Guide, as that information is already in the HOWTO. Added information in Reference Guide about using the old and new rc.inet1{.conf}. 11.25.03 Migrated to a modified version of the the 'rc.inet1' and 'rc.inet1.conf' scripts used by Slackware 9.1. Users may still use the old rc.inet1 file(renamed to rc.inet1.old) or any other scheme they wish to use by using the 'rc.inet1' directive in their sentry.conf file. Otherwise, take a look at the 'rc.inet1.conf' file to configure your ethernet interfaces. An 'rc.inet1.conf' directive was also added to do_config.pl and sentry.conf. 11.24.03 Added 'dhcpd.conf' and 'rinetd.conf' directives to sentry.conf. Added rc.rinetd to ISO. 11.24.03 Upgraded Net-SNMP(http://www.net-snmp.org/) to version 5.1.0. 11.24.03 Updated Apache to version 1.3.29. Upgraded mod_ssl to version 2.8.16_1.3.29. Upgraded php to version 4.3.3. 11.24.03 Upgraded Snort(http://www.snort.org/) to version 2.0.5. Updated PostgreSQL libs to version 7.4. Snort rules updated with snortrules-stable. 11.24.03 Upgraded syslinux(http://syslinux.zytor.com/) to version 2.07. ------------------------------------------------------------------------------------ 11.09.03 Version 1.5.0-rc6 Released. 11.09.03 Removed DOCUMENTATION file from ISO. Created new technical documentation and reference guide available on the website. 11.09.03 Updated HOWTO, lots of new information added. 11.06.03 Upgraded Snort(http://www.snort.org/) to version 2.0.4. Snort rules updated with snortrules-stable. 11.06.03 Upgraded Shorewall firewall to version 1.4.7c. 11.05.03 Upgraded Webmin to 1.120. 10.30.03 Fixed problem copying snort.conf, rndc.conf, and named.conf to their proper locations in /var/chroot. 10.30.03 Added dnsmasq version 1.17 to ISO. Added dnsmasq.conf directive to sentry.conf. Added rc.dnsmasq to rootdisk. Thanks to Engelbert Gruber for this. 10.30.03 Recompiled/fixed newsyslog. 10.30.03 Added /etc/rc.d/init.d directory to rootdisk. 10.30.03 Added /etc/sysconfig directory to rootdisk. 10.08.03 Removed old squid 2.4STABLE6 binary. Upgraded squid to 2.5STABLE4. 10.08.03 Added ulogd and rc.ulogd to ISO. Added ulogd.conf directive to sentry.conf. 10.03.03 Added h_hdlc and usbdevfs to GENERIC kernel. ------------------------------------------------------------------------------------ 09.30.03 Version 1.5.0-rc5 Released. 09.30.03 Upgraded OpenSSL(http://www.openssl.org/) to version 0.9.7c. 09.24.03 Upgraded proftpd(http://www.proftpd.net/) to version 1.2.8p. 09.24.03 Upgraded OpenSSH(http://www.OpenSSH.org/) to version 3.7.1p2. ... must be a glitch in the matrix... 09.18.03 Upgraded snort(http://www.snort.org/) to version 2.02. Snort now compiled with Mysql/PostgreSQL/unixODBC support. Snort rules updated with snortrules-stable. 09.18.03 Upgraded Sendmail(http://www.sendmail.org/) to version 8.12.10. 09.18.03 Upgraded OpenSSH(http://www.OpenSSH.org/) to version 3.7.1p1. 09.17.03 Upgraded BIND 8 to version 8.4.1-REL. 09.16.03 Recompiled GENERIC Linux kernel: - Kernel version 2.4.22. - OpenWall(http://www.openwall.com/) security patch(-ow1). - FreeS/WAN(http://www.freeswan.org/) version 2.02 + x509 patch. - ebtables(http://ebtables.sourceforge.net/) bridge+netfilter patch. - Modules-off patch(echo "off" > /proc/modules). 09.16.03 Added ebtables(http://ebtables.sourceforge.net/) v2.0.5 to iso. 09.16.03 Added rinetd(http://www.boutell.com/rinetd/) to ISO. 09.16.03 Upgraded OpenSSH(http://www.OpenSSH.org/) to version 3.7p1. 