JaCL Linux README

INTRODUCTION

For general information about JaCL, please visit the website:
http://www.northsecure.com/jacl/

JACL CONFIGURATION

     JaCL uses a very simple method for server configuration.  It
simply consists of one tarball which contains:

       a) a rc.jacl startup script 
       b) any additional configuration files or data


The rc.jacl startup script is a standard UNIX (BSD-ish) startup script
similar to rc.local from which all services and actions will be
performed.  Examples of additional configuration files or data that
you might want add to the configuration tarball include
httpd.conf, syslog.conf, motd, issue, ssh keys, web trees, databases,
etc. depending on the application you want to use JaCL Linux for.

The tarball should be a tar of a jacl/ directory, containing a
jacl/rc.jacl file, and should be named one of the following:

	a) jacl.tar.nc 
	b) jacl-nopass.tar 

The jacl.tar.nc file should be encrypted with mcrypt
(http://mcrypt.sourceforge.net/) with the following command:

	> mcrypt jacl.tar 
	or
	> mcrypt -a twofish jacl.tar 
	(or whatever algorithm you prefer)


Remember your password, you will be prompted for it at bootup.

If you wish not to encrypt your configuration files, you can use a
jacl-nopass.tar file instead.  This is not recommended if possible,
see DISCUSSION.

A "name".jacl.tar.nc is planned, where "name" represents any value you
would like to use to identify this configuration tarball.  This will
allow you to select from one of many configuration files at bootup.  

The configuration tarball should be coppied to the root directory of
either a floppy or external USB device (/dev/uba).  The media can be
formatted vfat, ext2 or ext3.

At bootup, the file will be unencrypted, extracted to the /root/
directory, and the /root/jacl/rc.jacl file will be executed.  
Configuration files should be coppied into place and servers started
with the rc.jacl init script.

NUTSHELL

Here are the steps necessary to create a working JaCL configuration
tarball: 


	 1. create a jacl directory
	 2. create a jacl/rc.jacl startup script
	 3. add commands to the script, i.e. "/etc/init.d/httpd start"
	 4. add files/data to the jacl/ directory
	 5. tar up the directory: tar -cvf jacl.tar jacl/
	 6. encrypt the tarball: mcrypt jacl.tar
	 7. copy to USB device or floppy 
	 8. insert floppy/USB device when booting from the JaCL CD

These commands can be performed on your local Linux workstation 
(you will need mcrypt) or on a system running JaCL.  


DISCUSSION

For security, it is highly recomended that the encrypted tarball 
(jacl.tar.nc) be used over the unencrypted version.  One advantage
of using JaCL is that there is a reduced risk that your system will
be compromised (remotely or localy), but there is always a risk.  In 
the event of a compromise,  an encrypted configuration file reduces
the risk of your configuration files being tampered with.  If the
jacl.tar.nc file has been replaced, your password should no longer work
unless it has also been compromised.  Write protecting floppies, removing
floppies after boot or removing usb devices after boot offer an additional
level of protection.


When booting from a headless device, where a decryption password for the
jacl.tar.rc can not be entered, a jacl-nopass.tar will automatically 
extract and install.   Removing the floppy or usb device after boot
or write protecting the floppy is extreemely encouraged.  A serial 
console version of JaCL is also being considered for headless systems.


If your tarball contains passwd/shadow files that get coppied to /etc/, 
the bootup script will detect that the root password has been set, and
will not prompt you for one.  This will allow a system to boot up 
without any user intervention.  

LICENSE

This software, JaCL, JaCL startup files, configuration tarballs and 
any other associated files are distributed under the GNU General 
Public License.  Use at your own risk.

JaCL Linux, a command line, security enhanced, configurable live CD
Linux distribution.  Copyright (C) 2005 R. Tom Northcutt

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  
02110-1301, USA.

Contact information: Tom Northcutt, tom [at] northsecure.com.
For JaCL related questions, jacl [at] northsecure.com.
For additional information:  http://northsecure.com/jacl/