Booting to CD and the handing off to HD

Tue Oct 5 09:21:58 PDT 2004

Seems you could just mount all the filesystems but /var and /tmp as
readonly, set secure level to max, dump all logs to a new log daily, start a
new log and do checks on the old logs. That would be my route. Or run a
diskless server, or even a live cd of the setup install.

> -----Original Message-----
> From: Nathan Kinkade [mailto:nkinkade at ub.edu.bz]
> Sent: Tuesday, October 05, 2004 6:13 PM
> To: Cristobal Miguelo
> Cc: freebsd-questions at freebsd.org
> Subject: Re: Booting to CD and the handing off to HD
> 
> 
> On Mon, Oct 04, 2004 at 09:23:31PM -0700, Cristobal Miguelo wrote:
> > > > On Sun, Oct 03, 2004 at 08:58:05PM -0700, Cristobal 
> Miguelo wrote:
> > > > Hello,
> > > > 
> > > > I'm going to be working on a firewall box where I want 
> to boot to
> > > > CD and run an integrity check on the Hard Drive.  If the Hard
> > > > Drive checks out OK, I want the CD to then hand off to the hard
> > > > drive and boot the hard drive.
> > > > 
> > > > Is that possible?   What man pages and/or web pages 
> should I read
> > > > to make it happen?
> > > > 
> > > > Thanks!
> > > > Cristobal
> > > 
> > >
> > > Well, you could certainly mount the harddisk partitions 
> somewhere in
> > > the filesystem while running under the CDROM booted kernel.
> > > However, I seriously doubt if you could change the 
> running kernel to
> > > that from the harddisk.  Why not just reboot to the harddisk after
> > > you have finished your diagnostics with the CDROM?
> > > 
> > > Nathan
> > > 
> > >
> >
> > Thanks for the response!
> > 
> > I would like to have it completely automated:
> > 
> > The machine goes down at 4am for the check and boots to cd, 
> then the cd
> > controls the hand-off to the hard drive.  I'd like to have the BIOS
> > setup to only boot the cd and if the HD checks out ok, boot 
> up the HD. 
> > That way there is a slim chance that any security breach will last
> > beyond one night on my machine.  I seriously doubt a security breach
> > will occur, but I want to close every door imaginable.
> > 
> > Anything else that could be done?
> > 
> > Thx
> > -C
> > 
> 
> What is the reason that you find it necessary to reboot the 
> machine to a
> CDROM every morning?  Are you sure that there isn't a way to run your
> checks while booted to the harddisk?  I am fairly sure that you will
> never find a way to have the BIOS selectively boot either the CDROM or
> the HD based on some OS specific factor, such as a successful check of
> the HD.  I have a feeling that there may be a better way to accomplish
> your goal without a reboot to CDROM every morning.  Will you tell the
> list more about what you are trying to accompish?
> 
> Nathan
> -- 
> PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=get&search=0xD8527E49
> 