Name

nstnetcfg — A command line network interface configuration tool for an NST system.

Synopsis

nstnetcfg [ -m TEXT | --mode TEXT ] [ -i DEVICE | --interface DEVICE ] [ -a IPv4ADDR/PREFIX | --ipv4-addr-prefix IPv4ADDR/PREFIX ] [ -g IPv4ADDR | --gateway IPv4ADDR ] [ --mac-addr MACADDR ] [ --host-name TEXT ] [ --domain-name TEXT ] [ --name-servers IPv4ADDRLIST ] [ --hosts-file-only [true]|false ] [ --virtual-host TEXT ] [ --server-name TEXT ] [ -r DEVICE | --rename DEVICE ] [ -h [true]|false | --help [true]|false ] [ -H [true]|false | --help-long [true]|false ] [ -v [true]|false | --verbose [true]|false ] [ --version [true]|false ]

Description

The nstnetcfg script is used in an NST distribution to assist the System Administrator with the configuration of each network interface adapter and access to the NST WUI. When an NST system is configured with two or more network interfaces, it may be easier to manage the network configuration for each interface device using the "network" service rather than under the control of the "NetworkManager" service. The nstnetcfg script's mode: "--mode ipv4" is used for setting up a static IPv4 Address on a designated network interface, disable the "Network Manager" service and enable the "network" service at runtime as well as system boot time. One can also setup an IPv4 Alias Address with the "--mode ipv4" mode.

This script is typically used with an NST system that has numerous network interfaces for providing network surveillance with hardwired attachments to Ethernet Switches or Routers. It can also be used with a Virtual Machine (VM) that is Network Bridged attached. One will need to take additional steps using the "WPA Supplicant" command: "wpa_supplicant" for an NST system that is "Wi-Fi" network attached if the "NetworkManager" service is not used.

The nstnetcfg script can also be used to Rename a Network Interface Device thus providing a predictable Network Interface Name that is stable and available after each successive system reboot.

Prior to using this script, it is best to allocate or obtain a static IPv4 Address from your Domain Name Server to be used for this NST system. In a network environment that offers DHCP IPv4 Addresses, be careful not to choose an address within the configured IPv4 Address range that will be used for dynamic assignment.

***Note 1: The command should only be run on a Serial Console or a Desktop Terminal when using modes: "ipv4", "netmgr" or "init" due to the fact that the IPv4 Address for this NST system will most likely change.

***Note 2: Both the "NetworkManager" service and the "network" service can be run simultaneously. One could used the "NetworkManager" service for managing the "Wi-Fi" network attached devices and the "network" service for managing direct attached "Hardwired Stealth" network interfaces.

Options

The following command line options are available:

[-m TEXT] | [--mode TEXT]

This option specifies an operational nstnetcfg mode. Currently the following modes: 'ipv4', 'dhcp', 'ssl', 'stealth', 'netmgr', 'rmint', 'init', 'show', 'rename' and 'testudev' are supported. If you specify 'ipv4' the static IPv4 Address: "--ipv4-addr IPv4 Address" will be bound to Interface: "--interface DEVICE". The NST system will also be configured for static IPv4 Address usage. The "network" service will be Started and Enabled at boot time. If you specify 'dhcp' the specified Network Interface: "--interface DEVICE" will use DHCP for deriving its IPv4 Address using the "dhclient" utility. The NST "dhclient" script: "/etc/dhcp/dhclient.d/nst.sh" will be invoked to perform all network configurations based on the results of the lease return from the DHCP server. The "network" service will be Started and Enabled at boot time. If you specify 'ssl' the static IPv4 Address bound on Interface: "--interface DEVICE" will be used in the Apache SSL configuration file: "/etc/httpd/conf.d/ssl.conf" for HTTPS access and for the generation of a new SSL certificate and key file. If you specify 'stealth' then one can configure a network interface device in the "UP" state with a non-binding IPv4 Address. This configuration can be advantageous when one wants to capturing packets in a covert or stealth manner. At system boot time this stealth network configuration will be in effect. If you specify 'netmgr' then the NST system will configured a Network Interface: "--interface DEVICE" under the control of the Network Manager service using an IPv4 Address obtained from a DHCP server. This is the original network configuration provided by the NST distribution. If you specify 'rmint' then all associated configuration entries and files for Network Interface: "--interface DEVICE" will be removed. If you specify 'init' then all network services (Both the "NetworkManager" and the "network" service) will be Stopped and Disabled and all network interface configuration files in directory: "/etc/sysconfig/network-scripts" with the exception of the 'LoopBack (lo)' interface will be removed. The 'hosts' entry in the Name Service Switch configuration file: "/etc/nsswitch.conf" will be set to 'files dns'. If you specify 'show' then all configuration files will be displayed along with the status of network services. If you specify 'rename' then an individual network interface device can be Renamed thus providing a predictable network interface name that is stable and available after each successive system reboot. If you specify 'testudev' then the associated udev network rules files for the selected Network Interface: "--interface DEVICE" will be verified and displayed using the udevadm utility.

