Gordon Bos wrote: > Victor McAllister wrote: > >> Write protected hardware requires physical access to the LEAF box. A >> software write protect has the advantage that you can set and unset the >> read and write access to the boot media with putty, ssh. I use two >> scripts loaded by local.lrp. Granted this is a little cumbersome because >> you have to keep a copy of three modules on your desktop machine and >> scp / winscp them over as needed. If you command a reboot, the machine >> is restored to read write status since the scripts are only run manually >> via ssh. >> > > I'm kind of puzzled why you would not run the delete script at boottime. > How can you be sure that the system won't reboot without you knowing it? > uptime 473 days
if I do an uptime and it says 1 day - I will investigate why. (I use a WRAP with a 12 volt battery connected via diodes in parallel with the power supply. The dsl modem and switches are on a UPS. If the AC goes down, my network connection stays up for several hours so laptops can still have access. That is why the LEAF stays up even when the power goes down several times a year.). I only need to SCP the modules over to back up a configuration change. The files necessary for boot are still on the boot media, just not in ram. As you say, no security is perfect. Someone who reads this post, if they could break in, could figure out what modules to bring along. They would need SSH access which is only open to specific public IPs. > Statements as to computer security have been around since the early > days. "No system is ever really secure". "If you want to make a system > completely secure, you should enclose it in concrete and drop it in the > ocean". "All barriers fail if someone can get physical access to the > system". > > Which roughly translates in that the highest level of security is > reached by a system that is console operated only (and not connected to > other computers, but that's not an option in this case). In regards to > LRP and LEAF I've always respected that rule and never added any remote > access to the box. No ssh, no https. > > Gordon > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