09.15.03 rc.cdrom removed from rootdisk and ISO. 09.15.03 Added functions mount_cdrom() and fix_modules() to do_config.pl. - mount_cdrom() locates and mounts the Sentry Firewall CD. Previously done either with the 'cdrom' directive or in rc.cdrom. - fix_modules() copies or symlinks modules from /lib/modules// to /cdrom/lib/modules//. Previously done in rc.modules. 09.15.03 Various bugfixes to process_conf.pl and networking.pl, better logging and some code cleanup. 09.11.03 Upgraded Pine to version 4.58. ------------------------------------------------------------------------------------ 09.09.03 Version 1.5.0-rc4 Released. 09.09.03 Added module dependencies to %depend in networking.pl. Network configuration support should now work with most 10/100baseT NICs. 09.08.03 Upgraded stunnel to version 4.04. Added stunnel.pem directive to sentry.conf. 09.04.03 Edited rc.named and rc.inet2 to add support for chroot Bind 9. Removed non-chroot startup options. 09.04.03 Changed rc.named to start Bind9 in a chroot environment(/var/chroot/named/). 08.28.03 Changed rc.snort to start snort in a chroot environment(/var/chroot/snort/). 08.28.03 Recompiled snort(http://www.snort.org/) as a static executable. 08.28.03 Moved named8 to /var/chroot/named/(was /var/chroot). Bind ver.8 will be deprecated soon. 08.28.03 Moved most cron entries to /etc/cron.{daily,hourly,monthly,weekly}. 08.28.03 Added logcheck(http://sourceforge.net/projects/sentrytools/) to the ISO. 08.28.03 Added portsentry(http://sourceforge.net/projects/sentrytools/) to the ISO. 08.28.03 Upgraded zip/unzip, security fix. 08.26.03 Upgraded GENERIC kernel to version 2.4.22(-ow1). 08.26.03 Upgraded IPSec to version 2.01, added x509 patch. 08.26.03 Added OpenWall(http://www.OpenWall.com/) patch to GENERIC kernel. 08.26.03 Removed CONFIG_X86_UP_APIC from GENERIC kernel. Compatibility fix. 08.26.03 Removed 2.2.x kernel from CD. 08.26.03 Fixed symlinks in /var/www/htdocs/firewall. ------------------------------------------------------------------------------------ 08.18.03 Version 1.5.0-rc3 Released. 08.18.03 Added linux-2.4.20-modulesoff.patch to kernel source. Recompiled GENERIC kernel. 08.10.03 Updated HOWTO(http://www.sentryfirewall.com/files/HOWTO/). 08.07.03 Upgraded snort(http://www.snort.org/) to version 2.0.1. Updated snort rules as well. 08.07.03 Upgraded busybox(http://www.busybox.net/) to version 1.00-pre2. 08.05.03 Added rc.firewall.save directive to sentry.conf - used when restoring firewall with iptables-restore. 08.04.03 Added Shorewall(http://shorewall.sourceforge.net/) firewall to CD. Added shorewall.conf directive to sentry.conf. 08.04.03 Added start_webmin, webmin_config, miniserv.conf, miniserv.pem, and miniserv.users directives to sentry.conf. Webmin is disabled by default. 08.04.03 Added Webmin to ISO. 08.04.03 Added Time perl modules to ISO. 08.04.03 Updated nfs-utils to version 1.0.4. 08.04.03 Updated OpenSSH to version 3.6.1p2. 07.20.03 Added newsyslog 1.1 to cdrom. 07.08.03 Fixed rc.httpd call from rc.M, httpd should start properly now. 07.08.03 Added /var/spool/clientmqueue to rootdisk, needed for sendmail. 07.08.03 Added rc.ntpd to rootdisk. Added rc.ntpd, rc.sendmail, and rc.keymap directives to sentry.conf. 07.08.03 Upgraded squid to version 2.5STABLE3. ------------------------------------------------------------------------------------ 06.29.03 Version 1.5.0-rc2 Released. 06.29.03 Lots of changes to networking.pl to untar and load driver dependencies, used with network configuration support. 06.27.03 Added librt-2.3.1.so and libpthread-0.10.so to rootdisk. Needed now for ls, tar, etc... 06.25.03 mkrootdsk.sh: Increased root disk size to 18MB. Decreased number of inodes created. 