Booting to CD and the handing off to HD
JohnsoBS at vicksburg.navy.mil
JohnsoBS at vicksburg.navy.mil
Tue Oct 5 09:21:58 PDT 2004
Seems you could just mount all the filesystems but /var and /tmp as
readonly, set secure level to max, dump all logs to a new log daily, start a
new log and do checks on the old logs. That would be my route. Or run a
diskless server, or even a live cd of the setup install.
> -----Original Message-----
> From: Nathan Kinkade [mailto:nkinkade at ub.edu.bz]
> Sent: Tuesday, October 05, 2004 6:13 PM
> To: Cristobal Miguelo
> Cc: freebsd-questions at freebsd.org
> Subject: Re: Booting to CD and the handing off to HD
>
>
> On Mon, Oct 04, 2004 at 09:23:31PM -0700, Cristobal Miguelo wrote:
> > > > On Sun, Oct 03, 2004 at 08:58:05PM -0700, Cristobal
> Miguelo wrote:
> > > > Hello,
> > > >
> > > > I'm going to be working on a firewall box where I want
> to boot to
> > > > CD and run an integrity check on the Hard Drive. If the Hard
> > > > Drive checks out OK, I want the CD to then hand off to the hard
> > > > drive and boot the hard drive.
> > > >
> > > > Is that possible? What man pages and/or web pages
> should I read
> > > > to make it happen?
> > > >
> > > > Thanks!
> > > > Cristobal
> > >
> > >
> > > Well, you could certainly mount the harddisk partitions
> somewhere in
> > > the filesystem while running under the CDROM booted kernel.
> > > However, I seriously doubt if you could change the
> running kernel to
> > > that from the harddisk. Why not just reboot to the harddisk after
> > > you have finished your diagnostics with the CDROM?
> > >
> > > Nathan
> > >
> > >
> >
> > Thanks for the response!
> >
> > I would like to have it completely automated:
> >
> > The machine goes down at 4am for the check and boots to cd,
> then the cd
> > controls the hand-off to the hard drive. I'd like to have the BIOS
> > setup to only boot the cd and if the HD checks out ok, boot
> up the HD.
> > That way there is a slim chance that any security breach will last
> > beyond one night on my machine. I seriously doubt a security breach
> > will occur, but I want to close every door imaginable.
> >
> > Anything else that could be done?
> >
> > Thx
> > -C
> >
>
> What is the reason that you find it necessary to reboot the
> machine to a
> CDROM every morning? Are you sure that there isn't a way to run your
> checks while booted to the harddisk? I am fairly sure that you will
> never find a way to have the BIOS selectively boot either the CDROM or
> the HD based on some OS specific factor, such as a successful check of
> the HD. I have a feeling that there may be a better way to accomplish
> your goal without a reboot to CDROM every morning. Will you tell the
> list more about what you are trying to accompish?
>
> Nathan
> --
> PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=get&search=0xD8527E49
>
More information about the freebsd-questions
mailing list