From: Heiko Z. <he...@zu...> - 2003-08-26 23:10:31
|
Hey, Bruce Smith wrote: > I came up with the brilliant idea the other day, and would like some > input. (go ahead and tell me if it's a dumb idea, I don't care! :) > > I might have an application to put a DL router/firewall internally in > our company to firewall off a department we don't trust. The problem is > this PC cannot be in a secure location (untrusted employees have access) > > I don't really want anyone taking the floppy or USB stick out of the PC, > mucking with it, and replacing it. So what if the etc.tar.bz2 file was > also on the CDROM? People cannot eject the CD from a running DL PC, and > if they shutdown the DL PC to remove the CD, I would know about it from > my opennms monitoring software. > > It would be easy to hack the linuxrc startup script, and say if > /cdrom/config/etc-static.tar.gz2 exists, then completely ignore the > floppy and USB devices, and ONLY untar the static etc file from CD. I like this idea, too. It will work only with IDE CD-ROMs . I would do it this way: check if conventional config media is available, if not, check if we find a IDE CD-ROM with the config on it, if not, *BEEP* BEEP* BEEP* Please insert blablabla > How hard would it be to write a script that would read a DL CD (or ISO), > replace one file on it, and write a new ISO image? This script would > need to run in a normal Linux distribution (Redhat/SuSE/...), not from > the chroot development environment. I don't think that will be too hard, we (actually you) just need to play around with the mkisofs/cdrecord tools. You also need to define a minimum version of the tool. cya Heiko |