06.24.03 Recompiled GENERIC kernel to remove CONFIG_X86_UP_IOAPIC, this option doesn't work well with some systems. Thanks to Quido Andreini for pointing this out. ------------------------------------------------------------------------------------ 06.19.03 Version 1.5.0-rc1 Released. 06.17.03 Updated floppy image(/SENTRY/images/ext2-144.img). 06.17.03 Added wlan.conf and rc.6 directives to sentry.conf. 06.17.03 Added linux-wlan(http://www.linux-wlan.com) modules to rootdisk. 06.17.03 Updated GENERIC kernel to version 2.4.21. 06.05.03 Added "ethtool" to the CD, very handy tool. Thanks to Jörg Petersen for pointing this out. 06.04.03 Added "adcfw-log" and "fwreport" to CD, added cron entry to run these scripts once a day on /var/log/firewall. 06.01.03 Added a number of new firewall scripts to /SENTRY/scripts/firewall on the CDROM. ** Please try these out and let me know what people think. Also, please send new script suggestions to Obsid@Sentry.net. 05.30.03 Updated iptables(http://www.netfilter.org/) to version 1.2.8. 05.28.03 Added several new firewall scripts to the SENTRY/scripts/firewall directory on the CD. 05.28.03 Removed TEST kernel from the CD. 05.28.03 Updated GENERIC kernel to version 2.4.21-rc2. Merged FreeS/WAN into GENERIC kernel. Added X.509 patch to FreeS/WAN. Still Testing. 05.19.03 Updated 2.2.x kernel to 2.2.25-ow1, 2.2.25 Linux kernel with OpenWall(http://www.openwall.com/) patch. 05.19.03 **IMPORTANT: All 10/100 network cards now built as modules. Some users will have to modify their scripts to load the proper drivers. 04.25.03 Sentry Firewall version 1.5.0-beta1 released. 04.22.03 Upgraded to OpenSSH(http://www.openssh.com/) to version 3.6.1p1. 04.22.03 Upgraded OpenSSL(http://www.openssl.org/) to version 0.9.7b. 04.22.03 Upgraded procps package to version 3.1.8. 04.22.03 Upgraded Sendmail(http://www.sendmail.org/) to version 8.12.9. 04.22.03 Upgraded Samba(http://www.samba.org/) to version 2.2.8a. 04.22.03 Updated many other binaries on the ISO, including the following: - pptpd-1.1.4-b3 - stunnel-4.04 - syslinux-2.04.tar.bz2 - syslog-ng-1.6.0rc2.tar.gz - net-snmp-5.0.8.tar.gz - squid-2.5.STABLE2.tar.bz2 04.22.03 Updated snort(http://www.snort.org/) signatures. 04.22.03 Updated snort(http://www.snort.org/) to version 2.0.0. 04.21.03 Upgraded bind8 to version 8.3.4. 04.21.03 Rebuilt Sentry Firewall CD with Slackware 9.0. ------------------------------------------------------------------------------------ 12.01.02 Version 1.4.0-rc1 Released. 11.30.02 Updated 2.2.x kernel to 2.2.22-ow2, 2.2.22 Linux kernel with OpenWall(http://www.openwall.com/) patch. 11.30.02 Fixed critical "ALARM" Error in do_command(). 11.23.02 Added /etc/codepages/ symlinks to rootdisk, Samba should now run properly. 11.23.02 Updated Samba to version 2.2.7. 11.17.02 Updated floppy image(/SENTRY/images/ext2-144.img). 11.17.02 Updated syslinux(http://syslinux.zytor.com/) to version 2.00. 11.17.02 Chrooted bind(/var/chroot/usr/sbin/named) upgraded to 8.3.3. 11.17.02 Added 'inittab' declaration. If /etc/inittab is replaced telinit will be run to reread the inittab file. ------------------------------------------------------------------------------------ 10.22.02 Version 1.4.0-BETA2 Released. 10.22.02 Updated floppy image(/SENTRY/images/ext2-144.img). 10.22.02 Updated the Sentry Firewall CD HOWTO. See http://www.SentryFirewall.com/ for the most current version. 10.16.02 TODO List(http://Sentry.SourceForge.net/files/sentrycd-DEVEL/docs/TODO) Updated. For those of you interested in contributing, this would be a good place to start. 10.16.02 Updated 2.2.x kernel to 2.2.22-ow1, 2.2.22 Linux kernel with OpenWall(http://www.openwall.com/) patch. 