Re: [fw-wiz] Securing a Linux Firewall
From: Marcus J. Ranum (mjr@ranum.com)
Date: 07/23/02
- Next message: Carson Gaspar: "Re: [fw-wiz] Securing a Linux Firewall"
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Securing a Linux Firewall"
- Maybe in reply to: Marc DVer: "[fw-wiz] Securing a Linux Firewall"
- Next in thread: Ravdal, Stig: "RE: [fw-wiz] Securing a Linux Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Frank Knobbe <fknobbe@knobbeits.com>, firewall-wizards@honor.icsalabs.com From: "Marcus J. Ranum" <mjr@ranum.com> Date: Tue Jul 23 20:26:20 2002
Frank Knobbe wrote:
>I went
>through it at one time to cut everything out except for firewalling and
>pcap capabilities, but got myself locked out and had to rebuild.
Aha. There's a trick for making it really easy to build minimal
boot environments!!! This is how I used to do it:
1) Get a box with a full install / developer install of your
proposed O/S
- with root disk (wd0)
- with floppy disk (or I guess a CDROM)
2) Put a spare disk in it (wd1)
3) Zeroize wd1
4) Make a boot floppy+kernel that has root on wd1
5) Move init into wd1 (suggestion: write your own init, you'll
wind up doing it anyhow)
Make sure your init correctly puts stdout/stderr to
/dev/console no matter what!!
A good thing for init to do while waiting for child exits
in this environment is to be copying /dev/klog to /dev/console
6) Make a /dev on wd1 and put:
null
console
random
tty
wd1* (delete once you have it working)
wd0*
floppy
Put static linked copies of everything you want in the
filesystem. I wrote a Makefile to do it, of course...
7) Now reboot with the floppy in the drive. It comes up on
the wd1 envioronment
8) Whenever you get locked out just take the floppy out and
kick the system again
lather, rinse, repeat!
To make a boot CD you're 9/10 of the way there. The only trick
is getting the filesystems mounted and whatnot but that's not
hard. Then make a floppy image of the boot and a CD9660 image of
the root and burn it. Repeat.
mjr.
--- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjr@ranum.com
- Next message: Carson Gaspar: "Re: [fw-wiz] Securing a Linux Firewall"
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Securing a Linux Firewall"
- Maybe in reply to: Marc DVer: "[fw-wiz] Securing a Linux Firewall"
- Next in thread: Ravdal, Stig: "RE: [fw-wiz] Securing a Linux Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
