nsthdinstall — Installs the Network Security Toolkit to a hard disk partition.
nsthdinstall [ --device DEVICE
] [ --format [true]|false
] [ --label TEXT
] [ --grub-install [true]|false
] [ --floppy [true]|false
] [ --swap-devices LIST
] [ --swap-format-label [true]|false
] [ --remap-devices LIST
] [ --iso FILENAME
] [ --source FILENAME
] [
-p
[true]|false
| --prompt [true]|false
] [ --modules LIST
] [
-h
[true]|false
| --help [true]|false
] [
-H
[true]|false
| --help-long [true]|false
] [
-v
[true]|false
| --verbose [true]|false
] [ --version [true]|false
]
The nsthdinstall allows one to install the entire Network Security Toolkit onto a hard disk. This is used to speed up the development and testing of the boot sequence. It is much quicker to edit files on a hard disk and reboot than build an entire ISO image from the source, burn it to a CDRW and then boot from it.
There are several things to realize when using this utility:
You will need to prepare your disk partitions ahead of time. You can use the fdisk command to do this. A partition size of 1.5GB is recommended (this should leave you plenty of space for the next several releases of the NST).
It requires a clean (empty)
ext3 filesystem. If you specify
--format, the script will set the partition
type to 83 AND format it as
ext3 as required.
It will automatically add any detected swap partitions
to the template /etc/fstab file if you
include the --swap-devices scan
option. Therefore, it is recommended that you create any
desired swap space prior to invoking the
nsthdinstall script. To create swap space,
use the fdisk utility and create a
type 82 partion (Linux swap). Then format this partition with
the mkswap command.
It does NOT install a boot loader by
default. You will need to specify
--grub-install, install your own boot loader
by hand (such as grub which is
included with the distribution), or update an existing boot
loader. A sample grub.conf file will be
placed in the /boot/grub directory to
serve as a starting point.
You must use the nsthdinstall script that comes with the distribution. Using a nsthdinstall script from a prior version to install a newer version is not supported.
Starting with the 1.4.0 release,
the nsthdinstall script is able to determine if
you are using the incorrect version for the distribution and
will then attempt to copy the correct version to the
/tmp directory for you.
The examples below show how to use the nsthdinstall script:
This example demonstrates how one can use
nsthdinstall to install the NST onto IDE
partition /dev/hda8 (the
--format option was included to initialize
the partition). Since the --grub-install
option was omitted, this installation won't actually boot until
one updates their respective boot loader.
Example 1. Format/Install No Boot Loader
[root@probe root]# nsthdinstall --device /dev/hda8 --format
... Lots of output indicating progress/failure of install ...
[root@probe root]# This example demonstrates how one can use
nsthdinstall to install the NST onto IDE
partition /dev/hda8 AND have the
system boot from the new NST installation. Since the
--grub-install option was included, the
grub boot loader will be installed. This will DISABLE the
booting of other Operating Systems which may be present on the
system. One can always edit the
/boot/grub/grub.conf installed on the
/dev/hda8 partition if there are other
Operating Systems installed and they would like for them to
appear in the list of choices presented by the grub boot
loader.
Example 2. Format/Install With Boot Loader
[root@probe root]# nsthdinstall --device /dev/hda8 --format --grub-install
... Lots of output indicating progress/failure of install ...
[root@probe root]# This example shows a NST hard disk installation on a Sun
Fire V20z Server. We will be installing NST on
one of the internal 36GB SCSI drives
(/dev/sda1). We will need to install
additional SCSI modules for this
installation.
Example 3. Installation On Sun Fire V20z
[root@probe root]# /sbin/fdisk -l;
Disk /dev/sda: 36.7 GB, 36703934464 bytes
255 heads, 63 sectors/track, 4462 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 974 7823623+ 83 Linux
/dev/sda2 975 1097 987997+ 82 Linux swap
[root@probe root]# /sbin/lsmod;
Module Size Used by
floppy 56913 0
md5 8001 1
ipv6 240225 24
tg3 79557 0
usb_storage 63753 0
ohci_hcd 24277 0
ext3 121929 1
jbd 57561 1 ext3
mptscsih 36737 0
mptbase 46177 1 mptscsih
sg 38881 0
sd_mod 19905 2
scsi_mod 116289 4 usb_storage,mptscsih,sg,sd_mod
[root@probe root]# nsthdinstall --device /dev/sda1 --format true \
--grub-install true --modules "scsi_mod sd_mod sg mptbase mptscsih" --verbose;
... Lots of output indicating progress/failure of install ...
