On Sat, 8 Jun 2002, Jacques Nilo wrote:
> Follows a contribution from Manfred which could not reach the list is ISP
> being blacklisted
> Manfred: sorry for the delay...
> Jacques
> ---------- Message transmis ----------
>
> Subject: Re: [Leaf-devel] To Bering users: help us to release 1.0
> Date: Mon, 03 Jun 2002 22:37:47 +0200
> From: Manfred Schuler <[EMAIL PROTECTED]>
> To: Jacques Nilo <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
>
> Hi Jacques,
>
> Regarding flashdisk/harddisk security what dou you think about this
> approach:
>
> When entering runlevel 2, then as the first things
> move the mount/unmount to a small ramfs
> remount var fs with option noexec
> remount tmp fs with option noexec
> remount root fs readonly
> umount the small ramfs
> now bring up the network interfaces
>
> Now you have a file system where an intruder cannot execute anything he
> can store and he can not mount or remount anything. Of course
> mount/umount
> may not be contained in busybox.
>
> To configure the system, you boot to runlevel 4
> When entering runlevel 4 then
> close the firewall as tight as possible (only ssh access)
> bring up only internal interfaces, only one, if possible.
>
> Now you can configure and backup the system.
a) an intriguing idea.
b) In some cases, remote management through secure channels (RSA private
keys) is necessary, so I don't think this should become "standard"... it
should be an option... possibly the default option, but still an option.
> I had this idea a few days ago and have not checked anything around.
> I don't know if it is feasible to include this in the standard bering
> release and if there are any icompatibilities with existing packages.
>
> I think this step is to big to include it in release 1.0, but I wanted
> to start a discussion about this idea as many people are starting to use
> flashdisks.
Agreed.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
