Further adventures in Firewall upgrades
Duston, Hal
hdusto01 at sprintspectrum.com
Mon Apr 8 20:42:32 CDT 2002
Lucas Peet [mailto:lpeet at eccod.com] wrote:
>
> One think I forgot, also need to remove S**killall...
>
> > I've heard of running a firewall in a "halted" state,
> > but haven't tried it so far. I'm not sure what it
> > means to "halt the machine". shutdown -h now?
> > telinit 0?
>
> Just 'halt' should do it for ya.
>
> > Don't you lose logging if you do that?
>
> Yes, unless you also remove K**syslogd...
>
> > Thinking on this, with a live machine you can run
> > timed scripts to do things like allow connections
> > from The Office, but only between 8:00 and 5:00
> > 'cause otherwise the office is closed.
>
> And maybe remove K**crond.
Actually, I think you may _still_ lose syslog, and
crond since init tries to kill all userspace apps it
doesn't know about after the shutdown scripts are
done. The entire point of running in a "halted" state
is that there is _no_ userspace _at all_ to be exposed
to cracking.
A way to get around this would be to add syslogd and
crond to the /etc/inittab file or the scripts called
by runlevel 0, so that init would then know it is not
supposed to kill them when it goes to run level 0.
Hal
More information about the Kclug
mailing list