How to learn from Shurdix
Introduction
Most of the features and methods used in Shurdix are usable in any linux distribution. As a typical programmer, I am lazy to write documentation and prefer to write code. Therefore it is not obvious how to profit from Shurdix’ development when using a different distribution.
The code is internally commented, and most programs are written in ash or perl, so at least in theory it can be understood pretty fast what it does and how it works. Sometimes minor editing may be necessary in order for the scripts to work in other linux distributions. Some require additional packages, patches or kernel modules.
This page was written to give you some hint how to profit from Shurdix’ programs in other distributions.
Getting the files
There are several options to obtain the files:
- Download Shurdix ISO and boot it. The only required parameter is ROOTPW so that you can log in
- Download Shurdix root filesystem and mount it, for example like this:
wget http://www.shurdix.org/download/shurdix-0.3.cramfs mkdir /mnt/tmp mount -t cramfs -o loop,ro shurdix-0.3.cramfs /mnt/tmp
- Download Shurdix devel package, create a new directory and unpack it into it. Inside devel/scripts/src there you can find the Shurdix-specific programs.
Unlike most linux source packages, this one doesn’t create its own directory, but is unpacked directly into the specified (usually current) directory.
Interesting files
Shurdix-specific
| Feature | File | Usage remarks |
|---|---|---|
| Traffic control based on WRR | /usr/local/sbin/tc.sh | without parameters means start, with “-f” means stop. Needs htb, wrr, esfq and imq |
| OpenVPN tunnel | /etc/init.d/rcS | look inside function “ifup” |
| Firewall | /etc/init.d/rcS | look inside function “firewall” |
| IP Accounting (getting data) | /usr/local/sbin/ipacct.pl | based on ipt_ACCOUNT and rrdtool |
| IP Accounting (setting up) | /etc/init.d/rcS | look inside function “firewall”. based on ipt_ACCOUNT |
| IP Accounting (displaying) | /usr/local/sbin/httpd | look inside function “rrdpng”. you need perl module RRDs |
| User management (setting up) | /etc/inid.d/rcS | look inside function “firewall” |
| User management (DHCP) | /usr/local/sbin/updatedhcp.pl | configuration file is for dnsmasq |
| User management (updating) | /usr/local/sbin/inetaccess.sh | data is expected in /mnt/ramdisk/users.dat, subnets on eth1 |
| Transparent SMTP Proxy | /usr/local/sbin/aspe.smtp.pl | you need to redirect traffic with iptables (-j REDIRECT or -j TPROXY) |
| Checking Windows for patches | /usr/local/sbin/vulncheck.pl | specify listening interface as first program argument |
| Hardware autodetection | /etc/init.d/rcS | look inside function “hwdetect” |
Provided by third parties
| Feature | File | Usage remarks |
|---|---|---|
| User management (listing) | ipset -nL | part of ipset |
| IP Accounting (listing) | iptaccount -l | part of iptaccount |
| All source patches | devel/patches/* | only in the devel package |
Commments
Certain scripts expect eth0 or ppp0 to be the internet connection and eth1 to be the LAN.
