brute force ssh attack

John Summerfied debian at
Wed May 4 01:21:30 UTC 2005

John Wendel wrote:

> I should probably keep quiet, but I don't really mind looking like a fool.
> I'm an "inexperienced sysadmin" for my Linux boxes, and I have destroyed 
> a few by doing stupid things, like running an untested script (that I 
> wrote) as root that deleted all the file in /etc.

A sanity check in the script to create the rescue cd is there because I 
reported that it wiped out my mirror (mounted rw via nfs).

Since then I mount nfs stuff ro unless I need to write to it:-)

> What I'd really like is for system files to be mounted read only. Maybe 
> by having a hardware switch that makes the system disk read only. 

How many peecees have two or more disks? How many users would be 
prepared to "waste" most of a 120 gigglebite disk?

You _can_ mount /usr ro, and clearly from the number of live CDs around 
you can get a ro / as well.

> Booting from a DVD that contained everything except /var, /tmp, and 
> /home would be another alternative. This of course requires that 
> everyone cleans up their code to only update files in /var, instead of 
> writing in /etc.

/etc should be fine. At worst, copy it to a ram disk - then system 
config changes will be volatile. You can also fetch the "'-real contents 
from another location - some firewall/router packages do this.

> I'm sure some smart people have already worked out the details for a 
> system like this. Anyone aware of this kind of work? I'd be interested 
> in seeing it.

Some Firewall packages such as iptcop and devil-linux boot and run from 
CD. Knoppix (a desktop system based on Debian) also does this.



-- spambait
1aaaaaaa at  Z1aaaaaaa at
Tourist pics

More information about the users mailing list