After your network is working properly, you might want to add remote services to allow remote users to use your Bootable CD system from afar.
Any time you provide remote access, it introduces the potential for remote attackers to break into your system. Only do this if you know what you are doing (of course you learn what you are doing by doing it...).
Before you enable services, you probably want to create a password for the root account on your system. You will have to do this every time you bootup from the Bootable CD if you want to prevent remote attacks while enabling remote access. You do this by typing "passwd". Please choose a hard to guess password.
Here are some services you might want to bring up:
Secure Shell Daemon: This allows remote login via encrypted session. To start sshd type:
service sshd start
Sendmail: To run sendmail - the mail processing server used to handle most Internet infrastructure email, use:
service sendmail start
Ident Daemon: This daemon tells remote systems the identity of users accessing their systems from this system. You start it by typing:
service identd start
Mounting Remote File Systems: While this isn't quite a 'service', it's pretty handy and you might want to know how... Using "Samba" - the Microsoft file sharing mechanisms, you can mount remote Microsoft SMB file shares. This command will make the remote share called 'filesystem' on the computer called 'systemname' appear on your Bootable CD computer as '/mnt/tmp':
smbmount //systemname/filesystem /mnt/tmp
With the remote file system mounts, we have run substantial networks of Bootable CD computers using only remote files for storage with great success.
If you wish to mount an NFS filesystem, use the following command:
mount -t nfs systemname:/filesystem /mnt/tmp -o soft
NFS is typically used by Unix and Linux systems for file sharing and offers somewhat improved security and reliability but somewhat poorer performance than SMB. The -o soft assures that if the remote system becomes inaccessible it will not cause your system to have long delays in performing operations affecting that system.
Get-only web server: This daemon provides get-only web service for web pages and files you place in or link to the /dtk/www directory. To get it to run, using /cdrom-real/www (the default web pages provided on the Bootable CD) as the content, do this:
webser /cdrom-real/www
If you want to serve web pages from an area on your hard disk (e.g., an area you used to use with some other web server), identify where the hard disk web directory is located on your Bootable CD system (typically under /mnt/hda1/) and replace that full path name for /cdrom-real/www in the above commands.
Getting dates right: fixdate is a shell script that uses network time protocol to find the current date and time (usually within a few miliseconds). It requires that your network be operating. To run it, type:
fixdate
Deception ToolKit: Deception ToolKit provides fictitious services for IP addresses and ports so that attempted unauthorized access can be detected and tracked and so that attackers waste their time trying to break into and analyze fictitious services instead of real ones. To configure and install DTK, press here.
Secure Domain Name Services: SDNS is a secure authoritative (terminal) DNS server. This means that it only serves as the authoritative DNS server for a domain and does not forward DNS requests elsewhere. To configure and install SDNS, press here.
Temporary Secure Chat Server: Sometimes I want to throw up a chat server for some secure communication between a small group. I do this with ssh, see, and say as described here. When I am done with the session, there is no residual data left over, unless it is kept by the participants.