Once Dachstein boots, you will be at the main menu for the lrcfg program. This program automatically loads by default. It is a simple menu-driven user interface to backing up the firewall, and editing the various configuration files. Press a number or letter, then the [Enter] key to select the respective feature or function. This is a good time to check out the Dachstein readme file and the network.conf readme. They go into some detail in configuring Dachstein through the menu system. There really isn't much Linux knowledge required here in the menus. If you press the [q] key, then [Enter], now you are in the Linux space, and should read on.

Each file and directory in Linux has a specified set of attributes used for security. Knowing these will help you to track down problems, and understand why a step-by-step instruction guide tells you to use, for example, the chmod command (a common command used in Linux).

First, each file and directory belongs to a user, and to a group. These items are determined during the installation, and then when each user creates a file or directory. Every user belongs to a group, and when a user saves a file, Linux stores that users name, and the group to which that user belongs with the file. Consider the following directory entry:

-rwxr-xr-x 1 sh-httpd adm 5985 Aug 20 18:24 index.html

In this entry, the file index.html belongs to a user called sh-httpd. The file also belongs to the adm group.

When displaying a files attributes (See the section called “Getting Around in the File System” below on how to display a files attributes.), you will see a series of characters that take up the first 10 spaces of each file or subdirectory in that directory (see the above directory entry). The first space tells you what kind of entry this is. A dash means that this is a regular file. A 'd' indicates that this is a directory. An 'l' means that this is a link to another file. The next three characters indicate the permissions of the files owner. An 'r' means the owner can read the file. A 'w' means the owner can write (make changes) to the file. The 'x' means the owner can execute or run the file (if it is a binary application or script file). The next three characters describe the permissions for the group to which this file was assigned. The same three letters are used and they have the same meaning. The last three characters describe the permissions of anyone who is not the files owner, and anyone who does not belong to the group to which this file belongs. Again, the same letters are used, and they have the same meaning. A dash is used if a permission is not allowed. From this, and the permissions in the example output above, we can determine the following:

If you are familiar with working in DOS, this should not be too difficult, after all, DOS was modeled after UNIX, and Linux was modeled after UNIX. There are some differences to be aware of, however. There is a document (listed in Appendix B, Resources) which specifically covers Linux basics for those experienced in DOS.

The cd command is available, and does the same thing as its DOS counterpart. One difference, however, is that the backslash (\)is not used in Linux to separate directories. In Linux, we use the forward slash (/) instead. Also, in DOS it is acceptable to type cd\dos to move from anywhere in the file system to the dos directory off of the root directory. Even if we replace the backslash with a forward slash, this will cause an error in Linux. When using the cd command, there must always be a space between the cd and the directory name. Thus, to move into, for example the /usr directory, we would type:

cd /usr

To move one directory above the current working directory, we would type:

cd ..

In order to see which files are in a directory, DOS users type the dir command. This command is available in most Linux distributions (Dachstein included), but is actually only a shortcut to the real Linux command, ls. Typing ls then [Enter] will display the contents of a directory in a fashion similar to the DOS command dir /w. The number of files on a line is dependent upon how long the longest file name in that directory is. To view detailed information about a file, type ls -l. This will display the file's name, owner, group, size, date, and permissions. In the directory entry example above, we see that this is a file (not a directory or link), called index.html. It is 5985 bytes, was created on August 20th at 6:24 p.m., and belongs to the sh-httpd user and the adm group.

The procedure for creating and deleting files and directories is similar to DOS, as well, however the commands are named slightly different. Note that during deletions, there is no undelete, or recycle bin. In addition, wildcards may be used as well. This makes deleting files a potentially dangerous activity. Please use caution. The following commands are available:

cp [path]<filename> <destination_path>

Examples:
cp index.html /usr/root [Enter]
cp /mnt/stat.sh /usr/bin [Enter]

rm <filename>

Example:
rm index.html [Enter]

mv <currentfilename> <newfilename>

Example:
mv index.html index.htm [Enter]

mkdir <newdirectoryname>

Example:
mkdir temp [Enter]

rmdir <directorytodelete>

Example:
rmdir temp [Enter]

mv <olddirectoryname> <newdirectoryname>

Example:
mv webpages htmldocs [Enter]

