Once you have a copy of the source code, you will need to configure your build environment. The easiest way is typically to use the top level configure command to guess at the defaults for your system.
[root@salsa root]# cd $HOME/nst
[root@salsa nst]# ./configure
We are constantly updating the configuration process. We have designed the default behavior of the configure to set things up such that one can then invoke the make command and produce a ISO image. For those actively involved in the development of the Network Security Toolkit, it is recommended that you use the following command to see what options are currently configurable:
[root@salsa root]# cd $HOME/nst
[root@salsa nst]# ./configure --help | less
Network Security Toolkit (NST)
http://www.networksecuritytoolkit.org/
This top level directory allows one to configure and build the entire set of
source packages making up the NST. If you have a full Fedora installation,
you can do the following to build the documentation, web user interface and
create a ISO image:
./configure
make
The resulting ISO image can be found using:
ls src/*.iso.gz
If you have not installed all of the optional packages which the NST
supports (as many additional packages than found under Fedora are
supported), you will most likely get a bootable CD with a subset of the full
NST capabilities. You should really refer to the Technical documentation set
at the NST home page for additional notes on the build process.
The top level configure script must be run without error before you
will be able to build the NST.
Once configured, you can use:
make help
To see what targets are available.
OPTIONS:
-c DIR, --config-dir DIR
The user "customization" directory. We look for optional files which
control the building of the NST in this directory. It defaults to
$HOME/.nst if not specified. We look for the optional customization
files: configure.sh, disable[.ARCH].txt and post_install.sh in this
directory.
-d DIR, --build-dir DIR
Set the location to be used for building the NST with.
Default: ${DSTDIR}
--pkg-cats "boot system ..."
Specify a specific set of package categories (sub directories
found under src/packages) to be included in the ISO. If omitted
then the default package list will be included.
-p PASSWD, --passwd PASSWD
Set the master password for the NST. WARNING: This will be stored
as clear text in the config files (the files will be set read only
for the user, but this is still not recommended). If you omit this
option, you will be prompted each time your build the ISO to enter
the password for the ISO image your are building.
--compress-iso true|false
Set this to false if you don't want to bother compressing the
files on the ISO image or the resulting ISO image file. This decreases
the time to build the ISO image (which is really handy during
development time). You should leave this at its default value of
'true' for any ISO image that is publically released.
--ct-passwd PASSWD
Set the "clear text" password used for applications where we
haven't found a means to avoid it (setting up the SQL database, and
the WUI for phpMyAdmin and nessus). This will be stored in one
file (/etc/nst.conf) with the permissions set such that only the root
user (or members for the root group) are able to access it.
--ct-snort-passwd PASSWD
Set the "clear text" password used to access the Snort
database. This will be stored in one file (/etc/nst.conf) with
the permissions set such that only the root user (or members for the
root group) are able to access it.
--prompt-phrase
If this option is specified, then you will be prompted for a pass
phrase during the build process. If not specified, the pass phrase use
for the ssh key will be the same as the root password.
--hostname TEXT
This option controls the default host name that the probe will
use at boot time (default is "probe").
--domainname TEXT
This option controls the default domain name that the probe will
use at boot time (default is "localdomain").
--hw-clock-utc
This option tells NST at boot that the system's hardware clock is set to
UTC time. If NST is used on system's with the hardware clock set to
the local time, do not use this option.
--strip true|false
Set this to false if you don't want to bother running the
lddcheck utility during the post install stage. This will
decrease the build time, but increase the size of the resulting ISO
image.
--timezone TZ
Use this option to set the timezone (TZ) value for the NST ISO. Timezone
values can be found in the "/usr/share/zoneinfo" directory. Do not prepend
the "/usr/share/zoneinfo" header to the TZ value.
(default is "America/New_York")
--boot LABEL
Use this option to change the default boot configuration. If not
specified, it defaults to "desktop". For example, Paul uses "--boot
laptop" to enable PCMCIA services on a default boot. LABEL needs to
be one of the valid boot configurations shown below:
base serial desktop laptop server ide utils pcmcia usb noapm
-k KVER, --kernel-ver KVER
Specify the kernel you want to use (the modules must exist
under /usr/lib/modules/KVER). Default: ${KERVER_DEF}
--kernel-type KTYPE
Specify the kernel type (i386, i586, anthlon). If not specified,
we make a best guess by looking at /boot/kernel.h
--initrd-cpio
Use a compressed CPIO image for the initial RAM disk (instead of
a compressed ext2 filesystem). This appears to work, but has some
issues (like how does one tell how much space is left on '/').
