Follows a contribution from Manfred which could not reach the list is ISP
being blacklisted
Manfred: sorry for the delay...
Jacques
---------- Message transmis ----------
Subject: Re: [Leaf-devel] To Bering users: help us to release 1.0
Date: Mon, 03 Jun 2002 22:37:47 +0200
From: Manfred Schuler <[EMAIL PROTECTED]>
To: Jacques Nilo <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Hi Jacques,
Regarding flashdisk/harddisk security what dou you think about this
approach:
When entering runlevel 2, then as the first things
move the mount/unmount to a small ramfs
remount var fs with option noexec
remount tmp fs with option noexec
remount root fs readonly
umount the small ramfs
now bring up the network interfaces
Now you have a file system where an intruder cannot execute anything he
can store and he can not mount or remount anything. Of course
mount/umount
may not be contained in busybox.
To configure the system, you boot to runlevel 4
When entering runlevel 4 then
close the firewall as tight as possible (only ssh access)
bring up only internal interfaces, only one, if possible.
Now you can configure and backup the system.
I had this idea a few days ago and have not checked anything around.
I don't know if it is feasible to include this in the standard bering
release and if there are any icompatibilities with existing packages.
I think this step is to big to include it in release 1.0, but I wanted
to
start a discussion about this idea as many people are starting to use
flashdisks.
Any comments are welcome.
Manfred
Jacques Nilo schrieb:
> Dear all:
> With its v1.0-rc2 version Bering appears now fairly stable and it seems
> that quite a lot of people have been giving it a try.
> We would like to stabilize this first version with a "last" rc3 before
> final release.
> rc3 should include:
> 2.4.18 kernel with:
> a/ More netfilter patches (to take care of H323, pptp and the like)
> b/ grsecurity patch
>
> busybox 0.60.3 (will save 10k)
>
> fix for bridge script
>
> So if anyone wants to report a bug or some code change proposal it is the
> time to do so. I got some proposal in the last weeks but lost my hard disk
> with all my mail in it so do not hesitate to re-issue previous suggestion.
>
> Also we need people to review the doc, correct the typos and the like. Do
> not hesitate to volunteer :-)
>
> Jacques & Eric
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-devel
--
Manfred Schuler
E_Mail: mailto:[EMAIL PROTECTED]
-------------------------------------------------------
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