[root@probe root]#
A more complex example is shown for a NST hard disk
installation on a Sun Fire x4100 Server
(sporting two dual-core 64-Bit AMD Opteron processors). We will
be installing NST on one of the internal 73GB
SAS (Serial Attached SCSI) drives
(/dev/sdj3). Additional loadable Kernel
driver modules to support the SAS attached
disks will be needed in the initial RAM image for this system to
properly boot.
Example 4. Installation On Sun Fire x4100
[root@probe root]# /sbin/fdisk -l;
Disk /dev/sda: 73.4 GB, 73407865856 bytes
255 heads, 63 sectors/track, 8924 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdj1 1 499 4008186 83 Linux
/dev/sdj2 500 624 1004062+ 82 Linux swap / Solaris
/dev/sdj3 * 625 1123 4008217+ 83 Linux
Disk /dev/sdb: 73.4 GB, 73407865856 bytes
255 heads, 63 sectors/track, 8924 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdk1 1 499 4008186 83 Linux
/dev/sdk2 500 624 1004062+ 82 Linux swap / Solaris
/dev/sdk3 * 625 1123 4008217+ 83 Linux
[root@probe root]# /sbin/lsmod;
nls_utf8 6849 0
loop 22481 0
ipv6 314689 20
e1000 112876 0
joydev 16193 0
usb_storage 90249 0
ohci_hcd 29281 0
video 23881 0
button 12513 0
battery 15561 0
ac 10313 0
ext3 151633 1
jbd 71400 1 ext3
mptsas 20049 0
mptscsih 45257 1 mptsas
mptbase 60897 2 mptsas,mptscsih
scsi_transport_sas 24001 1 mptsas
sg 47985 0
sd_mod 24769 2
scsi_mod 168697 6 usb_storage,mptsas,mptscsih,scsi_transport_sas,sg,sd_mod
[root@probe root]# nsthdinstall --device /dev/sdj3 --format true \
--label "NST v1.4.0" --iso /var/nst/tmp/nst-1.4.0smp.iso --swap-devices "/dev/sdj2 /dev/sdk2" \
--swap-format-label true --grub-install true --prompt false \
--modules "scsi_mod sd_mod sg scsi_transport_sas mptbase mptscsih mptsas" \
--remap-devices "/dev/sdj,/dev/sda /dev/sdk,/dev/sdb" --verbose true;
... Lots of output indicating progress/failure of install ...
[root@probe root]#
A couple of items to point out with this example. A hard
disk partition was mounted at: "/var/nst"
with plenty of space for us to copy the ISO
image: "/var/nst/tmp/nst-1.4.0smp.iso" to as
the source for this NST install. Labeling and formatting both the
NST hard disk partition: "/dev/sdj3" and
both swap partitions: "/dev/sdj2" and
"/dev/sdk2" will be done. Device:
"/dev/sdj" will be remapped to
"/dev/sda" and device:
"/dev/sdk" will be remapped to
"/dev/sdb" for all applicable files. This is
necessary for systems that have a different disk device map for a
NST Live CD/DVD boot vs. a NST hard disk boot.
We use grub as the boot loader for the NST distribution. However, by default, we don't enable/install it when one does a hard disk install. This typically results in one of the following situations:
A user intentionally includes the
--grub-install option and the system is
fully configured to load the NST at the next reboot. This
works best when the system is a dedicated NST probe. If one
needs to boot Operating Systems other than the NST that was
just installed, they well need to understand how to edit the
/boot/grub/grub.conf file.
A user intentionally omits the
--grub-install option because they already
have a boot loader installed on their hard disk and they don't
want to use grub. In this situation, it will still be
useful to review the /boot/grub/grub.conf
installed on the hard disk as it will help one configure their
existing boot loader to boot the NST just installed.
