On 01/05/2012 08:58 PM, Lamar Owen wrote:
1.) Boot and run the bastion hosts from customized LiveCD or LiveDVD on real DVD-ROM read-only drives with no persistent storage (updating the LiveCD/DVD image periodically with updates and with additional authentication users/data as needed; DVD+RW works very well for this as long as the boot drive is a DVD-ROM and not an RW drive!);
How about using Stateless CentOS system with: http://plone.lucidsolutions.co.nz/linux/io/using-centos-5.2-stateless-linux-..., then mounting KVM guests system as read-only, shutting it down and then setting KVM guests virtual drive file as read-only for KVM. That ways change of read-only to write would have no effect on the HDD/image.
But I do not know if this is possible from KVM "read-only" point of view.