Name

nstipconf — An IPv4 Address configuration tool for an NST system.

Synopsis

nstipconf [ -m TEXT | --mode TEXT ] [ -i DEVICE | --interface DEVICE ] [ -a IPv4ADDR/PREFIX | --ipv4-addr-prefix IPv4ADDR/PREFIX ] [ -g IPv4ADDR | --gateway IPv4ADDR ] [ --mac-addr MACADDR ] [ --host-name TEXT ] [ --domain-name TEXT ] [ --name-servers IPv4ADDRLIST ] [ --hosts-file-only [true]|false ] [ -h [true]|false | --help [true]|false ] [ -H [true]|false | --help-long [true]|false ] [ -v [true]|false | --verbose [true]|false ] [ --version [true]|false ]

Description

The nstipconf script is used in an NST distribution to assist the Network Administrator with the configuration of IPv4 Addressing and access to the NST WUI. When an NST system is configured with two or more network interfaces, it may be easier to manage the network configuration for each interface device using the "network" service rather than under the control of the "Network Manager" service. The nstipconf script's mode: "--mode ipv4" is used for seting up a static IPv4 Address on a designated network interface, disable the "Network Manager" service and enable the "network" service at runtime as well as system boot time.

This script is typically used with an NST system that has numerous network interfaces for providing network surveillance with hardwired attachments to Ethernet Switches or Routers. It can also be used with a Virtual Machine (VM) that is Network Bridged attached. One will need to take additional steps using the "WPA Supplicant" command: "wpa_supplicant" for an NST system that is "Wi-Fi" network attached.

Prior to using this script, it is best to allocate or obtain a static IPv4 Address from your Domain Name Server to be used for this NST system. In a network environment that offers DHCP IPv4 Addresses, be careful not to choose an address within the configured IPv4 Address range that will be used for dynamic assignment.

***Note 1: The command should only be run on a Serial Console or a Desktop Terminal when using modes: "ipv4", "netmgr" or "init" due to the fact that the IPv4 Address for this NST system will most likely change.

Options

The following command line options are available:

[-m TEXT] | [--mode TEXT]

This option specifies an operational nstipconf mode. Currently the following modes: 'ipv4', 'dhcp', 'ssl', 'stealth', 'netmgr', 'rmint', 'init' and 'show' are supported. If you specify 'ipv4' the static IPv4 Address: "--ipv4-addr IPv4 Address" will be bound to Interface: "--interface DEVICE". The NST system will also be configured for static IPv4 Address usage. The "NetworkManager" service will be Stopped and Disabled at boot time. The "network" service will be Started and Enabled at boot time. If you specify 'dhcp' the specified Network Interface: "--interface DEVICE" will use DHCP for deriving its IPv4 Address using the "dhclient" utility. The NST "dhclient" script: "/etc/dhcp/dhclient.d/nst.sh" will be invoked to perform all network configurations based on the results of the lease return from the DHCP server. The "NetworkManager" service will be Stopped and Disabled at boot time. The "network" service will be Started and Enabled at boot time. If you specify 'ssl' the static IPv4 Address bound on Interface: "--interface DEVICE" will be used in the Apache SSL configuration file: "/etc/httpd/conf.d/ssl.conf" for HTTPS access and for the generation of a new SSL certificate and key file. If you specify 'stealth' then one can configure a network interface device in the "UP" state with a non-binding IPv4 Address. This configuration can be advantageous when one wants to capturing packets in a covert or stealth manner. At system boot time this stealth network configuration will be in effect. If you specify 'netmgr' then the NST system will be configured under Network Manager control using an IPv4 Address obtained from a DHCP server. This is the original network configuration provided by the NST distribution. If you specify 'rmint' then all associated configuration entries and files for Network Interface: "--interface DEVICE" will be removed. This mode cannot be used if the "NetworkManager" service is active. If you specify 'init' then all network services (Both the "NetworkManager" and the "network" service) will be Stopped and Disabled and all network interface configuration files in directory: "/etc/sysconfig/network-scripts" with the exception of the 'LoopBack (lo)' interface will be removed. If you specify 'show' then relavent configuration files associated with nework Interface: "--interface DEVICE" will be displayed along with network services status.

[-i DEVICE] | [--interface DEVICE]

When used with mode: 'ipv4', this option will bind the static IPv4 Address: "--ipv4-addr IPv4ADDR/PREFIX" to this specific network interface device. When used with mode: 'ssl', this option allows one to specify a specific network interface device for obtaining the IPv4 Address. If not specified, the IPv4 Address for the default network interface will be used. Example: "p4p1".