If one determines that they want to use the grub boot
loader AFTER installing the NST to hard disk (you wish you would
have included the --grub-install option), the
grub-install command will need to be run by
hand.
The following example shows how one can run the
grub-install to install grub as the boot
loader for the disk /dev/hda and use the
NST distribution which was installed on partition
/dev/hda2:
[root@probe root]# mount /dev/hda2 /mnt/ext3
[root@probe root]# grub-install --root-directory=/mnt/ext3 --no-floppy /dev/hda
Installation finished. No error reported.
This is the contents of the device map /mnt/ext3/boot/grub/device.map.
Check if this is correct or not. If any of the lines is incorrect,
fix it and re-run the script `grub-install'.
(hd0) /dev/hda
[root@probe root]# umount /mnt/ext3
[root@probe root]# reboot
... A lot of messages as system shuts down and restarts ...
The password for the hard disk
install will fall back to the original password used to create
the source ISO image. The initial password
will be nst2003 (NOTE: For NST distributions
prior to 1.4.2 it will be
nst@2003 and you may need to use
Shift+2
for the '@' symbol) for all distributions
from http://www.networksecuritytoolkit.org/.
The NST distribution is designed to be a "turn key" environment. You install, configure and run. It is not designed to allow one to easily add additional software packages.
Enabling verbose output using
option: "-v" or "--verbose
true" can be quite useful for complex NST hard disk
installs. With each install phase, command output and associated
diagnostic information along with time stamps and duration data
will be displayed.
It is recommended to create a second
ext3 partition and mount it to the
/var/nst directory (the
/etc/fstab configuration file will need to
be updated after rebooting to support this). The
/var/nst directory is the default location
used by many of the tools included with the NST to store
data. By having the /var/nst directory on
its own partition, one can preserve data as they migrate to
newer versions of the NST.
The following command line options are available:
--device DEVICE]
This option is required. You must specify the name of
a device (Ex: "/dev/hdc1") which contains a
empty ext3 partition (OR, specify
--format and we'll format it for
you).
--format [true]|false]
By default, nddhdinstall will not
format the partition specified by the --device
DEV option. This is more or less of a safety
mechanism. If you include this option, then
nsthdinstall will format the partition before
attempting to use it (USE AT YOUR OWN RISK).
--label TEXT]
One can add a volume label to
the partition (filesystem): (--device DEVICE) that NST
will be installed on. This is
useful when mount is locating the NST partition
without knowledge of the actual partition device name. The
volume label can be up to a maximum of 16
characters. The appropriate device name in
"/boot/grub/grub.conf" and
"/etc/fstab" will be replaced by the
volume label.
--grub-install [true]|false]
By default, we assume that you might be using
partitions on your hard disk for other purposes. Because of this
assumption, we do not install a boot loader (we do provide a
template configuration for grub at
"/boot/grub/grub.conf"). If you don't already
have a boot loader somewhere on your hard disk, you can specify
--grub-install and
nsthdinstall will install the
grub boot loader.
--floppy [true]|false]
This option will enable probing for any attached
floppy devices during grub installation. It has no meaning if the
grub install option (--grub-install true) was
not specified. Typically it is best not to use this option for
systems that do not have an attached floppy device because the NST
hard disk installation may hang during the grub installation phase
if a floppy device is not detected.
--swap-devices LIST]
One may specify a list of disk device names to be
used as swap space area for the NST Hard disk installation. Each
swap device entry in the list will be added to the descriptive
mount file: "/etc/fstab" for auto-mounting
the swap area at boot time. If the (--swap-format-label
true) option is not used, then each
device specified for swap space usage must exist, have a partition
ID of: "82" and be already formatted as a
swap area that resulted by using the Linux
mkswap command. If the
(--swap-format-label true) option is
used then the specified disk partitions for
swap area usage need only to exist. Each disk partition entry will
be converted to a Linux swap partition ID of:
"82", formatted as a swap area and
sequentially volume labeled starting with
"SWAP_NST_1". An example use of this option
follows: --swap-devices "/dev/sda2 /dev/sdb2"
(don't forget the double quotes). One may also use a special
keyword value of: "scan" or
"auto" to locate swap partitions that may
already exist on the system. This simplifies the process of adding
swap devices.
