On Tue, 29 May 2001, Robert Davies wrote: > I would suggest working on a CD-ROMable distribution, and to forget > the idea of modes on the production system.
Yes, > An update of unstable programs could be done, by having 2 'patch' > partitions, which are installed over the network mounted rw. The > updated one would be remounted ro before use, and then a switch could > be made by swapping to a new floppy. Cool. > syslog supports logging over the network, so use that and log to a > secure system in a private network Yes, > But I believe it could be adapted to your secure web/DNS server idea. > You'ld need to seperate out config files which may need to be changed, Apart from /var, is there any partition that needs to be RW for normal web server roles. and any config files that need to be written? > The actual source for things like websites, and master zone files, > should be managed on a machine in the internal network, and then > copied in using rsync(1) with an ssh(1) pipe. Thus any breakins or > defacements, to the disk areas that have to be rw can be wiped out > easily. Nice idea. raj
