[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Building Debian firewall

On Tue, 29 May 2001, Robert Davies wrote:

> I would suggest working on a CD-ROMable distribution, and to forget
> the idea of modes on the production system.


>  An update of unstable programs could be done, by having 2 'patch'
> partitions, which are installed over the network mounted rw. The
> updated one would be remounted ro before use, and then a switch could
> be made by swapping to a new floppy.


> syslog supports logging over the network, so use that and log to a
> secure system in a private network


> But I believe it could be adapted to your secure web/DNS server idea.
> You'ld need to seperate out config files which may need to be changed,

Apart from /var, is there any partition that needs to be RW for normal web
server roles. and any config files that need to be written?

> The actual source for things like websites, and master zone files,
> should be managed on a machine in the internal network, and then
> copied in using rsync(1) with an ssh(1) pipe.  Thus any breakins or
> defacements, to the disk areas that have to be rw can be wiped out
> easily.

Nice idea.


Reply to: