[ale] read only filesystems (was: RE: [ale] firewalls on cd)

Christopher Bergeron christopher at bergeron.com
Tue Dec 18 21:41:57 EST 2001 

I've seen a few articles about people using computers in the car as
MP3players.  They mount the system RO and use it that way.  It may not be
exactly what you need, but it might point in the right direction.  Might
check mp3car.com or something...

-CB


-----Original Message-----
From: James P. Kinney III [mailto:jkinney at localnetsolutions.com]
To: ale at ale.org
Sent: Tuesday, December 18, 2001 9:25 PM
To: John Wells
Cc: Charles Marcus; Ale (E-mail)
Subject: Re: [ale] read only filesystems (was: RE: [ale] firewalls on
cd)


The system has to write _somewhere_ that is started. Several live CD's
use an initrd then symlink off the CD to the root tree. So the short
answer is maybe. Make / a ramdisk with nothing but /sbin then link in
all else. The stuff in /sbin can be marked immutable. Or for that matter
everything in /bin, /sbin, /etc. /root needs to be writable.

On Tue, 2001-12-18 at 20:39, John Wells wrote:
> Coyote Linux doesn't support pcmcia cards.
>
> Are there any out there that do?
>
> Also, if you can run a complete distribution off of a
> cd, is it possible to make your own hd's filesystem
> read only?  I know the root filesystem is intially
> read only at boot...is it possible to cause it to
> remain that way and still function?
>
> Thanks,
> John
>
>
> --- Charles Marcus <CharlesM at Media-Brokers.com> wrote:
> > Forgot about the physical - yes, if someone had
> > access to the floppy, they
> > could certainly make it writeable... good point, and
> > one reason to use a CD,
> > if the machine is not in a secure location.
> >
> > Charles
> >
> > > -----Original Message-----
> > > From: esoteric at denali.atlnet.com
> > [mailto:esoteric at denali.atlnet.com]On
> > > Behalf Of Geoffrey
> > > Sent: Tuesday, December 18, 2001 4:46 PM
> > > To: Ale (E-mail)
> > > Subject: Re: [ale] firewalls on cd
> > >
> > >
> > > Charles Marcus wrote:
> > > >
> > > > Coyote Linux is pretty kewl.  It is designed to
> > run from a
> > > floppy, but you
> > > > could probably hack it to run from a CD, but
> > don't see why
> > > you'd want to do
> > > > that... just keep backups of your boot disk and
> > firewall
> > > scripts, and you'll
> > > > be fine.
> > >
> > > As long as you have controlled access to the
> > floppy drive,
> > > you can make
> > > it as unwrittable as the cdrom.
> > >
> > > >
> > > > Charles
> > > >
> > > > > -----Original Message-----
> > > > > From: John Wells [mailto:jbwellsiv at yahoo.com]
> > > > > Sent: Tuesday, December 18, 2001 4:19 PM
> > > > > To: Ale at ale.org
> > > > > Subject: [ale] firewalls on cd (was [ale]
> > unidentified processes)
> > > > >
> > > > >
> > > > > Dow,
> > > > >
> > > > > Thanks for your reply, and for everyone who
> > has helped
> > > > > on my first iptables outing.
> > > > >
> > > > > Running a bootable CD sounds like a great
> > idea...and
> > > > > there seems to be quite a few options out
> > there.  Does
> > > > > anyone have recommendations on which to use?
> > I've run
> > > > > across Sentry Firewall CD...what others are
> > available?
> > > > >
> > > > > Thanks,
> > > > > John
> > > > >
> > > > >
> > > > > --- Dow Hurst <dhurst at kennesaw.edu> wrote:
> > > > > > John,
> > > > > > Even though James email is funny, he is
> > absolutely
> > > > > > correct in the
> > > > > > approach.  The portmapper and rpc.statd are
> > RPC
> > > > > > based processes along
> > > > > > with NFS and NIS (RPC uses UDP traditionally
> > instead
> > > > > > of TCP
> > > > > > connections).  The portmapper advertises
> > what RPC
> > > > > > services are available
> > > > > > on particular ports to remote requests.
> > rpc.statd
> > > > > > lets remote
> > > > > > applications and remoted machines "know"
> > what the
> > > > > > status, of the local
> > > > > > machine or application that is RPC enabled,
> > is.
> > > > > > Both services are
