FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-02-2008, 04:16 AM
"Jason Pyeron"
 
Default read only root file system

I am looking at having a read only box, it will not use a swap partition.
Any recommendations?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately. Any other use of the email by you
is prohibited.




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2008, 12:21 PM
Barry Brimer
 
Default read only root file system

I am looking at having a read only box, it will not use a swap partition.
Any recommendations?


Why bother with a hard drive at all? Customize a Live CD/DVD and remove
the hard drive alltogether.


Barry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2008, 12:28 PM
"Brett Serkez"
 
Default read only root file system

On Fri, May 2, 2008 at 12:16 AM, Jason Pyeron <jpyeron@pdinc.us> wrote:
> I am looking at having a read only box, it will not use a swap partition.
> Any recommendations?

You'll need to break out your hard drive into multiple partitions, as
there are certain portions of the file system that need to be writable
such as /var and /home. I setup systems in this manner to make them
more difficult to subvert, I'd suggestion searching for topics such as
"linux file system hardening".

When you do need to do maintenance, such as package management, you'll
need to remount the root file system as writable which will likely
require a reboot.

Brett
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2008, 01:09 PM
"Jason Pyeron"
 
Default read only root file system

> -----Original Message-----
> From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
> Behalf Of Barry Brimer
> Sent: Friday, May 02, 2008 8:21 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] read only root file system
>
> > I am looking at having a read only box, it will not use a swap
partition.
> > Any recommendations?
>
> Why bother with a hard drive at all? Customize a Live CD/DVD and remove
> the hard drive alltogether.

We are using read only media, but it is not a cdrom/dvd.

>
> Barry
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately. Any other use of the email by you
is prohibited.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2008, 01:20 PM
"gopinath"
 
Default read only root file system

in the /etc/fstab

define ro in the permissions field of the entry where the / partition is
defined

----- Original Message -----
From: "Brett Serkez" <bserkez@gmail.com>
To: "CentOS mailing list" <centos@centos.org>
Sent: Friday, May 02, 2008 5:58 PM
Subject: Re: [CentOS] read only root file system


> On Fri, May 2, 2008 at 12:16 AM, Jason Pyeron <jpyeron@pdinc.us> wrote:
> > I am looking at having a read only box, it will not use a swap
partition.
> > Any recommendations?
>
> You'll need to break out your hard drive into multiple partitions, as
> there are certain portions of the file system that need to be writable
> such as /var and /home. I setup systems in this manner to make them
> more difficult to subvert, I'd suggestion searching for topics such as
> "linux file system hardening".
>
> When you do need to do maintenance, such as package management, you'll
> need to remount the root file system as writable which will likely
> require a reboot.
>
> Brett
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2008, 01:38 PM
Ralph Angenendt
 
Default read only root file system

Brett Serkez wrote:
> On Fri, May 2, 2008 at 12:16 AM, Jason Pyeron <jpyeron@pdinc.us> wrote:
> > I am looking at having a read only box, it will not use a swap partition.
> > Any recommendations?
>
> You'll need to break out your hard drive into multiple partitions, as
> there are certain portions of the file system that need to be writable
> such as /var and /home. I setup systems in this manner to make them
> more difficult to subvert, I'd suggestion searching for topics such as
> "linux file system hardening".

What do you do with /etc/mtab - where the system clearly wants to write
into when you mount/unmount stuff?

Cheers,

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2008, 01:43 PM
"Brett Serkez"
 
Default read only root file system

On Fri, May 2, 2008 at 9:38 AM, Ralph Angenendt <ra+centos@br-online.de> wrote:
> Brett Serkez wrote:
> > On Fri, May 2, 2008 at 12:16 AM, Jason Pyeron <jpyeron@pdinc.us> wrote:
> > > I am looking at having a read only box, it will not use a swap partition.
> > > Any recommendations?
> >
> > You'll need to break out your hard drive into multiple partitions, as
> > there are certain portions of the file system that need to be writable
> > such as /var and /home. I setup systems in this manner to make them
> > more difficult to subvert, I'd suggestion searching for topics such as
> > "linux file system hardening".
>
> What do you do with /etc/mtab - where the system clearly wants to write
> into when you mount/unmount stuff?

