[ale] how do I make a virus proof nas?

Matthew simontek at gmail.com
Tue Jan 8 20:55:06 EST 2013 

I can build a centos 6 disc that should do that. you can look into a
dedicated NAS box, which usually has its own prop OS, or freenas/nas-lite.

On building an OS, you will want to setup selinux, aide, anti-virus, etc.
and lock down the permissions. My scripts that I have for that, can help,
but if you go with something newer like fedora/ubuntu builds, I am not sure
they will. Setup PAM and other services to lock things down. Actually one
of my NAS systems here is a debian 6 box, but all others are custom built
centos. I do IA for a living, so that's why the heavy rhel background.


On Tue, Jan 8, 2013 at 8:31 PM, Ron Frazier (ALE) <
atllinuxenthinfo at techstarship.com> wrote:

> Hi all,
>
> I'm considering making a mini nas to run backups on here at home.  It
> would probably have 2 - 4 TB of storage.  My router has 1 USB port, so I
> could just attach a HDD to that.  Or, I could get something like a Buffalo
> Link Station which holds two drives and attaches to the router.
>
> The main concern I've always had about having backup media attached all
> the time is that, if a virus got into the machine, it could attack and wipe
> out the backup drive.
>
> So, I need to know how to make a virus proof nas, such that at least one
> partition on the device is accessible only  to the backup software for
> write mode.  I don't care if everything can read the backup file, but I
> only want the backup software to be able to add new files, write to them,
> or delete them.
>
> I need something that can run while Windows 7 is running and backup using
> the volume shadow copy service.  I also need it to be able to back up the
> ext4 Ubuntu partition on the PC's HDD, either by reading the native file
> system or by using a sector by sector approach.  This way, I can just let
> the backups run periodically on their own and not worry about malware
> affecting the backup.
>
> Any help is appreciated.
>
> Sincerely,
>
> Ron
>
>
> --
>
> Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
> Please excuse my potential brevity.
>
> (To whom it may concern.  My email address has changed.  Replying to former
> messages prior to 03/31/12 with my personal address will go to the wrong
> address.  Please send all personal correspondence to the new address.)
>
> (PS - If you email me and don't get a quick response, you might want to
> call on the phone.  I get about 300 emails per day from alternate energy
> mailing lists and such.  I don't always see new email messages very
> quickly.)
>
> Ron Frazier
> 770-205-9422 (O)   Leave a message.
> linuxdude AT techstarship.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
SimonTek
912-398-6704
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130108/d8241096/attachment.html>

More information about the Ale mailing list