The first time you boot from a Network Security Toolkit
CDROM you should press the SPACE
BAR to prevent it from automatically booting. You only
have a few seconds (5 secs) to do this
before it boots up using the default setting.
On the keyboard you can use the F1, F2, F3, F4 and F5 keys to move between the console boot screens. You will find a wealth of information as to how you can adjust the boot options for different situations. For a serial boot, the keystrokes are slightly different for access to the boot screens. On the terminal emulator keyboard use the Ctrl+F+1, Ctrl+F+2, Ctrl+F+3, Ctrl+F+4, Ctrl+F+5 keystroke sequences.
When the Network Security Toolkit ISO image was created for public distribution, we had to guess at what settings would be the most common. We tried to provide a ISO who's default options would work for the majority of situations. If you determine that our default choices don't work for your particular situation, you will need to specify your own boot options.
If the network you are booting the Network Security Toolkit on does not have a DHCP server, the default boot options won't work. You will see errors in this situation as the Network Security Toolkit won't be able to retrieve a IP address from a DHCP server.
In this situation, you should specify
base, mbase,
serial, utils,
pcmcia, or usb at boot
time. For example:
boot:mbase
It would be very difficult to show screen captures of the console boot screens other than to take digital pictures. Thus, we will present the boot screens from a serial boot session below in lieu of console screen captures.
If the system you are using does not have a keyboard, video card, or monitor (i.e. typically this is found with server systems and is referred to as a "headless configuration"), its still possible to adjust the default boot Kernel and NST settings. If you connect a null modem cable from the first serial port (COM:1 or ttyS0) on NST to a dumb terminal or second computer, one can control the NST boot time environment.
You will need to use the following serial settings:
Table 1.2. Serial Port Settings
| Baud | 19200 |
| Stop Bits | None |
| Data Bits | 8 |
| Stop Bits | 1 |
| Flow Control | None (minicom enables flow control by default - you need to edit the configuration to disable). |
| Emulation | ANSI (at least for minicom) or VT220 . |
For example, I use the
minicom program for serial
communications on my Linux box. I've set up a
minicom configuration named
server that I use when I want to
adjust the Network Security Toolkit boot process for a headless or dual
monitor (i.e. both serial and console) NST system. After
connecting a null modem cable between the two computers, I
started up minicom on my laptop and
then powered up a headless NST server with the
CDROM loaded. The following captions depict
the NST serial boot, configuration, option, help,
and specification screens (note: these screens have
been captured using development versions of the Network Security Toolkit - your
screens may be slightly different):
Figure 1.2. NST Serial Boot Screen <^F-1>
[pkb@salsa html]$minicom serverWelcome to minicom 2.00.0 OPTIONS: History Buffer, F-key Macros, Search History Buffer, I18n Compiled on Jan 25 2003, 00:15:18. Press CTRL-A Z for help on special keys Linux Network Security Toolkit (NST) http://www.networksecuritytoolkit.org/ ========================(Linux Kernel: 2.6.8-1.521smp)========================= Welcome to the Linux Network Security Toolkit (NST). This bootable ISO CD is based on Fedora Core 2 Linux. The toolkit is designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms. Default NST boot 5.0s: desktop (USB + DHCP-Client + SSHD + HTTPD) =============================================================================== [<^F-1> Main] [<^F-2> Configs] [<^F-3> Options] [<^F-4> Help] [<^F-5> Specs] HIT SPACE BAR TO DISABLE AUTO-BOOT! NST(v1.2.0): Wed Nov 03 03:22:27 UTC 2004 boot:
You still need to press the SPACE BAR to disable the auto boot (if you want to customize your boot options). Also, you'll need to use Control+F+1, Control+F+2, etc instead of the function keys to toggle between the help screens.
