Specifications
4
SuSE Live CD for Firewall
External to Internal
To operate an FTP server, define the settings in this part of the module to
enable access from the Internet on the FTP server.
SSH
openSSH enables use of a shell on a remote host with an encrypted connec-
tion.
chroot, compartment, Kernel Capabilities
To raise the security level on the firewall, the services on the Live CD run
in a chroot environment. The program compartment is also used. Setting
capability bits in the kernel additionally increases the security of system ap-
plications.
chroot With chroot, an application can change its view of the file system ir-
revocably by defining a new "root" for the file system. As soon as the
application has applied itself to this segment of the file system, the seg-
ment adopts the role of the entire file system for this application. The
rest of the file system no longer exists as far as this application is con-
cerned. Even if the program has somehow crashed, a potential cracker
would remain in this chroot environment, and so be unable to damage
the actual system.
compartment Enables execution of applications and services in chroot jails
with unprivileged users and groups. It supports scripts run before the
program actually starts (e. g., to set up a chroot environment). Supports
the use of kernel capabilities.
kernel caps Kernel capability bits
Increases security by limiting the capabilities of executable programs.
Using compartment is another relatively simple option for specifying
the capabilities of an application.
The Configuration Disk
The configuration disk contains the complete system and application level
gateway configurations. The configuration floppy disk must be formatted
125SuSE Linux – Firewall on CD2