From owner-freebsd-small  Sat Dec 21 18:39:46 2002
Delivered-To: freebsd-small@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5744037B401; Sat, 21 Dec 2002 18:39:45 -0800 (PST)
Received: from isber.ucsb.edu (research.isber.ucsb.edu [128.111.147.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6B84343EE8; Sat, 21 Dec 2002 18:39:41 -0800 (PST)
	(envelope-from randall@isber.ucsb.edu)
Received: from localhost ([127.0.0.1] helo=research.isber.ucsb.edu)
	by isber.ucsb.edu with esmtp (Exim 3.36 #2)
	id 18Pw1f-000H0y-00; Sat, 21 Dec 2002 18:39:35 -0800
Date: Sat, 21 Dec 2002 18:39:34 -0800 (PST)
From: randall ehren <randall@ucsb.edu>
To: David Miller <dmiller@sparks.net>
Cc: <freebsd-small@freebsd.org>, <freebsd-hardware@freebsd.org>
Subject: Re: tripwire on compact flash
In-Reply-To: <Pine.BSF.4.21.0212212118300.65406-100000@search.sparks.net>
Message-ID: <Pine.BSF.4.33.0212211831540.65268-100000@isber.ucsb.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Scanner: exiscan *18Pw1f-000H0y-00*Ko62xMVp6c6* (ISBER - Institute for Social, Behavioral, and Economic Research)
Sender: owner-freebsd-small@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-small.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-small>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-small>
X-Loop: FreeBSD.ORG

> >  i setup a freebsd system running off of a compact flash card. i know that CF
> > cards have a limited life of read & writes so i wanted to know if running
> > tripwire on the card was a bad idea...?
>
> It's fine if you have it mounted read only virtually all the time.  You
> don't say what you're using the system for, so we really can't guess
> whether that's possible or not.

the machine is being used as a ipfilter firewall (in bridge mode) for our
network. i default it to being mounted read-only but currently use mount -uw
so that i can change my ipf.rules file. (and then mount -ur to set it back)

> As for tripwire, flash would be an OK place to store the checksums.  it's
> better if you have physical access to the system to have to change a write
> enable switch on a removable media.  If you're talking about a remote
> system flash is as good as anything else.

well the device sits in a network closet and only has one flash card in it. i
suppose we could stick a floppy drive on it, but i was mostly concerned about
the heavy read operations on the CF card and how damaging that would be.

thanks!,
 -randall

--
        :// randall s. ehren         :// voice 805.893.5632
        :// systems administrator    :// isber|survey|avss.ucsb.edu
        :// institute for social, behavioral, and economic research


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-small" in the body of the message