You can enable this in your configure.sh file by including the line:
NST_INITRD_USES_CPIO="true";
--html-dir DIR
Set the top level directory to build HTML documents for.
Default: ${HTMLDIR}
--java JVM
Specify the location of the java virtual machine to use.
Default: ${JAVA}
--at-macro-options OPTIONS
Specify any custom options to pass to invocation of com.ccg.macros.at.All.
Default: ${MACROOPTIONS}
--use-get-method
By default, the @formBegin(ACTION,[ID],[ATTRS]) macro will use the POST
method when submitting form data. Use this option to toggle it to use
the GET method instead (you can change later via "make form-get" and
"make form-post" in wui directory).
--webhost-domain DOMAIN
Specify the domain of the the web hosting account (only used if you
need to update the networksecuritytoolkit.org web site).
Default: No Default
--webhost-user USER
Specify the user account associated with the web hosting account
used to administer the networksecuritytoolkit.org web site (again this
is only required for those that need to upload the web site
information).
--sf-user USER
Specify your user ID at sourceforge.net (this is not required, but
enables those associated with the project to make "releases")
--sf-mirror URL
Specify the sourceforge.net mirror site to use as the root URL when
fetching some of the optional packages. It defaults to:
${SOURCE_FORGE_MIRROR}.
--build-root DIR
Specify the top level directory where extra packages required for
a full NST install are stored and built at. Default: /usr/local/src
--show
Show configurable variables and what they will be set to. NOTE:
If you copy this output to $HOME/.nst/configure.sh, you can "tweak"
the values for future invocations of the configure script.
--save
Save current configuration to $HOME/.nst/configure.sh for future
invocations.
--on-line-docs
This option will increase the size of the ISO image
created (because we will include the larger documents - instead of
using external links). Developers wishing to update the official
web site will need to this option (you might be able to get away
with "make docs upload" - but I wouldn't bet the farm on it).
--old-menus
Use old menu system (no WUI menu bar and small fluxbox menu).
If omitted, the new "Unified Menu" archictecture will be used.
Alternatively, you can set the "UNIFIED_MENU" variable to
"true" to enable the new architecture, or "false" to use the
old architecture.
--skip-scripts
This will prevent us from checking whether the NST needs to rebuild
all of the scripts from their source. This should only be done if
you know that the scripts don't need to be re-built. This option
is intended to help save a developer time when they are working on the
top level configure script. IF YOU DON'T KNOW WHAT YOU ARE DOING, DO
NOT USE THIS OPTION!
--help
This is the only option available at the top level configure.
RECOMMENDATION:
If you are a developer which likes to customize their environment, you
can use the following as a starting point for creating your own custom
"configure" of the NST:
#!/bin/bash
#
# Start with defaults and set sourceforge.net user ID to sfuser
#
NSTHOME=$HOME/nst
if [ -f "$NSTHOME/Makefile" ]; then (cd $NSTHOME; make clear); fi
(cd $NSTHOME; ./configure --sf-user sfuser --html-dir $HOME/public_html )
TESTING:
There are numerous tests that can be run from the development system
against a "live" NST system. To run these tests:
* WARNING: Be aware that the tests are "destructive" (the NST system
being tested won't be restored to its original state). The tests
are meant to be run against a "fresh" boot or install.
* Boot the NST System (a fresh boot is best)
* Make sure you ssh keys are set properly (you should be able to ssh
to the probe from the development system without entering a passwd)
* Run the following command on the development system (use the IP
address of the NST System to run the test on):
make HOST=IP_ADDRESS test
* You can run individual tests by specifying the name of the test
sub-directory (run "ls test" to see possible names). For example:
make HOST=IP_ADDRESS test TEST=man
* Some tests will be skipped unless configured. The following variables
can be added to your ~/.nst/configure.sh script to enable these
additional tests:
#
# For tests which send out email
#
TEST_SMTP_DOMAIN="linux.bogus";
TEST_SMTP_SERVER="smtp.${TEST_SMTP_DOMAIN}";
TEST_SENDMAIL_FROM="nst.test@${TEST_SMTP_DOMAIN}";
TEST_SENDMAIL_TO="my.email@bogus.com";
DISABLING:
It is now possible to disable the addition of specific categories
and/or packages. To do this, create the file $HOME/.nst/disable[.ARCH].txt
and add entries (single entry per line) in the form of CATEGORY or
CATEGORY/PACKAGE. For example, the following two lines would prevent
ALL of the packages in the "application" category from being added as
well as the "wlan-ng" package from the "networking" category:
applications
networking/wlan-ng