Re: Building Debian firewall
On Tue, 29 May 2001, Robert Davies wrote:
> I would suggest working on a CD-ROMable distribution, and to forget
> the idea of modes on the production system.
> An update of unstable programs could be done, by having 2 'patch'
> partitions, which are installed over the network mounted rw. The
> updated one would be remounted ro before use, and then a switch could
> be made by swapping to a new floppy.
> syslog supports logging over the network, so use that and log to a
> secure system in a private network
> But I believe it could be adapted to your secure web/DNS server idea.
> You'ld need to seperate out config files which may need to be changed,
Apart from /var, is there any partition that needs to be RW for normal web
server roles. and any config files that need to be written?
> The actual source for things like websites, and master zone files,
> should be managed on a machine in the internal network, and then
> copied in using rsync(1) with an ssh(1) pipe. Thus any breakins or
> defacements, to the disk areas that have to be rw can be wiped out