10.16.02 Updated TEST kernel to 2.4.19-TEST. Test kernel adds bridge+firewall and IPSEC support. 10.15.02 Updated GENERIC kernel to 2.4.19. 10.15.02 Added stunnel(http://stunnel.mirt.net/) to CDROM. Added stunnel.conf configuration directive. 10.01.02 Updated iptables(http://www.netfilter.org/) to version 1.2.7a. 10.01.02 Updated syslog-ng(http://www.balabit.hu/en/products/syslog-ng/) to version 1.4.16. 10.01.02 Updated zebra(http://www.zebra.org/) to version 0.93a. 10.01.02 Updated nmap(http://www.insecure.org/) to version 3.00. 10.01.02 Updated net-snmp(http://net-snmp.sourceforge.net/) to version 5.0.3. Added snmpd.conf configuration directive. 10.01.02 Updated OpenSSL(http://www.openssl.org/) to version 0.9.6e. 10.01.02 Updated snort(http://www.snort.org/) signatures. 10.01.02 Updated snort(http://www.snort.org/) to version 1.9.0. 10.01.02 Updated syslinux(http://syslinux.zytor.com/) to version 1.76. 10.01.02 Updated squid(http://www.squid-cache.org/) to 2.5.STABLE1. ------------------------------------------------------------------------------------ 07.15.02 Version 1.4.0-BETA1 Released. 07.10.02 Updated floppy image(/SENTRY/images/ext2-144.img). 07.10.02 Tweaked crontab directive parsing a bit to avoid dumb errors. 07.10.02 Added "rc.snort" directive to sentry.conf. 07.10.02 Wrote and added rc.snort to ramdisk. Snort is still run from rc.local, except now it just execs "/etc/rc.d/rc.snort start". 07.09.02 Revamped get_config.pl. Changed "&mount()" to "&do_command()", sets a timeout for a command. Now used by networking.pl to set a timeout(120 seconds) for file retrieval. 07.09.02 Updated snort(http://www.snort.org/) signatures. 07.09.02 Updated snort(http://www.snort.org/) to version 1.8.7. 07.09.02 Added "rc.ipsec" init script to ramdisk, added ipsec startup option in rc.local. 07.09.02 Added "ipsec.conf" and "ipsec.secrets" directives to the sentry.conf file. 07.09.02 Added FreeS/WAN patch to the 2.4.18-TEST kernel. Also added FreeS/WAN utilities to ISO. 07.09.02 Added bridge+firewalling patch(http://bridge.sourceforge.net/) to the 2.4.18-TEST kernel. 07.09.02 Introduced 2.4.18-TEST Kernel, used to test experimental features, etc. 07.09.02 Updated syslinux(http://syslinux.zytor.com/) to version 1.75. 07.03.02 Updated squid(http://www.squid-cache.org/) to 2.4.STABLE7. ------------------------------------------------------------------------------------ 06.27.02 Version 1.3.0-3 Released. 06.29.02 Updated BIND(http://www.isc.org/) to version 8.3.2-REL. 06.27.02 Updated floppy image(/SENTRY/images/ext2-144.img). 06.26.02 Upgraded to OpenSSH(http://www.openssh.com/) to version 3.4p1. 06.26.02 Updated snort signatures. ------------------------------------------------------------------------------------ 06.21.02 Version 1.3.0-2 Released. 06.20.02 Updated HOWTO to reflect addition of new development branch(sentrycd-RH). 06.20.02 Upgraded Apache(http://www.apache.org/) HTTP daemon, security fix. ------------------------------------------------------------------------------------ 06.11.02 Version 1.3.0 Released. 06.11.02 Updated floppy image(/SENTRY/images/ext2-144.img). 06.11.02 Added natsemi.o module to 2.2.21-ow1 kernel. You would need to insmod both pci-scan.o and natsemi.o to get these NICs to work. 06.04.02 Added(by popular demand) mc package to CDROM. 06.04.02 Added ntp package to CDROM, added ntp.conf directive. 06.03.02 Updated README file. 06.03.02 Updated HOWTO, added info on new features in upcoming 1.3.0 release. 06.03.02 Recompiled generic kernel(2.4.18), added support for several SCSI controllers. 