[-i DEVICE] | [--interface DEVICE]

When used with mode: 'ipv4', this option will bind the static IPv4 Address: "--ipv4-addr IPv4ADDR/PREFIX" to this specific network interface device. When used with mode: 'ssl', this option allows one to specify a specific network interface device for obtaining the IPv4 Address. If not specified, the IPv4 Address for the default network interface will be used. Setting up an IPv4 Alias Network Interface can also be specified. Example 1: "--interface p4p1". Example 2: "--interface eno1:0".

[-a IPv4ADDR/PREFIX] | [--ipv4-addr-prefix IPv4ADDR/PREFIX]

This option allows one to specify the static IPv4 Address to be bound to network interface device: "--interface DEVICE" when using mode: "--mode ipv4". Add the 'Network Routing Prefix' to the IPv4 Address to form this option in CIDR (Classless Inter-Domain Routing) notation. Example: "--ipv4-addr-prefix 172.32.44.6/24".

[-g IPv4ADDR] | [--gateway IPv4ADDR]

This option allows one to specify an IPv4 Address for the Gateway (i.e., Default Route) when setting up a static IPv4 Address on this NST system using mode: "--mode ipv4". In network computing the Gateway is the packet forwarding rule (route) that is used when no other route can be determeined for a given IPv4 Destination Address. Example: "--gateway 172.32.44.1".

[--mac-addr MACADDR]

This option allows one to override the MAC Address (Hardware Address) for a given network interface device: "--interface DEVICE" Route) when setting up a static IPv4 Address on this NST system using mode: "--mode ipv4". If this option is not specified, then the current associated MAC Address for the selected network interface device will be used. Specify the MAC Address using this format: "xx:xx:xx:xx:xx:xx". Example: "--mac-addr 40:85:A9:45:7E:37".

[--host-name TEXT]

This option allows one to specify a "Host Name" that will be associated with the static IPv4 Address when using mode: "--mode ipv4". It will be used to populate both the Hosts file: "/etc/hosts" and the Host Name file: "/etc/hostname". Use the special host name: "DNS" for automatic lookup (i.e. FQDN - A Fully Qualified Domain Name lookup) of both the "Host Name" as well as the "Domain Name". The "--domain-name" option does not need to be specified if the special case "--host-name DNS" option is used. If this parameter is used with mode: "--mode dhcp", then the "--host-name HOSTNAME" value will be used to send the "host-name" option to the DHCP server which specifies the name of the NST client system. Example: "--host-name striker".

[--domain-name TEXT]

This option allows one to specify a "Domain Name" that will be associated with the static IPv4 Address and Host Name when using mode: "--mode ipv4". It will be used to populate both the Hosts file: "/etc/hosts" and the Resolver configuration file: "/etc/resolv.conf". The "--host-name TEXT" option must be used with this option. The "--domain-name" option does not need to be specified if the special case "--host-name DNS" option is used. Example: "--domain-name balloon.org".

