Date: Sat, 9 Feb 2002 01:31:08 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Andrew Kenneth Milton <akm@theinternet.com.au> Cc: security@FreeBSD.ORG Subject: Re: Is the technique described in this article do-able with Message-ID: <20020209012249.M21734-100000@localhost> In-Reply-To: <20020209192203.J32999@zeus.theinternet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 9 Feb 2002, Andrew Kenneth Milton wrote: > | actually, if you're going that route, it's easier to strip the kernel > | down, lock everything nicely with a securelevel (read up in init(8) about > | this), and remount all of the drives read only. there's nothing preventing > | anyone from doing that. there's also nothing to prevent you from booting > | from a drive, and loading all the tools you need in to a ramdisk, and just > | using that.. > | > | of course, this is going a bit more hardcore than most people want or > | would. > > But saner than trying to get the box to partially halt d8) perhaps. i think it's a sane way to handle a firewall. if you're going to log it, you should be logging either to another machine or to a printer for hardcopy. better to do both, since the hardcopy is not really alterable. but this is not something for the home user.. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020209012249.M21734-100000>