06.03.02 Updated 2.2 kernel to 2.2.21-ow1; 2.2.21 Linux kernel with OpenWall patch. 06.03.02 Released new version of mkconfig(v0.2). This tool uses dialog(1) and is designed to assist in the creation of a configuration floppy for the Sentry Firewall CD. I'd still call this program beta, at best. 05.30.02 Added "passive-ftp" directive for file retrieval via ftp. 05.23.02 Added support for retrieving configuration files via https/sftp/scp. 05.23.02 Added proxy support for retrieving configuration files via http(s)/ftp. Added new directives; http_proxy, ftp_proxy, proxy-user, proxy-passwd. 05.21.02 Upgraded OpenSSH(http://www.openssh.com/) to version 3.2.3p1. 05.21.02 Upgraded wget(ftp://ftp.gnu.org/gnu/wget/) to version 1.8.1. 05.21.02 Updated Aris Extractor(http://aris.securityfocus.com/). 05.21.02 Sub do_config() isolated to a separate file for interoperation with other Linux distros. 05.21.02 Several updates to the perl configuration scripts, major updates to networking.pl. ------------------------------------------------------------------------------------ 04.22.02 Version 1.2.1 Released. 04.22.02 Several bugfixes in networking.pl and cd-config.pl. 04.22.02 Recompiled 2.2.20 kernel with ow3 patch(http://www.openwall.com/). 04.21.02 Updated floppy image(/SENTRY/images/ext2-144.img). 04.20.02 Updated BIND(http://www.isc.org/) to version 8.3.1-REL. 04.20.02 Updated Snort(http://www.Snort.org/) to version 1.8.6. 04.18.02 Added python interpreter to CDROM. 04.18.02 Added sleep(1) to the mount() function in get_config.pl. This may prevent some disk curruption from occuring on certain hardware. 04.18.02 Added $ADD_ARG variable to rc.inet1 to manually pass additional arguments to dhcpcd, ie. -I or -d. Thanks to Paul Barrette for the suggestion. 04.18.02 Bugfix to rc.inet1, hostname argument with DHCP now works properly. 04.02.02 Modified rc.inet2 to attempt to add /etc/hosts entry for running host if /etc/hosts is a symlink. 04.01.02 Updated Snort(http://www.Snort.org/) to version 1.8.4. 04.01.02 Updated ucd-snmp(http://www.net-snmp.org/) to version 4.2.3. 04.01.02 Updated Squid(http://www.squid-cache.org/) to version 2.4.STABLE6. 04.01.02 Modified rc.local to make it easier to modify and understand. Also "scanlogd" now starts by default. 04.01.02 Recompiled 2.4.18GENERIC kernel, all netfilter patches applied, added "console on serial port" support. 04.01.02 Recompiled 2.2.20-ow2 kernel, added "console on serial port" support. 04.01.02 Updated iptables(http://www.netfilter.org/) to version 1.2.6a. ------------------------------------------------------------------------------------ 03.27.02 Version 1.2.0 Released. 03.21.02 Finished version 1.0 of the Sentry Firewall HOWTO, available on the SentryFirewall.com website. 03.15.02 Cleaned up networking.pl a bit, fixed dhcpcd error while setting up a device during the configuration process. 03.12.02 Rebuilt floppy image /SENTRY/images/ext2-144.img, removed dos-144.img(useless). 03.12.02 Added 'httpd.conf', 'smb.conf', 'pppoe.conf', 'syslog-ng.conf', 'squid.conf', and 'openssl.cnf' directives. 03.12.02 Added %specdir hash to cd-config.pl allowing us to declare new configuration directives for any file, not just those kept in /etc. Should make adding directives for configuration files much easier. 03.12.02 Recompiled 2.4.18GENERIC and 2.2.20-ow2 kernels to avoid any possible libz problems(will it ever end...). 03.11.02 Updated zlib libraries to version 1.1.4. 03.10.02 Updated OpenSSH to version 3.1p1. 03.10.02 Updated OpenSSL to version 0.9.6c. 03.06.02 Updated 2.2 kernel to version 2.2.20-ow2. 