[--name-servers IPv4ADDRLIST]

This option allows one to specify one or more "Domain Name Servers" to be populated in the Resolver configuration file: "/etc/resolv.conf" when using mode: "--mode ipv4". Use an IPv4 Address to specify each "Domain Name Servers". Separate each IPv4 Address with a comma (,). The "--domain-name TEXT" option must be used with this option. Example: "--name-servers 172.32.44.10,172.32.44.11".

[--hosts-file-only [true]|false]

If this option is used then the nstnetcfg script will only add an updated entry to the Hosts file: "/etc/hosts". Neither the Host Name file: "/etc/hostname" nor the Resolver configuration file: "/etc/resolv.conf" will be altered. This option is typically used for multi-homed (i.e., A system with two or more active network interfaces.) network configurations.

[--virtual-host TEXT]

This option may be used in conjunction with mode "--mode ssl" to set the Apache "VirtualHost" directive in the SSL configuration file: "/etc/httpd/conf.d/ssl.conf". The syntax for using this option is: "IPAddr:Port IPAddr:Port ...". The IPv4 Address of the NST system may be used. The "Port" value is ususally set to match the Apache SSL listening directive: "Listen" for standard HTTPS access (i.e., 443). Separate two or more "IPAddr:Port" combination values with a space. Use double quotes when specifying this option. If this value is not specified, then the default value: "*:443" will be used. Example: '--virtual-host "172.32.44.6:443"'.

[--server-name TEXT]

This option may be used in conjunction with mode "--mode ssl" to set the Apache "ServerName" directive in the SSL configuration file: "/etc/httpd/conf.d/ssl.conf". The syntax for using this option is: "IPAddr:Port or Fully-Qualified-Domain-Name:Port". The "Port" value is ususally set to match the Apache SSL listening directive: "Listen" for standard HTTPS access (i.e., 443). The IPv4 Address or Host Name of the NST system should be used. If this value is not specified, then the default IPv4 Address of the NST system will be used. Example 1: "--server-name 172.32.44.6:443". Example 2: "--server-name nst.securenet.compxyz.com:443"

[-r DEVICE] | [--rename DEVICE]

This option must be used with mode: 'rename'to configure the udev network rules file: "/etc/udev/rules.d/79-my-net-name-slot.rules" for renaming the specified network interface device: "--interface DEVICE" to the network interface name: "--rename DEVICE". The MAC Address (Hardware Address) will be used to identify the network interface device: "--interface DEVICE". One can override the native MAC Address using the "--mac-addr MACADDR" option. Typically, one needs to 'Reboot' the system for this device name change to take effect. The "NetworkManager" or the "network" configuration file for this network interface will also be renamed.

[-h [true]|false] | [--help [true]|false]

When this option is specified, nstnetcfg will display a short one line description of nstnetcfg, followed by a short description of each of the supported command line options. After displaying this information nstnetcfg will terminate.

[-H [true]|false] | [--help-long [true]|false]

This option will attempt to pull up additional nstnetcfg documentation within a text based web browser. You can force which browser we use setting the environment variable TEXTBROWSER, otherwise, we will search for some common ones.

[-v [true]|false] | [--verbose [true]|false]

When you set this option to true, nstnetcfg will produce additional output. This is typically used for diagnostic purposes to help track down when things go wrong.

[--version [true]|false]

If this option is specified, the version number of the script is displayed.

Files

/etc/dhcp/dhclient.d/nst.sh

An NST "dhclient" script used to perform all network configurations based on the lease returned from the DHCP server.

/etc/hostname

Configuration file for setting the system host name.

/etc/hosts

Static table lookup file for host names.

/etc/resolv.conf

Domain name resolver configuration file.

/etc/udev/rules.d/79-my-net-name-slot.rules

Custom udev network rules policy file.

/usr/lib/udev/rules.d/80-net-name-slot.rules

Default udev network rules policy file.

/etc/sysconfig/network

Global network configuration file.

/etc/sysconfig/network-scripts/ifcfg-<Network Interface Name>

Individual network interface configuration file.

Environment

TEXTBROWSER

This controls what text based browser is used to display help information about the script. If not set, we will search your system for available text-based browsers (Ex: elinks, lynx ...).

See Also

nstnewscript(1), Network Security Toolkit