On Mon, Dec 13, 2010 at 1:14 PM, <[email protected]> wrote: > On Mon, Dec 13, 2010 at 12:15:39PM -0500, Gary Mort wrote: > > Anyone have good pointers for setting up Linux as a read only OS? > > > > Basically, I want to configure some security scanning software on a small > > EC2 instance, and I'd like to set it up so that when it boots the drive > is > > mounted read only and all output/reporting is sent over to SimpleDB. > > > > That way the scanning server itself is tamper-proof since it can't be > > modified while running. It gets started, it does it's scan of a list of > > external sites, it shuts down. > > Fairly easy, so long as you modify your boot scripts to mount stuff like > /tmp as RW tmpfs directories (most already do) and /var/log (or disable > logging). > > With Amazon's EC2, if I am booting from Elastic Storage and assuming using a micro image, there is only one "hard drive" - the elastic storage instance. So any file writing[tmp, log, etc] must be disabled[or I would have to set it up to use some of 650MB or so of memory as a virtual file storage].
By setting the disk itself to ephermal storage mode, even if one did manage to change the mount on the drive and write something to disk, the next time it is booted up it will be reloaded from the disk image without any changes. I'd prefer to add some extra roadblocks on mounting drives so as to make it less likely that it could be changed.... The idea here is to have a completely scriptable installation of OpenVAS and Nikto2[plus a few other plugins] that on bootup, grab the list of hosts from the environmental variables[as you can set those on bootup with Amazon/Eucalyptus]...scan them all...write them out to a simpleDB log that it has write access to but not delete/read....then shutdown. So there is not a 24x7 running security monitor server, but rather scan on demand virtual server which is then taken offline. Thus it can't be probed outside of the hours it runs.
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Jan 5 - Building a Community Site with Drupal Feb 2 - Zimbra Mar 2 - MHVLUG 8th Anniversary - Show and Tell