03.06.02 Updated default kernel to version 2.4.18. 03.05.02 Updated iptables utility to version 1.2.5. 03.05.02 Modified the default syslog.conf file to log more crap. 03.05.02 Added 'newsyslog' utility to CDROM, added 'newsyslog.conf' configuration directive. 03.03.02 Added gated(http://www.gated.org/) utility to CDROM. Added gated.conf configuration directive. 03.03.02 Added zebra(http://www.zebra.org/) utility to CDROM. Added zebra.conf configuration directive(zebra.conf is kept in /etc/zebra/ directory). 03.03.02 Added bridge-utils(http://bridge.sourceforge.net/) to CDROM. 03.03.02 Added PopTop(http://poptop.lineo.com/), PPTP server/client, to CDROM. Added pptpd.conf configuration directive. 03.03.02 Recompiled Squid(http://www.squid-cache.org/), updated to version 2.4.STABLE4. 03.03.02 Updated 'at' package to version 3.1.8. 03.03.02 Updated 'glibc' package(glob security fix). 03.01.02 Added 'lsof' utility to CDROM. 03.01.02 Added 'rpcinfo' utility to CDROM. 03.01.02 Quieted I/O error a bit while trying to mount /dev/fd0 when there is no disk available. Thanks to Stefan Andersson. ------------------------------------------------------------------------------------ 01.17.02 Version 1.1.1 Released(bugfix release). 01.17.02 Rebuilt floppy images(/SENTRY/images/{ext2-144.img,dos-144.img}). 01.17.02 rc.local: made variable FIREWALL equal "1" again as it was in previous versions - warning message displayed if /etc/rc.d/rc.firewall does not exist. 01.17.02 Added symlink from /usr/local/sbin/iptables to /sbin/iptables 01.17.02 Recompiled Netfilter userspace tools(iptables), iptables now looks for the libipt_*.so libs in /usr/lib/iptables/ instead of /mnt/usr/lib/iptables/ :-/ ------------------------------------------------------------------------------------ 01.08.02 Version 1.1.0 Released. 01.08.02 Moved ssnarf.sh to /sbin. 01.08.02 Fixed problem when accessing man pages(gunzip symlink problem). 01.05.02 Rebuilt floppy images(/SENTRY/images/{ext2-144.img,dos-144.img}). 01.05.02 Added new /dev files from Slackware 8.0, fixed some perm problems. 01.05.02 Upgraded snort to 1.8.3, replaced old rules with current. 01.05.02 Fixed bug in rc.inet2 calling rc.named. 12.10.01 Upgraded to 2.2.19-ow4 kernel(previously using ow1 patch). 12.10.01 Removed generic.smp kernel. 12.10.01 Rebuilt kernel based on the 2.4.16 kernel. 12.01.01 Added rc.nfsd to startup scripts. 12.01.01 Rebuilt Sentry Firewall utilizing Slackware 8.0. ------------------------------------------------------------------------------------ 07.02.01 Fixed broken 'hostname' directive. Thanks to Hauser Marcel for pointing this out. ------------------------------------------------------------------------------------ 06.25.01 Version 1.0.7 Released. 06.25.01 Rebuilt floppy images(/SENTRY/images/{ext2-144.img,dos-144.img}). 06.25.01 Bugfix to retr_file(), files matching /^rc\./ pattern are now made executable if retrieved over the network. 06.25.01 Upgraded to e2fsprogs-1.22. 06.25.01 Bugfixes to networking(), now checks to see if device{1..10} has already been processed before attempting to set up an interface. 06.24.01 Rebuilt floppy images(/SENTRY/images/*). 06.21.01 Added cron directive to replace user's crontab file. ie, a line like "cron:root = /floppy/config/root" will replace root's crontab file with /floppy/config/root. 06.21.01 Added squid to iso. Edited /etc/squid.conf slightly to allow localhost connections and run squid as user/group "squid". 06.20.01 Added SnortSnarf to iso. Also added /usr/libexec/ssnarf shell script to help run the script from cron(or wherever). 