1 | <sect1 id="postlfs-config-random" xreflabel="random">
|
---|
2 | <?dbhtml filename="random.html" dir="postlfs"?>
|
---|
3 | <title>Random number generation</title>
|
---|
4 |
|
---|
5 | <para>The Linux kernel supplies a random number generator which is accessed
|
---|
6 | through <filename>/dev/random</filename> and
|
---|
7 | <filename>/dev/urandom</filename>. Programs that utilize the random and
|
---|
8 | urandom devices, such as OpenSSH, will benefit from these instructions.</para>
|
---|
9 |
|
---|
10 | <para>When a Linux system starts up without much operator interaction, the
|
---|
11 | entropy pool, data used to compute a random number, may be in a fairly
|
---|
12 | predictable state. This creates the real possibility that the number generated
|
---|
13 | at startup may always be the same. In order to counteract this effect,
|
---|
14 | you should carry the entropy pool information across your shut-downs and
|
---|
15 | start-ups. The following init.d script and links will perform this function
|
---|
16 | for you automatically.</para>
|
---|
17 |
|
---|
18 | <para><screen><userinput>cat > /etc/rc.d/init.d/random << "EOF"
|
---|
19 | </userinput>
|
---|
20 | #!/bin/sh
|
---|
21 | # Begin $rc_base/init.d/random
|
---|
22 |
|
---|
23 | # Based on sysklogd script from LFS-3.1 and earlier.
|
---|
24 | # Rewritten by Gerard Beekmans - gerard@linuxfromscratch.org
|
---|
25 | # Random script elements by Larry Lawrence
|
---|
26 |
|
---|
27 | source /etc/sysconfig/rc
|
---|
28 | source $rc_functions
|
---|
29 |
|
---|
30 | case "$1" in
|
---|
31 | start)
|
---|
32 | echo "Initializing kernel random number generator..."
|
---|
33 | if [ -f /var/tmp/random-seed ]; then
|
---|
34 | cat /var/tmp/random-seed >/dev/urandom
|
---|
35 | fi
|
---|
36 | dd if=/dev/urandom of=/var/tmp/random-seed count=1 &>/dev/null
|
---|
37 | evaluate_retval
|
---|
38 | ;;
|
---|
39 |
|
---|
40 | stop)
|
---|
41 | echo "Saving random seed..."
|
---|
42 | dd if=/dev/urandom of=/var/tmp/random-seed count=1 &>/dev/null
|
---|
43 | evaluate_retval
|
---|
44 | ;;
|
---|
45 |
|
---|
46 | *)
|
---|
47 | echo "Usage: $0 {start|stop}"
|
---|
48 | exit 1
|
---|
49 | ;;
|
---|
50 | esac
|
---|
51 |
|
---|
52 | # End $rc_base/init.d/random
|
---|
53 | <userinput>EOF
|
---|
54 | chmod 755 /etc/rc.d/init.d/random</userinput></screen></para>
|
---|
55 |
|
---|
56 | <para>Create the symbolic links to this file in the relevant rc.d directories
|
---|
57 | with the following commands:
|
---|
58 | <screen><userinput>cd /etc/rc.d/init.d &&
|
---|
59 | ln -sf ../init.d/random ../rc0.d/K45random &&
|
---|
60 | ln -sf ../init.d/random ../rc2.d/S25random &&
|
---|
61 | ln -sf ../init.d/random ../rc3.d/S25random &&
|
---|
62 | ln -sf ../init.d/random ../rc4.d/S25random &&
|
---|
63 | ln -sf ../init.d/random ../rc5.d/S25random &&
|
---|
64 | ln -sf ../init.d/random ../rc6.d/K45random</userinput></screen></para>
|
---|
65 |
|
---|
66 |
|
---|
67 | </sect1>
|
---|
68 |
|
---|