On August 9, 2003 07:22 am, Gareth Jones wrote: > I would like to make root read only, but it seems that this is not > possible. I've put /var, /home, /tmp and /usr one different file systems, > and that works ok - but gentoo writes to /etc during bootup. I can't put > /etc on a separate file system, because it is needed during boot.
AFAIK, mount hardcodes the the mtab to be in /etc, meaning that /etc can't be on a separate partition, nor a read-only partition. The best you can do is to keep a daily backup of your /etc partition, and ensure the file permissions are as restrictive as possible (ie. chmod 400/444 <file>). However, you may want to look for diskless setup HOWTOs, as this issue must be addressed in a diskless boot. Finally, you could also have a script similar to the *BSD daily output/insecurity logs to keep track of changes to critical configuration files. HTH, Brian -- A career is great, but you can't run your fingers through its hair.
pgp00000.pgp
Description: signature