06.20.01 Added ability to merge shadow/passwd/group files rather than just replace them. 06.20.01 Several bugfixes to networking.pl, network device modules should now load properly when declared in the config file. 06.19.01 Added 'hostname' directive, to replace /etc/HOSTNAME. 06.19.01 Added FAQ. 06.19.01 Fixed buggy rc.local script, thanks to Hauser Marcel for pointing this out. 06.17.01 Added new function do_log(). Boot time configuration scripts now write some logging information to /var/log/config_log to assist in debugging configuration problems. 06.17.01 Increased ramdisk size to ~16M. 06.15.01 Several bugfixes in mkrootdsk.sh, now works properly when building rootdisk on live system running the Sentry CD. 06.13.01 Fixed broken 'cdrom' directive in cd-config.pl. 06.13.01 Recompiled all(3) kernels. 06.13.01 Removed SCSI-SMP and IDE-SMP kernels - GENERIC kernels work just as well. 06.13.01 Added hot-swap and pcmcia support to default kernels. 06.13.01 tlan.o removed from GENERIC kernel and scripts, now built as module. 06.12.01 Wrote mkconfig(v0.1) to assist in creating config floppy and sentry.conf. Running "mkconfig save" will create configuration floppy based on the current configuration. 06.08.01 Several bugfixes to rc.inet1. 06.07.01 Added 2.2.x support to cd-config and mkrootdsk.sh scripts. 06.07.01 Added new kernel 2.2.19; generic 2.2.19 kernel with OpenWall patch. 06.06.01 Added XFS toolkit (acl-1.0.1, dmapi-0.1.1, xfsprogs-1.2.0, attr-1.0.1, xfsdump-1.0.5) -- waiting for a newer XFS kernel patch. 06.05.01 Upgraded to e2fsprogs-1.19 ------------------------------------------------------------------------------------ 06.03.01 Version 1.0.5 Released. 05.31.01 New /SENTRY/images/ext2-144.img floppy image. Added /SENTRY/images/dos-144.img floppy image. 05.29.01 Lots of bugfixes to networking.pl/process_conf.pl 05.29.01 Recompiled iptables-1.2.2 05.27.01 Added libnss_dns-2.2.3.so and libresolv-2.2.3.so to rootdisk. 05.27.01 Upgraded to glibc v2.2.3 05.27.01 Rewrote rc.inet1 in perl (hey, I was bored) 05.24.01 Bugfixes to networking() function in cd-config scripts. 05.24.01 More changes to cd-config scripts. inetd.conf is symlinked to /etc/default/inetd.conf.none and /etc/ssh/sshd_config is symlinked to /etc/default/ssh/sshd_config.local if /etc/shadow has not been replaced. To avoid insecurity via default passwords. 05.23.01 Added LVM v.0.9.1_beta7 toolkit(in GENERIC kernel as a module). - Recompiled 2.4.4{GENERIC/GENERIC-SMP/IDE-SMP/SCSI-SMP} kernels. 05.23.01 More tweaks to mkrootdsk.sh 05.23.01 BIND upgrade(8.2.4-REL) Dynamically linked binary - /usr/sbin/named Statically linked - /var/chroot/usr/sbin/named (chroot stuff) 05.23.01 Upgraded several packages(apache,dhcpcd,mod_php,modssl) 05.22.01 Wrote rc.named to start named normally or in chroot environment. 05.22.01 Added "include" directive to cd-config scripts. 05.22.01 Major additions to cd-config configuration scripts - Network device setup support - "device{1..10}" config directive added. - Added "nameserver" directive. 05.20.01 Several bugfixes to mkrootdsk.sh 05.20.01 Minor bugfixes to cd-config.pl ------------------------------------------------------------------------------------ 05.11.01 Made /SENTRY/scripts/MK-CD/mkrootdsk.sh much more verbose Easier to see what the script is doing, prompts to umount/gzip rootdisk for you. 05.11.01 Upgraded Samba package(v2.2.0). 05.11.01 Upgraded OpenSSH package(v2.9p1). 05.11.01 Cleaned up /SENTRY/doc/DOCUMENTATION file, release v0.3. ------------------------------------------------------------------------------------ 05.01.01 Initial 1.0.2 release. ## _EOF_ ##