> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Brett Serkez > Sent: Friday, May 02, 2008 9:43 AM > To: CentOS mailing list > Subject: Re: [CentOS] read only root file system > > On Fri, May 2, 2008 at 9:38 AM, Ralph Angenendt <ra+centos at br-online.de> > wrote: > > Brett Serkez wrote: > > > On Fri, May 2, 2008 at 12:16 AM, Jason Pyeron <jpyeron at pdinc.us> > wrote: > > > > I am looking at having a read only box, it will not use a swap > partition. > > > > Any recommendations? > > > > > > You'll need to break out your hard drive into multiple partitions, as > > > there are certain portions of the file system that need to be > writable > > > such as /var and /home. I setup systems in this manner to make them > > > more difficult to subvert, I'd suggestion searching for topics such > as > > > "linux file system hardening". > > > > What do you do with /etc/mtab - where the system clearly wants to write > > into when you mount/unmount stuff? > > Make it a soft-link to /var or other writable file system, perhaps > /etc/mtab -> /var/etc/mtab. > > For the most part the Linux/UNIX file system is broken up into well > defined areas, but alas, exceptions need to be dealt with. Resources to help with the exceptions???? I am mounting /tmp as a ramfs, all of these items can go there. I am trying to minimize introduction of non-rhel / centos packages and minimized deviation from modifications outside of the packages. So this will eliminate UnionFS as an option. Current idea about /var/log is to setup syslog to output over some port (tcp, udp, serial, etc...) > > Brett > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.