How to use Honeywall Packages ============================= Last update: Mon May 3 19:09:17 PDT 2004 Honeywall packages are tar files (either .tar or .tgz compressed) that contain files to be included into a customized honeywall ISO (a.k.a. a "template ISO"). For information on how customization works, see the IEEE paper, "Customizing ISOs and the Honeywall" by Dave Dittrich. http://staff.washington.edu/dittrich/misc/honeywall/ieee-ia/dittrich.pdf The program "addhwpkgs" is used to unpack these tar archives into the proper locations for customization. This is controlled by a file named "hwpkg.list" which includes a list of directory/tarball pairs, like this: root hwpkg-ssh.tgz root hwpkg-tcpslice.tgz root hwpkg-logs.tgz root hwpkg-aguri.tgz root.local hwpkg-root-ssh.tgz The first column is the directory into which the tarball will be unpacked, and the second is the tarball. Simple as that. (Only tarballs without leading slashes are allowed. Otherwise you wipe out the dev host's file system, which would not be good.) The example "hwpkg.list" file above will cause "addhwpkgs" to unpack hwpkg-ssh.tgz, hwpkg-tcpslice.tgz, etc., into the ./root/ directory, and unpack hwpkg-root-ssh.tgz into the ./root.local/ directory. You typically only need to unpack the packages once to create the customization directories. Use the command "make addpackages" to insert them. # make addpackages ./addhwpkgs unpacking hwpkg-ssh.tgz into root unpacking hwpkg-tcpslice.tgz into root unpacking hwpkg-logs.tgz into root unpacking hwpkg-aguri.tgz into root unpacking hwpkg-root-ssh.tgz into root.local If you are creating many templates with different sets of programs, you may need to clean out the directories inbetween making new templates. All files associated with the packages listed in hwpkg.list will be deleted when you use the command "make clean-all". (This also serves to save disk space if you are too poor to buy a 120GB disk drive. ;) Example of adding packages -------------------------- To see how this works, download the following files and place them into your customization directory: http://staff.washington.edu/dittrich/misc/honeywall/hwpkg-tcpslice.tgz http://staff.washington.edu/dittrich/misc/honeywall/hwpkg-logs.tgz http://staff.washington.edu/dittrich/misc/honeywall/hwpkg-aguri.tgz http://staff.washington.edu/dittrich/misc/honeywall/hwpkg.list Edit the "hwpkg.list" file to make sure it only includes the packages shown above. Next, type "make addpackages". You are now ready to customize an ISO that includes these files, using "make template" and "make cdrw" (for CD-RW discs; use "make cdrom" for CD-R.) [Note that you can combine these last two steps into one command with "make template cdrw".] Example of creating a package ----------------------------- The following is "script" output of a login session showing the steps involved in creating a package for "aguri": Script started on Sat May 1 15:55:05 2004 [root@devhost src]# tar -xvzf aguri-0.7.tar.gz aguri-0.7/ aguri-0.7/aguri.c aguri-0.7/aguri.h aguri-0.7/read_pcap.h aguri-0.7/Makefile aguri-0.7/read_pcap.c aguri-0.7/aguri_pcap.c aguri-0.7/aguri_tree.c aguri-0.7/aguri_tree.h aguri-0.7/aguri_ip.c aguri-0.7/aguri_ip.h aguri-0.7/aguri_pcap.h aguri-0.7/aguri_plot.c aguri-0.7/aguri_plot.h aguri-0.7/xtree.c aguri-0.7/xtree.h aguri-0.7/README aguri-0.7/CHANGES aguri-0.7/INSTALL aguri-0.7/scripts/ aguri-0.7/scripts/agurify.pl aguri-0.7/scripts/makeplot.pl aguri-0.7/scripts/README aguri-0.7/scripts/makeimages.pl aguri-0.7/scripts/density.pl aguri-0.7/bsd-compat/ aguri-0.7/bsd-compat/netinet/ aguri-0.7/bsd-compat/netinet/ip.h aguri-0.7/bsd-compat/netinet/ip6.h aguri-0.7/bsd-compat/netinet/icmp6.h aguri-0.7/bsd-compat/netinet/tcp.h aguri-0.7/bsd-compat/netinet/udp.h aguri-0.7/bsd-compat/netinet/ip_icmp.h aguri-0.7/bsd-compat/sys/ aguri-0.7/bsd-compat/sys/queue.h aguri-0.7/aguri.1 [root@devhost src]# cd aguri-0.7/ [root@devhost aguri-0.7]# vi Makefile [ edit to compile on Linux ] [root@devhost aguri-0.7]# make cc -O2 -Wall -DNDEBUG -I. -Ibsd-compat -I/usr/local/src/libpcap -DINET6 -DAGURI_STATS -c aguri_ip.c cc -O2 -Wall -DNDEBUG -I. -Ibsd-compat -I/usr/local/src/libpcap -DINET6 -DAGURI_STATS -c aguri_pcap.c cc -O2 -Wall -DNDEBUG -I. -Ibsd-compat -I/usr/local/src/libpcap -DINET6 -DAGURI_STATS -c aguri_plot.c cc -O2 -Wall -DNDEBUG -I. -Ibsd-compat -I/usr/local/src/libpcap -DINET6 -DAGURI_STATS -c aguri_tree.c cc -O2 -Wall -DNDEBUG -I. -Ibsd-compat -I/usr/local/src/libpcap -DINET6 -DAGURI_STATS -c read_pcap.c cc -O2 -Wall -DNDEBUG -I. -Ibsd-compat -I/usr/local/src/libpcap -DINET6 -DAGURI_STATS -c xtree.c cc -O2 -Wall -DNDEBUG -I. -Ibsd-compat -I/usr/local/src/libpcap -DINET6 -DAGURI_STATS -o aguri aguri.o aguri_ip.o aguri_pcap.o aguri_plot.o aguri_tree.o read_pcap.o xtree.o -L /usr/local/src/libpcap -lpcap [root@devhost aguri-0.7]# touch made [root@devhost aguri-0.7]# make install install -m 0755 aguri /usr/local/bin install -m 444 -o bin -g bin aguri.1 /usr/local/man/man1 if [ ! -d /usr/local/lib/aguri ]; then \ mkdir /usr/local/lib/aguri; \ fi install -m 755 -o bin -g bin scripts/agurify.pl scripts/makeplot.pl scripts/makeimages.pl scripts/density.pl /usr/local/lib/aguri [root@devhost aguri-0.7]# find /usr -newer made -type f > made.out [root@devhost aguri-0.7]# cat made.out /usr/local/bin/aguri /usr/local/lib/aguri/agurify.pl /usr/local/lib/aguri/makeplot.pl /usr/local/lib/aguri/makeimages.pl /usr/local/lib/aguri/density.pl /usr/local/man/man1/aguri.1 [root@devhost aguri-0.7]# tar -cvzf hwpkg-aguri.tgz `cat made.out` tar: Removing leading `/' from member names usr/local/bin/aguri usr/local/lib/aguri/agurify.pl usr/local/lib/aguri/makeplot.pl usr/local/lib/aguri/makeimages.pl usr/local/lib/aguri/density.pl usr/local/src/aguri-0.7/made.out usr/local/man/man1/aguri.1 [root@devhost aguri-0.7]# exit exit Script done on Sat May 1 16:15:26 2004