The following captions show the available NST serial boot screens:
Figure 1.3. NST Kernel Boot Configurations <^F-2>
NST Kernel Boot Configurations
===============================================================================
The following NST boot configurations are provided for your convenience
when booting an NST session:
Example to boot NST with: (USB Support + PCMCIA + DHCP-Client + SSHD + HTTPD):
Type: laptop <Enter>
===============================================================================
[ base] - Base NST: (User input required: ramdisk_size=65536 or greater)
[ mbase] - base + ramdisk_size=2097152
[ serial] - mbase + Serial Console + NST_SERIAL
[ desktop] - Default: mbase + NST_UTILS + NST_USB + NST_DHCP_SSHD + NST_HTTPD
[ laptop] - desktop + NST_PCMCIA
[ server] - desktop + Serial Console + NST_SERIAL
[ utils] - mbase + NST_UTILS
[ pcmcia] - utils + NST_PCMCIA
[ usb] - utils + NST_USB
[memstick] - usb + NST_CUSTOM=nstboot,sda1,auto
[ mserial] - memstick + Serial Console + NST_SERIAL
===============================================================================
[<^F-1> Main] [<^F-2> Configs] [<^F-3> Options] [<^F-4> Help] [<^F-5> Specs]
boot:
Figure 1.4. NST Kernel Boot Options <^F-3>
NST Kernel Boot Options
===============================================================================
The following NST boot configurations options are supported for automatic
startup post Kernel boot:
[ NST_USB] - Add support for USB devices
[ NST_UTILS] - Load full NST utility programs
[NST_DHCP_SSHD] - NST_UTILS + syslogd/klogd + dhclient eth0 + sshd
[ NST_PCMCIA] - NST_UTILS + syslogd/klogd + PCMCIA support
[ NST_SERIAL] - Enable a login session on: /dev/ttyS0 (COM1:)
[ NST_HTTPD] - Start Apache Web services: httpd
[ NST_SCSI=MOD] - Install SCSI module MOD[,MOD1...]
[ NST_CUSTOM] - Custom boot NST_CUSTOM=NAME[,DEV[,TYPE]|URL]
===============================================================================
[<^F-1> Main] [<^F-2> Configs] [<^F-3> Options] [<^F-4> Help] [<^F-5> Specs]
boot:
Figure 1.5. NST Kernel Boot Help <^F-4>
NST Kernel Boot Help
===============================================================================
- To disable the automatic boot of the NST Linux Kernel type any key within
5 seconds (Ex: hit the space bar) after the initial splash screen appears.
- To initiate a NST boot session with a preconfigured NST boot just type
the NST configuration label and hit the <Enter> key. See [<^F-2> Configs].
Example: laptop <Enter>
- To initiate a NST boot session with a preconfigured NST boot and specific
NST options just type the NST configuration label followed by any options and
then hit the <Enter> key. See the [<^F-3> Options] screen for further details.
Example: mbase NST_PCMCIA NST_USB <Enter>
- To enable the Kernel Serial Console append the following Kernel options:
Example: laptop console=tty0 console=ttyS0,19200n8 <Enter>
- To boot NST in single user mode - use Kernel parameter: "single"
Example: mbase single <Enter>
===============================================================================
[<^F-1> Main] [<^F-2> Configs] [<^F-3> Options] [<^F-4> Help] [<^F-5> Specs]
boot:
Figure 1.6. NST Kernel Boot Specifications <^F-5>
NST Kernel Boot Specifications
===============================================================================
- At least 128 MBytes of RAM is a minimum requirement to run NST.
- NST kernel and initial RAM disk (initrd) boot command line parameters:
vmlnznst initrd=nstrd.gz root=/dev/ram0 ramdisk_size=2097152
- For a server boot, both Isolinux serial and a login session on device:
/dev/ttyS0 (COM1:) are enabled. Use vt220 terminal emulation with the
following serial parameters: 19200 baud, no parity and 8 data bits.
- For a SCSI CDROM server boot with a system that has a Symbios Logic SCSI
storage controller use: server NST_SCSI=sym53c8xx.
- For a fully customized boot using a USB memory stick (/dev/sda1) and the
/nstboot/setup.sh script on the memory stick use: memstick.
- For a customized boot using a tar.gz file at http://192.168.9.1/nb.tgz
containing nb/setup.sh use: desktop NST_CUSTOM=nb,http://192.168.9.1/nb.tgz.
===============================================================================
[<^F-1> Main] [<^F-2> Configs] [<^F-3> Options] [<^F-4> Help] [<^F-5> Specs]
boot:
As a side note, booting via a serial console is an excellent way to capture error messages if you have a system that has trouble booting from the Network Security Toolkit CDROM (especially if you have a kernel panic situation).