Re: Easily configurable firewall?

From: Scott Gifford (sgifford@suspectclass.com)
Date: 12/07/01


To: Don Felgar <dfelgar@rainierinternet.com>
From: Scott Gifford <sgifford@suspectclass.com>
Date: 06 Dec 2001 20:49:54 -0500

Don Felgar <dfelgar@rainierinternet.com> writes:

[...]

> Anyway, my question is actually this: what's the best way to configure
> a group of Linux boxes en masse? My current thinking is that I'll
> copy all the .debs (I'm using Debian) that I want onto a cdrom, and
> then run a script on each machine that prompts for the bits of
> information that differ from one machine to the next, such as IP
> addresses, VPN config, etc, and writes them in the appropriate file.
> Any better ideas?

RedHat has KickStart, which is designed to do exactly this sort of
thing. I haven't worked with it, but it looks similar to JumpStart,
Sun's software to do the same thing. JumpStart is a bear to set up,
but works beautifully once it is.

Not sure if Debian has anything similar, but you might want to see if
KickStart has ideas you can steal.

You could also look at solutions that involve booting directly from
the CD; then you just stick a CD in and you're good. Upgrades involve
burning a new CD and sending it out; rollbacks in the event of a
problem involve switching CDs.

Make sure that whatever you do, you include in it a plan for upgrading
software and kernels as security bugs are found in them.

----ScottG.