--swap-format-label [true]|false]
If one or more swap device entries are specified
(--swap-devices LIST), then this option will
converted each partition to a Linux swap partition ID of:
"82", format the partition as a swap area and
sequentially volume label it starting with
"SWAP_NST_1". Each addtional partition entry
will be appropriately volume labeled:
"SWAP_NST_2", "SWAP_NST_3"
and so on. Note: one needs to be careful when using volume
labels. If another Linux Operating System (OS) is sharing a swap
space area label for NST, make sure that the swap label naming
convention used for NST is taken into account.
--remap-devices LIST]
This option allows the remapping of a device name to
a remapped value for the following files:
"/boot/grub/grub.conf",
"/boot/grub/device.map" and
"/etc/fstab". Each occurence of the device
name within these files will be
changed/remapped to the corresponding
value. This option is useful if the ordering of the disk partion
device name is different when booting from a Live CD NST
distribution or when booting NST from a hard disk. The
nsthdinstall script will typically be run from
a Live CD session. The disk partition mapping may be different
when NST is booted off the hard disk partition. To help reduce
this problem further, the use of volume labeling a disk partition
is recommended (See the [--label TEXT]
option). An example use of this option follows:
--remap-devices "/dev/sdj1,/dev/sda1
/dev/sdj2,/dev/sda2" (don't forget the double
quotes). Each remap pair consists of the original device name,
a comma separator and the remapped value. Each additional remap pair
is delimited by a space.
--iso FILENAME]
If you have downloaded and uncompressed the NST ISO image, you can install directly from the NST ISO image onto your hard disk (you don't need to burn a CD). Use this option to specify the location of the NST ISO image.
--source FILENAME]
Use this option if the NST CD is not mounted at
"/mnt/cdrom". You should only need to use this
option if you are attempting to use the
nsthdinstall from a system which was not booted
via a NST CD.
-p [true]|false] | [--prompt [true]|false]
By default, the nsthdinstall
command will show you what its about to do and ask for your
confirmation before it formats your hard disk partition or the
installs any files. If you would like to disable this, you may
specify --prompt false.
--modules LIST]
Most users will never need to specify this command
line option (the default should work for most systems with
attached IDE drives). If you are installing
NST onto a SCSI or Serial
ATA hard disk partition, you will most likely
need additional kernel driver modules installed in the initial
RAM disk image which is used at boot time. You
can use this command line argument to refine what kernel driver
modules are necessary to be installed for proper access to the
hard disk partition during boot. If you omit this argument, it
defaults to: "scan". When set to
"scan", we will make our best guess by looking
at the output from a kudzu scan for
IDE and SCSI devices. When
set to "none", we will not install any
additional modules (make sure if you specify the
"none" value that you are installing NST to a
generic IDE hard drive partition). Your third
option is to list (in exact order you want the kernel driver
modules installed - some kernel driver modules may depend on
others) the modules necessary for your system. For example:
--modules "scsi_mod sg sd_mod aic7xxx" (don't
forget the double quotes). The lsmod command
can be used to help identify what additional kernel driver modules
will be necessary for access to the hard disk partition on your
system.
-h [true]|false] | [--help [true]|false]
When this option is specified, nsthdinstall will display a short one line description of nsthdinstall, followed by a short description of each of the supported command line options. After displaying this information nsthdinstall will terminate.
-H [true]|false] | [--help-long [true]|false]
This option will attempt to pull up additional
nsthdinstall documentation within a text based
web browser. You can force which browser we use setting the
environment variable TEXTBROWSER, otherwise,
we will search for some common ones.
-v [true]|false] | [--verbose [true]|false]
When you set this option to true, nsthdinstall will produce additional output. This is typically used for diagnostic purposes to help track down when things go wrong.
--version [true]|false]
If this option is specified, the version number of the script is displayed.
/usr/local/share/nsthdinstallDirectory containing resource files which are used during the installation.