Date: Tue, 5 Oct 2004 19:24:45 +0300 From: JohnsoBS@vicksburg.navy.mil To: nkinkade@ub.edu.bz, cristobalmiguelo2@yahoo.com Cc: freebsd-questions@freebsd.org Subject: RE: Booting to CD and the handing off to HD Message-ID: <CE2BFBAA80DD874BB737A4E2C53AA44903B01845@CG69UBD01>
next in thread | raw e-mail | index | archive | help
Seems you could just mount all the filesystems but /var and /tmp as readonly, set secure level to max, dump all logs to a new log daily, start a new log and do checks on the old logs. That would be my route. Or run a diskless server, or even a live cd of the setup install. > -----Original Message----- > From: Nathan Kinkade [mailto:nkinkade@ub.edu.bz] > Sent: Tuesday, October 05, 2004 6:13 PM > To: Cristobal Miguelo > Cc: freebsd-questions@freebsd.org > Subject: Re: Booting to CD and the handing off to HD > > > On Mon, Oct 04, 2004 at 09:23:31PM -0700, Cristobal Miguelo wrote: > > > > On Sun, Oct 03, 2004 at 08:58:05PM -0700, Cristobal > Miguelo wrote: > > > > Hello, > > > > > > > > I'm going to be working on a firewall box where I want > to boot to > > > > CD and run an integrity check on the Hard Drive. If the Hard > > > > Drive checks out OK, I want the CD to then hand off to the hard > > > > drive and boot the hard drive. > > > > > > > > Is that possible? What man pages and/or web pages > should I read > > > > to make it happen? > > > > > > > > Thanks! > > > > Cristobal > > > > > > > > > Well, you could certainly mount the harddisk partitions > somewhere in > > > the filesystem while running under the CDROM booted kernel. > > > However, I seriously doubt if you could change the > running kernel to > > > that from the harddisk. Why not just reboot to the harddisk after > > > you have finished your diagnostics with the CDROM? > > > > > > Nathan > > > > > > > > > > Thanks for the response! > > > > I would like to have it completely automated: > > > > The machine goes down at 4am for the check and boots to cd, > then the cd > > controls the hand-off to the hard drive. I'd like to have the BIOS > > setup to only boot the cd and if the HD checks out ok, boot > up the HD. > > That way there is a slim chance that any security breach will last > > beyond one night on my machine. I seriously doubt a security breach > > will occur, but I want to close every door imaginable. > > > > Anything else that could be done? > > > > Thx > > -C > > > > What is the reason that you find it necessary to reboot the > machine to a > CDROM every morning? Are you sure that there isn't a way to run your > checks while booted to the harddisk? I am fairly sure that you will > never find a way to have the BIOS selectively boot either the CDROM or > the HD based on some OS specific factor, such as a successful check of > the HD. I have a feeling that there may be a better way to accomplish > your goal without a reboot to CDROM every morning. Will you tell the > list more about what you are trying to accompish? > > Nathan > -- > PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=get&search=0xD8527E49 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CE2BFBAA80DD874BB737A4E2C53AA44903B01845>