Re: can you make a hard disk read-only?

From: Steve Wolfe (unt_at_see.signature.com)
Date: 10/09/03


Date: Thu, 9 Oct 2003 11:29:50 -0600


> For a small server or firewall, you could have all the binaries run from
> this disk, or else just use it as a secure basis from which to check all
> the other files on the system at boot time using md5sums or similar.

  I've done something *somewhat* similar, I built a small system using
LFS, and put it on an IDE flash-drive, with the "read-only" jumper set.
The boot process sets up a RAM disk, and untars the image into it.
Nothing can modify the data on the disk, there's never any fscking, and in
the event of something really bad happening, pressing the reset button
will get the machine back to a clean state.

  As for installing Woody and then trying for ultra-security while
applying updates, there are other options. You could build a CD-set that
already has the security updates installed, or even just keep the security
updates on another CD. That way you're installing the OS and applying the
updates before the machine is even connected to the network.

steve