RE: [leaf-user] Newbie

Wed, 31 Jul 2002 09:13:16 -0700 

At 06:11 PM 7/31/02 +0530, S Mohan wrote:
>I want to create in such a manner that every time the configuration has
>to be changed, the system has to be taken off the network, make
>writeable, config changes made and turned back to read only. Changes can
>be made only from console as root after remounting the fs as rw.


If I understand what you want to accomplish, LEAF is not the best place for 
you to start. The LEAF standard is to boot from some medium into a RAM disk 
and run from there. I don't believe there is any hardware way to make a RAM 
disk read only.

Security efforts here have focused on making the boot medium read-only 
secure. Among the solutions in use are:

         1. a floppy with the WP tab in place (obvious)
         2. burning the configuration to a CD (Dachstein includes 
instructions).
         3. using an IDE-emulator that has a physical WP switch added 
(check the list archives from, I think, last April).

But securing the boot medium in any of these ways is not the same as 
securing the root filesystem. For that, you need a fundamentally different 
approach -- doable, but LEAF is not the natual place to start from.


>This will avoid rootkit hacks and buffer overflow hacks which gives the
>marauder a root shell. They normally install a set of programs which
>replicates itself. Vulnerabilitites known in BIND, OpenSSH, Apache etc.
>He cannot write and hence cannot hack. Alternatively, I plug in the HDD/
>memory stick into another system, mount it and change the config files.
>Take it out and plug it into the other machine again.
>
>Mohan
>-----Original Message-----
[deleted]


--
-----------------------------------------------"Never tell me the 
odds!"--------------
Ray Olszewski                                        -- Han Solo
Palo Alto, California, USA                              [EMAIL PROTECTED]
-------------------------------------------------------------------------------------------



-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to