[-a IPv4ADDR/PREFIX] | [--ipv4-addr-prefix IPv4ADDR/PREFIX]

This option allows one to specify the static IPv4 Address to be bound to network interface device: "--interface DEVICE" when using mode: "--mode ipv4". Add the 'Network Routing Prefix' to the IPv4 Address to form this option in CIDR (Classless Inter-Domain Routing) notation. Example: "172.32.44.6/24".

[-g IPv4ADDR] | [--gateway IPv4ADDR]

This option allows one to specify an IPv4 Address for the Gateway (i.e., Default Route) when setting up a static IPv4 Address on this NST system using mode: "--mode ipv4". In network computing the Gateway is the packet forwarding rule (route) that is used when no other route can be determeined for a given IPv4 Destination Address. Example: "172.32.44.1".

[--mac-addr MACADDR]

This option allows one to override the MAC Address (Hardware Address) for a given network interface device: "--interface DEVICE" Route) when setting up a static IPv4 Address on this NST system using mode: "--mode ipv4". If this option is not specified, then the current associated MAC Address for the selected network interface device will be used. Specify the MAC Address using this format: "xx:xx:xx:xx:xx:xx". Example: "40:85:A9:45:7E:37".

[--host-name TEXT]

This option allows one to specify a "Host Name" that will be associated with the static IPv4 Address when using mode: "--mode ipv4". It will be used to populate both the Hosts file: "/etc/hosts" and the Host Name file: "/etc/hostname". Use the special host name: "DNS" for automatic lookup (i.e. FQDN - A Fully Qualified Domain Name lookup) of both the "Host Name" as well as the "Domain Name". The "--domain-name" option does not need to be specified if the special case "--host-name DNS" option is used. If this parameter is used with mode: "--mode dhcp", then the "--host-name HOSTNAME" value will be used to send the "host-name" option to the DHCP server which specifies the name of the NST client system. Example: "striker".

[--domain-name TEXT]

This option allows one to specify a "Domain Name" that will be associated with the static IPv4 Address and Host Name when using mode: "--mode ipv4". It will be used to populate both the Hosts file: "/etc/hosts" and the Resolver configuration file: "/etc/resolv.conf". The "--host-name TEXT" option must be used with this option. The "--domain-name" option does not need to be specified if the special case "--host-name DNS" option is used. Example: "balloon.org".

[--name-servers IPv4ADDRLIST]

This option allows one to specify one or more "Domain Name Servers" to be populated in the Resolver configuration file: "/etc/resolv.conf" when using mode: "--mode ipv4". Use an IPv4 Address to specify each "Domain Name Servers". Separate each IPv4 Address with a comma (,). The "--domain-name TEXT" option must be used with this option. Example: "172.32.44.10,172.32.44.11".

[--hosts-file-only [true]|false]

If this option is used then the nstipconf script will only add an updated entry to the Hosts file: "/etc/hosts". Neither the Host Name file: "/etc/hostname" nor the Resolver configuration file: "/etc/resolv.conf" will be altered. This option is typically used for multi-homed (i.e., A system with two or more active network interfaces.) network configurations.

[-h [true]|false] | [--help [true]|false]

When this option is specified, nstipconf will display a short one line description of nstipconf, followed by a short description of each of the supported command line options. After displaying this information nstipconf will terminate.

[-H [true]|false] | [--help-long [true]|false]

This option will attempt to pull up additional nstipconf documentation within a text based web browser. You can force which browser we use setting the environment variable TEXTBROWSER, otherwise, we will search for some common ones.

[-v [true]|false] | [--verbose [true]|false]

When you set this option to true, nstipconf will produce additional output. This is typically used for diagnostic purposes to help track down when things go wrong.

[--version [true]|false]

If this option is specified, the version number of the script is displayed.

Files

/etc/dhcp/dhclient.d/nst.sh

An NST "dhclient" script used to perform all network configurations based on the lease returned from the DHCP server.

/etc/hostname

Configuration file for setting the system host name.

/etc/hosts

Static table lookup file for host names.

/etc/resolv.conf

Domain name resolver configuration file.

/etc/sysconfig/network

Global network configuration file.

/etc/sysconfig/network-scripts/ifcfg-<Network Interface Name>

Individual network interface configuration file.

Environment

TEXTBROWSER

This controls what text based browser is used to display help information about the script. If not set, we will search your system for available text-based browsers (Ex: elinks, lynx ...).

See Also

nstnewscript(1), Network Security Toolkit