Lucas Peet [mailto:lpeet@eccod.com] wrote:
>
> One think I forgot, also need to remove S**killall...
>
> > I've heard of running a firewall in a "halted" state,
> > but haven't tried it so far.  I'm not sure what it
> > means to "halt the machine".  shutdown -h now?
> > telinit 0?
>
> Just 'halt' should do it for ya.
>
> > Don't you lose logging if you do that?
>
> Yes, unless you also remove K**syslogd...
>
> > Thinking on this, with a live machine you can run
> > timed scripts to do things like allow connections
> > from The Office, but only between 8:00 and 5:00
> > 'cause otherwise the office is closed.
>
> And maybe remove K**crond.

Actually, I think you may _still_ lose syslog, and
crond since init tries to kill all userspace apps it
doesn't know about after the shutdown scripts are
done.  The entire point of running in a "halted" state
is that there is _no_ userspace _at all_ to be exposed
to cracking.

A way to get around this would be to add syslogd and
crond to the /etc/inittab file or the scripts called
by runlevel 0, so that init would then know it is not 
supposed to kill them when it goes to run level 0.

Hal