[lug] Read-Only Linux - tips on protecting your system

[Neal McBurnett]

Here's a nice site with instructions on how to configure your system
to be easily restored after root compromise.  Similar in principle to
the many bootable cdroms, but with tips on wiring disk drives to
switches to make it easy to make config changes.

http://www.ultimeth.net/linux/

 Read-Only Linux is a configuration and operational concept, and not a
 product. Read-Only Linux is intended to provide an additional level
 of security against root compromises of a Linux system. While there
 is no substitute for staying informed about the current
 vulnerabilities of, and upgrades for, any computer system, there is
 also no substitute for having a system where virtually all of the
 files are physically protected against being changed by an
 intruder. Even if a system has been root compromised, if it is
 physically impossible to modify most of its files, the system can
 easily be restored to normal operation, often by just rebooting.

 The fundamental concept behind Read-Only Linux is that two different
 media are used in normal operation: one is normal read-write media,
 typically a hard disk, and the other is physically read-only
 media. The read-only media may be a bootable CD-ROM, or a second hard
 disk which has write-protect pins that may be jumpered. Many SCSI
 hard drives come with such a capability, and wiring the jumper pins
 to an external switch probably provides the most flexibility and
 performance. In many enclosures, the wires from the "Key Lock" or
 "Turbo" switches can be simply plugged into the write-protect jumper
 pins on the drive.

 ....

Cheers,

Neal McBurnett                 http://bcn.boulder.co.us/~neal/
GPG/PGP signed and/or sealed mail encouraged.  Keyid: 2C9EBA60