On Mon, Dec 13, 2010 at 12:15:39PM -0500, Gary Mort wrote: > Anyone have good pointers for setting up Linux as a read only OS? > > Basically, I want to configure some security scanning software on a small > EC2 instance, and I'd like to set it up so that when it boots the drive is > mounted read only and all output/reporting is sent over to SimpleDB. > > That way the scanning server itself is tamper-proof since it can't be > modified while running. It gets started, it does it's scan of a list of > external sites, it shuts down.
Fairly easy, so long as you modify your boot scripts to mount stuff like /tmp as RW tmpfs directories (most already do) and /var/log (or disable logging). In general Linux doesn't care if / is RO, since generally nothing should be changing. Be aware that unless you go to true RO media (optical RO, physically locked flash, or a physically locked hard drive, some have jumpers) then the system could remount itself RW. -m
pgpOx5NjFIvnI.pgp
Description: PGP signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Jan 5 - Building a Community Site with Drupal Feb 2 - Zimbra Mar 2 - MHVLUG 8th Anniversary - Show and Tell
