[CentOS] securing a remotely hosted machine

Fri Aug 20 15:28:13 UTC 2010
Les Mikesell <lesmikesell at gmail.com>

On 8/20/2010 9:55 AM, Brunner, Brian T. wrote:
> 3: When you first build the system, ghost/image the boot/root/usr (bru)
> drive onto a spare backup, verify the backup boots the machine the same
> as the main drive.
> 4: have the backup bru drive mailed to you, dupe it, and rsync the
> remote bru to your local copy whenever you make a change to the remote
> bru.

This part tends to be problematic when the system is remote and you need 
hands-on access for the install.  It would be much nicer to build 
locally and ship the initial drives.

> 5: In the event of fire, vandalism, or other urgent cause, your cluster
> can appear on a new server rapidly.  Just FedEx ghosts of your locally
> stored bru drive rsynced from what were your remote machines, and (on
> similar hardware) they should turn-key boot and run.

Try it - you won't like it.  If the MAC addresses of the NICs don't 
match what is configured, the network won't come up.  Have fun with that 
when you've broken the local keyboard/monitor.  I ship clonezilla-copied 
drives around fairly often, but bringing them up always involves local 
operators that know their way around linux enough to get the right IPs 
assigned to the right interfaces.  I suppose if I had a dhcp server on 
all the destination networks I could watch for the IP they give out, 
then connect and change it but that's not very convenient either so 
sometimes I end up shipping the whole servers around.

   Les Mikesell
    lesmikesell at gmail.com