The purpose of this section is to explain how to install the Honeywall CDROM, and the different
options you have. Please submit all bugs/corrections for this documentation or the Honeywall
CDROM to our Bugzilla Server.
Last Modified: 25 May, 2007
|
4. Installation
- Installation Steps
- Alternate Automated Configuration Option
4.1 Installation Steps
These steps describe how to install the Honeywall software to your hard drive. Keep
in mind, this process will DESTROY all data on your hard drive, so make sure the hard
drive has no critical data, or you have made back-ups. You have been warned.
- Ensure your system meets the requirements, as stated in
Section 3: Requirements Section.
- Download the latest copy of the Roo ISO from the
CDROM homepage or a mirror
local to you. Make sure you verify the MD5 signature after downloading.
- Use your favorite CDROM mastering process to create a CDROM from the downloaded ISO. Or,
if you are using virtualization software, such as VMware, you can boot directly from the .iso image.
For more information on how to boot and run from VMware, refer to the paper
Deploying Honeywall Using VMware.
- Configure your BIOS to boot from the CDROM and begin the boot process.
It should boot from the CDROM, beginning the installation process.
- The Honeynet Project splash screen should appear. At this point
system will wait for you input. No installation will happen until you press the Enter
key. Only after you have manually done that, then the system will begin the installation process.
Once the installation begins it is a fully automated process, there is
no need to interact with the installation until all packages have been installed and the system has rebooted itself. For automated, headless
installations that do not require manual intervention, pleasse refer to
Section-8: Customization.
- Once the installation is complete, the CDROM should eject and the system should reboot.
Your hard drive now has a
minimized and hardened Fedora Core 6 operating system with Honeywall support
added. You should be presented with a command line login prompt. At this point you
can login begin the standard configuration process. See the next section,
Section 5: Initial Setup of the documentation for more
details.
4.2 Alternate Automated Configuration Option
The above installation process is the most common process for standalone deployments,
or for individuals or organizations that want to deploy a test system for the first
time. However, organizations that are deploying distributed Honeywalls may want an
install process that includes automated configuration, enabling a hands free deployment.
Below are two such methods.
- You can have the CDROM read a pre-built Honeywall configuration file during the
installation process. The primary way of doing this is by inserting a floppy into the
computer before step [4]. This floppy needs to contain a preconfigured
honeywall.conf
file that contains all the information your system needs to configure itself (detail
information aboubt this file in Section 5: Initial Setup. During
the install process the CDROM will check for a floppy with the honeywall.conf configuration
file. If it finds such a file on a floppy, it will use the variables contained there to
install a fully configured honeywall. This only works on first boot. After that, there
is a marker set and the floopy will never be checked again. This is because an attacker could
walk up with his own floppy and reboot the system to gain access to it. This precaution also
prevents from
accidental reloading of older configurations from a forgotten floppy left in the system.
- The second way to automate configuration during the install process is
to use customization features to insert your
own pre-configured honeywall.conf file into a customized ISO,
and can then let the installation process use this as the default
configuration. Sites who will be deploying large numbers of
honeywalls may want to pre-configure globally applicable values
(such as central management host, SSH server port, whether or not root
logins through SSH are allowed, etc.). You can learn more about
customization in Section 8: Customization.
<-Back Home Next->
|