Date: Thu, 12 Jul 2001 14:12:07 -0700 From: "Brian" <bri@sonicboom.org> To: "Bart Silverstrim" <bsilver@sosbbs.com>, <freebsd-isp@FreeBSD.ORG> Subject: Re: gcc on production server Message-ID: <005101c10b17$51c67b00$3324200a@sonicboom.org> References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
There are some articles on sans.org that talk about making /usr read only on a solaris system. Perhaps some portions of http://www.sans.org/newlook/resources/hard_solaris.htm, especially the step by step at the bottom could be used, at least from an idea perspective. I know its Solaris but ideas can be grafted. Bri ----- Original Message ----- From: "Bart Silverstrim" <bsilver@sosbbs.com> To: <freebsd-isp@FreeBSD.ORG> Sent: Thursday, July 12, 2001 1:50 PM Subject: Re: gcc on production server > > ----- Original Message ----- > From: "Paul Robinson" <paul@akita.co.uk> > To: "Hug Me" <hugme@hugme.org> > Cc: <freebsd-isp@FreeBSD.ORG> > Sent: Thursday, July 12, 2001 7:35 AM > Subject: Re: gcc on production server > > > On Jul 11, Hug Me <hugme@hugme.org> wrote: > > >> if you are REALLY worried about security, get a drive that has a jumper > you > >> can change to read only, put your operating system on it, move the > jumper > > > >Ummmm... that's not clever. That's stupid. So, you're an ISP. If you're > >running this system, exactly how do you deliver mail, allow users to change > >webpages, etc? Oh yeah, and just out or curiosity, what happens to /var and > >/tmp ? As one colleague just replied when I read that paragraph to him > >"that's not an OS - it's a coaster". I hope it keeps your coffee warm. > > Why not use two drives, one read only with the OS on it, one with multiple > partitions to mount to /var and /tmp, <swap>, /home...stuff like that...or > some variation of that theme? > > I toyed with the idea of trying to make bootable CD's for the key system > files and such before, should work in a similar manner to what is basically > described above (although performance from the read operations would be > terrible) if I actually had the time and extra hardware to dedicate to > making system laid out to create a "image" and make a slave drive on another > system with a CD-R drive :-) Gotta admit, that would make it terribly > difficult to crack into and lay trojaned system binaries... > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.264 / Virus Database: 136 - Release Date: 7/3/01 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005101c10b17$51c67b00$3324200a>