brute force ssh attack
debian at herakles.homelinux.org
Wed May 4 01:21:30 UTC 2005
John Wendel wrote:
> I should probably keep quiet, but I don't really mind looking like a fool.
> I'm an "inexperienced sysadmin" for my Linux boxes, and I have destroyed
> a few by doing stupid things, like running an untested script (that I
> wrote) as root that deleted all the file in /etc.
A sanity check in the script to create the rescue cd is there because I
reported that it wiped out my mirror (mounted rw via nfs).
Since then I mount nfs stuff ro unless I need to write to it:-)
> What I'd really like is for system files to be mounted read only. Maybe
> by having a hardware switch that makes the system disk read only.
How many peecees have two or more disks? How many users would be
prepared to "waste" most of a 120 gigglebite disk?
You _can_ mount /usr ro, and clearly from the number of live CDs around
you can get a ro / as well.
> Booting from a DVD that contained everything except /var, /tmp, and
> /home would be another alternative. This of course requires that
> everyone cleans up their code to only update files in /var, instead of
> writing in /etc.
/etc should be fine. At worst, copy it to a ram disk - then system
config changes will be volatile. You can also fetch the "'-real contents
from another location - some firewall/router packages do this.
> I'm sure some smart people have already worked out the details for a
> system like this. Anyone aware of this kind of work? I'd be interested
> in seeing it.
Some Firewall packages such as iptcop and devil-linux boot and run from
CD. Knoppix (a desktop system based on Debian) also does this.
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
More information about the users