To mount a disk means to make that disk available for reading and writing. In DOS, disks are mounted automatically, without user intervention. In Linux, disks must be mounted. This is particularly true with removable media. Likewise, all media (even CD-ROM disks) must be unmounted when you are finished. If you remove a floppy disk from the drive without unmounting it, you run the risk of data corruption. This is because Linux uses disk caching (yes, even on floppies) that may hold data in memory for quite some time before flushing it out to the disk.

One other note about mounting and file systems. In DOS, you have a separate file system on each logical drive in your computer. Think of it this way, if you have a floppy disk in the drive, two hard disks (C: and D:), and a CD-ROM on drive E:, you have four distinct root directories; the root directory on drive A:, C:, D:, and E:. In Linux, there is only one root directory, and only one file system. All storage devices are mounted "into" that file system. Typically, we mount the floppy drive into the /mnt directory. That way, if you need to access information on the floppy, you would look for that information in the /mnt directory. This is the standard being used in the examples below.

Mounting a floppy disk:

1.44Mb disk: mount -t msdos /dev/fd0 /mnt [Enter]

1.68Mb disk: mount -t msdos /dev/fd0u1680 /mnt [Enter]

These commands do the following: first, the call the mount command. They pass the drive type parameter to the mount command (-t msdos) indicating that these disks are formatted in a standard MS-DOS format. Next, mount is instructed which device to mount. All hardware devices are represented in Linux by a file in the /dev directory. In the first example, the default fd0 device is used. This device assumes that the first floppy disk is a 1.44 Mb disk. The second example (the one you must use when you mount the Dachstein 'floppy only' distribution disk) says that the first floppy disks will be used, but to force reading and writing in the 1680K or 1.68 Mb format. The last parameter tells mount where to put the floppy disk in the file system (in this case, in the /mnt directory). Once the disk is mounted, you can cd to it, copy files, edit files, etc. Just dont forget to unmount it when you are done.

Unmounting a floppy disk:

unmount /mnt [Enter]

This tells Linux to unmount (and flush any data that may not yet have been written) whatever device was mounted into the /mnt directory. One final word regarding mounting and unmounting disks. You cannot be in the directory into which you are mounting a file system. For example, if you are mounting a floppy disk into the /mnt directory, you cannot be in the /mnt directory. If you aren't sure whether or not you are in the /mnt directory, perform a cd / [Enter] to move to the root directory just to be safe.

As soon as you are ready to place the firewall into the network, you should put a password on the root account. This is very important as without it, potential intruders could get in, and place their own password on the system (thus removing your ability to manage/modify the firewall). In addition, you can not remotely control the firewall using Putty without a password. To do so, follow these steps:

You can reboot the firewall in one of two ways. The simpler is to do an immediate reboot by typing the reboot command at the command prompt:

reboot [Enter]

The other way is to use the shutdown command. The syntax of the shutdown command is:

shutdown <type> <when>

where type is -h to halt the system, or -r to reboot it. The 'when' refers to when to shut the system down. With this, you can schedule a shutdown and restart at a specified time (perhaps during the evening when no one is using the system). For an immediate shutdown using the shutdown command, type:

shutdown -h now [Enter]

Assume you have made changes to the firewall, and you want ot reboot it after everyone (including yourself) has left for the day. You can type:

shutdown -r 23:57 [Enter]

which will reboot (-r) the firewall at 11:57 p.m.

In DOS, you have probably used the EDIT.COM program to edit text files. On the Dachstein firewall, the equivalent is called e3. e3 works similar to EDIT. You can simply type e3 then [Enter] to load the application. Then, you will be required to explicitly open the file you want to edit. If you are in the same directory as the file you need to edit, you can type:

e3 <filename> [Enter]

There are a few basic commands you need to get around in e3. These are:

There are other very useful commands in e3 - see the Help screen for details.