Manualshelf

User`s guide

ManualsBrandsProtogate ManualsComputer equipmentFreeway 3112
21222324252627282930
Appendix A. Sample rc.startsra File
This appendix shows a sample rc.startsra file which configures and enables several of the security-tightening
capabililities which are described in other parts of this document.
Note that some of the command lines in this example are broken by "backslash-return" characters at the end of one
line, followed by the remainder of the command on the next line. Those commands have been broken to fit into this
document, and if copied to a script on a Freeway, either the backslash should be preserved just before the
carriage-return at the end of the first line, or the two lines should be concatenated into a single line without the
backslash.
A.1. rc.startsra Configuration File
Figure A-1. rc.startsra File
##------------- beginning of rc.startsra file ---------------------------------
#!/bin/sh
#
export TZ="GMT"
#
# Additional commands for a Freeway system
# (beyond ordinary Freeway settings and programs)
# This file assumes it is running on a Freeway with a /var/ filesystem
# which is mounted "read-write", rather than the "read-only" which is
# common for Freeways with Flash disks.
#
# The first "export" lines below are intended to be customized
# for each environment:
#
# DEFAULT_ROUTER is the default IP route.
#
# The IP addresses specified in TARGET1 and TARGET2 will be used
# by the ipfailover.sh script to detect when an ethernet interface has
# failed or become disconnected, and the Freeway should switch
# to the other ethernet interface. If ethernet failover is not desired,
# leave these commented out or blank. If only one IP can be specified,
# set both TARGET1 and TARGET2 to that IP address. If IP addresses
# are specified, be sure at least one of them is always available for
# the Freeway to ping; otherwise the Freeway will switch between
# the two ethernet interfaces every 70 seconds or so.
#
# NTP_SERVER and NTP_SERVERB are expected to be NTP servers, to which
# the Freeway will synchronize its time (if only one NTP server
# is available, leave NTP_SERVERB blank; if none available, leave
# NTP_SERVER blank).
#
echo "No logins permitted until auditing has started." > /var/run/nologin
# export DEFAULT_ROUTER=192.168.1.3
# export TARGET1=192.168.1.3
28