From owner-freebsd-questions@FreeBSD.ORG Tue Oct 5 16:21:58 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE19416A4CE for ; Tue, 5 Oct 2004 16:21:58 +0000 (GMT) Received: from dnsmail4.ior.navy.mil (nocb.ior.navy.mil [205.56.210.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1951A43D54 for ; Tue, 5 Oct 2004 16:21:57 +0000 (GMT) (envelope-from JohnsoBS@vicksburg.navy.mil) Received: from cg69ubd01.vicksburg.navy.mil ([205.95.65.21]) i95GKTKo026513; Tue, 5 Oct 2004 16:20:36 GMT Received: by CG69UBD01 with Internet Mail Service (5.5.2657.72) id ; Tue, 5 Oct 2004 19:24:46 +0300 Message-ID: From: JohnsoBS@vicksburg.navy.mil To: nkinkade@ub.edu.bz, cristobalmiguelo2@yahoo.com Date: Tue, 5 Oct 2004 19:24:45 +0300 X-Mailer: Internet Mail Service (5.5.2657.72) cc: freebsd-questions@freebsd.org Subject: RE: Booting to CD and the handing off to HD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Oct 2004 16:21:58 -0000 Seems you could just mount all the filesystems but /var and /tmp as readonly, set secure level to max, dump all logs to a new log daily, start a new log and do checks on the old logs. That would be my route. Or run a diskless server, or even a live cd of the setup install. > -----Original Message----- > From: Nathan Kinkade [mailto:nkinkade@ub.edu.bz] > Sent: Tuesday, October 05, 2004 6:13 PM > To: Cristobal Miguelo > Cc: freebsd-questions@freebsd.org > Subject: Re: Booting to CD and the handing off to HD > > > On Mon, Oct 04, 2004 at 09:23:31PM -0700, Cristobal Miguelo wrote: > > > > On Sun, Oct 03, 2004 at 08:58:05PM -0700, Cristobal > Miguelo wrote: > > > > Hello, > > > > > > > > I'm going to be working on a firewall box where I want > to boot to > > > > CD and run an integrity check on the Hard Drive. If the Hard > > > > Drive checks out OK, I want the CD to then hand off to the hard > > > > drive and boot the hard drive. > > > > > > > > Is that possible? What man pages and/or web pages > should I read > > > > to make it happen? > > > > > > > > Thanks! > > > > Cristobal > > > > > > > > > Well, you could certainly mount the harddisk partitions > somewhere in > > > the filesystem while running under the CDROM booted kernel. > > > However, I seriously doubt if you could change the > running kernel to > > > that from the harddisk. Why not just reboot to the harddisk after > > > you have finished your diagnostics with the CDROM? > > > > > > Nathan > > > > > > > > > > Thanks for the response! > > > > I would like to have it completely automated: > > > > The machine goes down at 4am for the check and boots to cd, > then the cd > > controls the hand-off to the hard drive. I'd like to have the BIOS > > setup to only boot the cd and if the HD checks out ok, boot > up the HD. > > That way there is a slim chance that any security breach will last > > beyond one night on my machine. I seriously doubt a security breach > > will occur, but I want to close every door imaginable. > > > > Anything else that could be done? > > > > Thx > > -C > > > > What is the reason that you find it necessary to reboot the > machine to a > CDROM every morning? Are you sure that there isn't a way to run your > checks while booted to the harddisk? I am fairly sure that you will > never find a way to have the BIOS selectively boot either the CDROM or > the HD based on some OS specific factor, such as a successful check of > the HD. I have a feeling that there may be a better way to accomplish > your goal without a reboot to CDROM every morning. Will you tell the > list more about what you are trying to accompish? > > Nathan > -- > PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=get&search=0xD8527E49 >