Hello, If your worried about the box getting hacked then use Selinux or grsecurity. You can literally give out root access and the user can't do squat. You can exploit services and only that service will be harmed. A simple reboot or service restart will fix the issue (until it happens again)
Ed -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of George Vieira Sent: Wednesday, July 03, 2002 8:59 PM To: '[EMAIL PROTECTED]' Cc: [EMAIL PROTECTED] Subject: RE: Most stable firewall distro There is a good reason they made the floppy distros.. 1. If it's hacked for any reason, they can't write to it and if they do then a reboot clears it. 2. It's redundant to some extend, move the floppy to a new machine and turn it on. Bang, new firewall.. 3. There ARE logs, they are in a virtual ram drive.. 4. You can load the IDE drivers on boot and store /var and whatever you like there.. but this opens up hackable write problem and only IF it gets compromised... So it's not all that bad after all.. I've had 2 crashes in the past on my firewalls. One being HDD failure and second was CPU over cook and in both cases they stuff my data and needed a new rebuild.. Lesson Learnt: floppy drive setup would've been an easy recovery.... This of course probably won't suit many people but alot easier some others for their own solutions... thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, 04 July 2002 10:56 AM To: [EMAIL PROTECTED] Subject: RE: Most stable firewall distro Altough I know floppy distro works absolutely well, in general i dont like to use them. As you mentioned, they are 100% limited and nothing can be done, specially if you need disk writings. I just cant imagine a firewall with no logging at all !!! Using a squid proxy would save about 15% on your www bandwidth ( depends on each case, but 10-15% is generally ok ). And, the most important, IDE disks are as cheap as they are fast ..... So, if you need a firewall for your home ( connect 2-3 machines through adsl ), I'd recommend a floppy firewall. For ANY other firewall machine i would strongly recommend a full firewall installation based on the distro you're used to work. I personally would recommend redhat, as I told in last message. But if you're used to SuSe, GREAT, use it ! Slack ? Use it ! Debian ? Use it ! No matter which distro you'll use if you really know what you're doing. Sincerily, Leonardo Rodrigues Citando George Vieira <[EMAIL PROTECTED]>: > Works wonders but 1.68MB is very limited especially if you want IPSEC > then > it's very hard to get it to fit. I just got 1-3KB left on the floppy > after > removing alot of stuff..
