From owner-freebsd-security  Mon Feb 11 18:30:28 2002
Delivered-To: freebsd-security@freebsd.org
Received: from newman2.bestweb.net (newman2.bestweb.net [209.94.102.67])
	by hub.freebsd.org (Postfix) with ESMTP id A88DE37B4D2
	for <security@FreeBSD.ORG>; Mon, 11 Feb 2002 18:18:40 -0800 (PST)
Received: from okeeffe.bestweb.net (okeefe.bestweb.net [209.94.100.110])
	by newman2.bestweb.net (Postfix) with ESMTP
	id DE1202312B; Mon, 11 Feb 2002 21:17:47 -0500 (EST)
Received: by okeeffe.bestweb.net (Postfix, from userid 0)
	id ABC1E9EE66; Mon, 11 Feb 2002 21:12:24 -0500 (EST)
Date: Sat, 9 Feb 2002 01:31:08 -0800 (PST)
From: "f.johan.beisser" <jan@caustic.org>
To: Andrew Kenneth Milton <akm@theinternet.com.au>
Cc: security@FreeBSD.ORG
Subject: Re: Is the technique described in this article do-able with
Message-Id: <20020212021224.ABC1E9EE66@okeeffe.bestweb.net>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sat, 9 Feb 2002, Andrew Kenneth Milton wrote:

> | actually, if you're going that route, it's easier to strip the kernel
> | down, lock everything nicely with a securelevel (read up in init(8) about
> | this), and remount all of the drives read only. there's nothing preventing
> | anyone from doing that. there's also nothing to prevent you from booting
> | from a drive, and loading all the tools you need in to a ramdisk, and just
> | using that..
> |
> | of course, this is going a bit more hardcore than most people want or
> | would.
>
> But saner than trying to get the box to partially halt d8)

perhaps. i think it's a sane way to handle a firewall. if you're going to
log it, you should be logging either to another machine or to a printer
for hardcopy. better to do both, since the hardcopy is not really
alterable. but this is not something for the home user..


-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message