From owner-freebsd-questions@FreeBSD.ORG Wed Jun 14 12:16:00 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2D6916A47D for ; Wed, 14 Jun 2006 12:16:00 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0B6E43D55 for ; Wed, 14 Jun 2006 12:15:51 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from collaborativefusion.com (mx01.pub.collaborativefusion.com [206.210.89.201]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Wed, 14 Jun 2006 08:15:50 -0400 id 00056417.448FFDF6.000084FE Received: from Internal Mail-Server by mx01 (envelope-from wmoran@collaborativefusion.com) with AES256-SHA encrypted SMTP; 14 Jun 2006 08:08:21 -0400 Date: Wed, 14 Jun 2006 08:15:49 -0400 From: Bill Moran To: "Gary" Message-Id: <20060614081549.b9da6990.wmoran@collaborativefusion.com> In-Reply-To: <000001c68fa7$f5f96330$1f01a8c0@tosh> References: <000001c68fa7$f5f96330$1f01a8c0@tosh> Organization: Collaborative Fusion X-Mailer: Sylpheed version 2.2.5 (GTK+ 2.8.18; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Process for cloning freebsd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2006 12:16:01 -0000 In response to "Gary" : > > I intend to clone a master freebsd box (6.1-stable) so that I can roll boxes > as fast as possible. These won't be identical machines btw. This comes up > from time to time, but I wanted to specifically check security concerns and > other things. > > What sensitive information may be copied that must be removed/regenerated? > For example, ssh keys. How would these be regenerated (like the screenful of > junk with a new install)? /etc/rc.d/sshd has the commands that are used to accomplish that. It's just making sure there is enough entropy in /dev/random, then using ssh-keygen. > Are there any other similar security issues? How about any other unexpected > problems? I'm thinking I only need to change the hostname I've done this -- haven't had any problems that I can remember. > I was planning to Ghost the harddrives. Anything that allows you duplicate the HDD will work. -- Bill Moran Collaborative Fusion Inc.