I want to create in such a manner that every time the configuration has to be changed, the system has to be taken off the network, make writeable, config changes made and turned back to read only. Changes can be made only from console as root after remounting the fs as rw.
This will avoid rootkit hacks and buffer overflow hacks which gives the marauder a root shell. They normally install a set of programs which replicates itself. Vulnerabilitites known in BIND, OpenSSH, Apache etc. He cannot write and hence cannot hack. Alternatively, I plug in the HDD/ memory stick into another system, mount it and change the config files. Take it out and plug it into the other machine again. Mohan -----Original Message----- >My objective: build a secure router/firewall/bandwidth manager system >preferably without any moving components and a disk/fs component that >would allow me to make the device read-only thro' physical means e.g. >tabs, jumpers etc. I intend using a flash 8MB IDE module. I know and >understand iproute2, tc, ipchains, iptables etc. I was looking at a >good firewall script generator and I came across shorewall. > >I need a few pointers please. TIA for all help. ALL IDEAS on any of the >above welcome. > >1. Does LEAF always boot off floppy? Can I load it on a flash module >that plugs into the IDE and make it boot off that piece? No leaf doesn't have to boot off of a floppy, i have been running an ide based memory module for months now. Some people run from flas,hdd or cdrom. >2. Are the appropriate parts of the fs by default ro to prevent >hacking? I am not sure about what you mean by apropriate parts, but most things are only editable by the owner which usually means root. >3. Is there any doc or site or URL that helps a person like me >understand how I can move from a regular distro to this smoothly. I don't know about a document explaining how to move from a regular distro to a leaf based solution, but the bering branch comes with a very good installion & user guide. Check the documentation part of the leaf branch. Kim Oppalfens > >Mohan > > > >------------------------------------------------------- >This sf.net email is sponsored by: Dice - The leading online job board >for high-tech professionals. Search and apply for tech jobs today! >http://seeker.dice.com/seeker.epl?rel_code=31 >----------------------------------------------------------------------- >- >leaf-user mailing list: [EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user >SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