> > > > > > easily spoofed, cracked, and known cracks
> > are
> > > > > > available for both.  Since
> > > > > > you have had those running, as well as ftpd,
> > you
> > > > > > should reload from
> > > > > > scratch and choose to format your partitions
> > too.
> > > > > > This is faster and
> > > > > > less prone to mistakes than working thru
> > proving the
> > > > > > machine is clean.
> > > > > > (Even though that would be very
> > educational!)  No
> > > > > > service should be run
> > > > > > directly on a firewall machine that doesn't
> > have to
> > > > > > be.  That is why it
> > > > > > is recommended that you have a server inside
> > your
> > > > > > network for services
> > > > > > like Samba, NFS, and appletalk and not
> > combine your
> > > > > > firewall server with
> > > > > > that machine.  Running your firewall from a
> > CD
> > > > > > filesystem is a beautiful
> > > > > > suggestion.  Your cracker is limited even
> > more by
> > > > > > not being able to
> > > > > > change the read only system.  I need to look
> > into
> > > > > > that!
> > > > > >
> > > > > > One major difficulty in setting up a
> > firewall for
> > > > > > people not intimate
> > > > > > with Linux, or any OS that is used, is that
> > default
> > > > > > choices during
> > > > > > install can leave you quite vulnerable and
> > your not
> > > > > > even aware of it til
> > > > > > you learn more.  Use "netstat -an" to prove
> > that you
> > > > > > have *only* sshd
> > > > > > advertising a service on port 22 before you
> > hook
> > > > > > back up to the
> > > > > > Internet.  You don't even have to have that,
> > except
> > > > > > it is convenient and
> > > > > > secure for remote admin.
> > > > > >
> > > > > > Here is an excerpt from an email Bob sent me
> > just
> > > > > > the other day:
> > > > > > "Btw, we just put up the first of 4
> > firewalls at
> > > > > > this client (in
> > > > > > Europe).
> > > > > > It took only one hour and 34 minutes for
> > someone to
> > > > > > discover it and
> > > > > > start
> > > > > > breaking into it.  Within 20 minutes after
> > that, a
> > > > > > second cracker joined
> > > > > > in."
> > > > > >
> > > > > > So you see it doesn't take long for a scan
> > to find
> > > > > > you and start to
> > > > > > reveal possible entry points.  I would just
> > reload
> > > > > > to be on the safe
> > > > > > side.  With more experience and a good "dd"
> > backup,
> > > > > > you can quickly
> > > > > > identify differences in a file system to see
> > if your
> > > > > > hacked.  At my
> > > > > > workplace, we have been recovering from a
> > several
> > > > > > crackers for the past
> > > > > > year.  Nov. 2000 we had the telnetd hole
> > exploited
> > > > > > on most of our SGIs.
> > > > > > We don't have much manpower to rebuild
> > systems and
> > > > > > keep our work moving
> > > > > > along, so it has taken all year to work on
> > > > > > rebuilding machines.  Hope
> > > > > > this helps,
> > > > > > Dow
> > > > > >
> > > > > >
> > > > > > John Wells wrote:
> > > > > > >
> > > > > > > In addition to ftp and ssh, I have two
> > processes
> > > > > > > running on ports 111 and 1024.  They both
> > seem to
> > > > > > work
> > > > > > > with rpc, and are the portmapper and
> > rpc.statd
> > > > > > > respectively.
> > > > > > >
> > > > > > > Can I disable these processes without any
> > effect
> > > > > > to my
> > > > > > > system?  If so, I assume I just remove the
> > links
> >
> === message truncated ===
>
>
> __________________________________________________
> Do You Yahoo!?
> Check out Yahoo! Shopping and Yahoo! Auctions for all of
> your unique holiday gifts! Buy at http://shopping.yahoo.com
> or bid at http://auctions.yahoo.com
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
be
> sent to listmaster at ale dot org.
>
--
James P. Kinney III   \Changing the mobile computing world/
President and COO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list