Subject: Re: r/o filesystem restrictions for firewall?
To: Jon Lindgren <jlindgren@slk.com>
From: Andrew Brown <atatat@atatdot.net>
List: port-sparc
Date: 10/23/2000 13:53:14
off the top of my head i'd suggest netbooting it with nfs stuff
mounted ro for testing. that way, if you *do* find a problem, you
haven't wasted a cd.
you may even decide to mount /tmp rw from another machine.
On Mon, Oct 23, 2000 at 12:26:07PM -0400, Jon Lindgren wrote:
>I finally have a spare sparc to use as a true firewall. I'm planning to
>burn a CD for this sucker to boot from. I don't want it to have local
>mass storage (besides the cd...).
>
>I've been looking around at regular processes which run and require
>temporary files, such as the daily security items, etc... I figure I can
>knock syslog stuff to a remote machine, I'll be disabling mail and other
>audit scripts (hmmm....), but what about items such as /var/log/wtmp and
>such?
>
>So the 1e6 dollar question is: does anyone have any ideas what other
>subsystems may be affected by having a r/o local filesystem when running
>multiuser? I've been able to experiment for a few hours or so, but I've
>not run the thing for months yet...
>
>Any ideas, tips, etc... are well appreciated.
>
>-Jon
> --------------------------------------------------------------------
> "Trout are freshwater fish, and have underwater weapons."
> "Zing, zing zing zing!"
> "Keep away from the trout."
> -- The opinions expressed are not necesarily those of my employer --
> -- Come to think of it, they aren't necesarily mine, either --
> "Who stole my lawn?"
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."