Building T.REX (was: RE: Linux Proxy Server ?)

[jseymour () LinxNet com (Jim Seymour)]

[Note: I changed the subject so people will have a chance of finding
 it in the archives.]

"Matt Bruce" <matt.bruce () alphawest com au> wrote:
> Message-ID: <EA0466720A21D211B6C800104B2B75E2026921D6@HERCULIS>
>
> Hi all,
>
> Well, we tried out T.Rex on a spare RedHat 6.1 box here in the office. After
> spending about 4 hours waiting for the damned thing to compile and later
> finding that various libraries were missing, we pretty much gave up on the
> whole idea. Note that our stumbling block was the jumping through hoops
> required to get it working, rather than any specific problem with the
> product.
[snip]
>

Hmmm...  I built the thing with few problems on a RH 6.1 box.  I found
a few RPMs were needed that I hadn't installed originally.  So I
installed 'em :-).  Btw: I don't know what Matt was compiling on, but
it took a fraction of that time on the Dell PowerEdge 1300 I used.

The docs need work, there's no question there.  I have sent one list of
errata to FAS and will soon be sending another.

The one I built was put in place on Monday.  It's not in full use yet,
but initial indications are encouraging.

In addition to the T.REX distribution, I installed:

    OpenSSH for admin. access (as opposed to using ptelnet)
    Psionic PortSentry for IDS
       (with custom Perl script to add entries
        to some of T.REX's access control files)
    Postfix MTA (in place of theirs)
    Tripwire
    Custom log analyzers (Perl scripts)

I used nmap on a RH Linux laptop to whack at both interfaces (with IDS
disabled) after configuration was complete.  Got the expected results.

If anybody's interested, I suppose I could clean up and make available
my T.REX errata notes.  (Note: much of them *may* apply only to a RH
6.1 Linux build/install.)

I also slapped together an installer shell script that has a "fix the
perms only" option.  And a script that goes through and re-names (thus
disabling) the recommended "rc.d" scripts.  (And I do mean "slapped
together."  Tho *I* ran 'em myself and they Did The Right Thing.)  Oh
yeah... and a Perl script to generate replacement strings/values as
recommended in the T.REX build docs.  (It just generates the values--
you have to edit the necessary files manually.)

I suppose if it turns out anybody's interested in any of this stuff,
I'll have to come up with the requisite license/disclaimer stuff before
letting them loose on the world :-).

I sure wish FAS would get that T.REX mailing list going :-(.


Regards,
Jim
-- 
Jim Seymour                  | PGP Public Key available at:
jseymour () LinxNet com         | http://www.cam.ac.uk.pgp.net/pgpnet/wwwkeys.html
http://home.msen.com/~jimsun | http://www.trustcenter.de/cgi-bin/SearchCert.cgi