[CentOS] securing a remotely hosted machine
Karanbir Singh
mail-lists at karan.org
Fri Aug 20 16:15:59 UTC 2010
On 08/20/2010 03:55 PM, Brunner, Brian T. wrote:
> 1: Rebuild kernel to remove local KVM (Keyboard Video Mouse), run
> headless; the only access is via ssh.
that isnt going to help if the network card is dead. I dont want the
machine shipped back to me for looking at :)
> 3: When you first build the system, ghost/image the boot/root/usr (bru)
> drive onto a spare backup, verify the backup boots the machine the same
> as the main drive.
> 4: have the backup bru drive mailed to you, dupe it, and rsync the
> remote bru to your local copy whenever you make a change to the remote
> bru.
> 5: In the event of fire, vandalism, or other urgent cause, your cluster
> can appear on a new server rapidly. Just FedEx ghosts of your locally
> stored bru drive rsynced from what were your remote machines, and (on
> similar hardware) they should turn-key boot and run.
points 3 - 5 are a bit academic, and very site specific. For my setup,
it takes lesser time to rebuild the machine with the installer and have
the config management system, job queue system restore a box's 'role'
than use ghosting policies. eg. a bare metal install is ~ 5 min from a
local cobbler setup, which can also trigger a puppet run which usually
does the system state rebuild in about 15 - 18 minutes. Data needs
restoring, but that will come from the backup machine.
With rapid provisioning where it is, i dont think ghosting is worth the
extra agro.
- KB
More information about the CentOS
mailing list