Make it a soft-link to /var or other writable file system, perhaps
/etc/mtab -> /var/etc/mtab.

For the most part the Linux/UNIX file system is broken up into well
defined areas, but alas, exceptions need to be dealt with.

Brett
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2008, 02:09 PM
"Jason Pyeron"
 
Default read only root file system

> -----Original Message-----
> From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
> Behalf Of Brett Serkez
> Sent: Friday, May 02, 2008 9:43 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] read only root file system
>
> On Fri, May 2, 2008 at 9:38 AM, Ralph Angenendt <ra+centos@br-online.de>
> wrote:
> > Brett Serkez wrote:
> > > On Fri, May 2, 2008 at 12:16 AM, Jason Pyeron <jpyeron@pdinc.us>
> wrote:
> > > > I am looking at having a read only box, it will not use a swap
> partition.
> > > > Any recommendations?
> > >
> > > You'll need to break out your hard drive into multiple partitions, as
> > > there are certain portions of the file system that need to be
> writable
> > > such as /var and /home. I setup systems in this manner to make them
> > > more difficult to subvert, I'd suggestion searching for topics such
> as
> > > "linux file system hardening".
> >
> > What do you do with /etc/mtab - where the system clearly wants to write
> > into when you mount/unmount stuff?
>
> Make it a soft-link to /var or other writable file system, perhaps
> /etc/mtab -> /var/etc/mtab.
>
> For the most part the Linux/UNIX file system is broken up into well
> defined areas, but alas, exceptions need to be dealt with.

Resources to help with the exceptions????

I am mounting /tmp as a ramfs, all of these items can go there.

I am trying to minimize introduction of non-rhel / centos packages and
minimized deviation from modifications outside of the packages.

So this will eliminate UnionFS as an option.

Current idea about /var/log is to setup syslog to output over some port
(tcp, udp, serial, etc...)

>
> Brett
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately. Any other use of the email by you
is prohibited.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2008, 03:29 PM
"William L. Maltby"
 
Default read only root file system

On Fri, 2008-05-02 at 15:38 +0200, Ralph Angenendt wrote:
> Brett Serkez wrote:
> > On Fri, May 2, 2008 at 12:16 AM, Jason Pyeron <jpyeron@pdinc.us> wrote:
> > > I am looking at having a read only box, it will not use a swap partition.
> > > Any recommendations?
> >
> > You'll need to break out your hard drive into multiple partitions, as
> > there are certain portions of the file system that need to be writable
> > such as /var and /home. I setup systems in this manner to make them
> > more difficult to subvert, I'd suggestion searching for topics such as
> > "linux file system hardening".
>
> What do you do with /etc/mtab - where the system clearly wants to write
> into when you mount/unmount stuff?

ln -s /proc/mounts /etc/mtab

There are some "gotchas" if you have some loopback mounts instituted by
the mount command. Since /proc/mounts is a symlink to self-mounts, maybe
pointing directly there would work too.

>
> Cheers,
>
> Ralph
> <snip sig stuff>

HTH
--
Bill

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2008, 11:14 PM
"Jeffrey Tadlock"
 
Default read only root file system

On Fri, May 2, 2008 at 12:16 AM, Jason Pyeron <jpyeron@pdinc.us> wrote:
> I am looking at having a read only box, it will not use a swap partition.
> Any recommendations?

Here is a slide deck from a presentation Rick Troth has done on read
only root file systems.

http://linuxvm.org/present/SHARE110/S9216rt.pdf

Might be some helpful bits of information in there for you.

Good luck!
Jeffrey
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:01 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org