[1201] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Linux firewall with ro fs?

daemon@ATHENA.MIT.EDU (David Bonn)
Wed Oct 9 02:33:08 1996

Date: Tue, 8 Oct 1996 10:35:36 -0700
From: David Bonn <david@sealabs.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.961007102811.3463A-100000@blackhole.kfki.hu>

>>>>> "Jozsef" == Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> writes:

Jozsef> Hello,
Jozsef> I'm thinking on building a firewall with Linux and have just thought 
Jozsef> the following: I'm paranoid on firewalls and want it to be as secure
Jozsef> as possible. Is there any difficulty in running Linux with all 
Jozsef> filesystems ro? (The only writable fs would be /var = noexec, nosuid, 
Jozsef> nodev.) The mount command would be a patched one which wouldn't
Jozsef> make possible to re-mount an fs to r/w.

Make a boot floppy with a minimal system and write your own "init"
program that builds filter rules, configures network interfaces, and
then happily sits.  Then pull the hard drive out of the machine and
put it somewhere it can do some good.  If you want logging, use
syslogd to send it to another host.

Configure the firewall by making new floppies and hand-carrying them
to the firewall machine.

The ramdisk documentation in the kernel source give good hints about
how to make that magic boot floppy.

We've built firewalls this way in as little as 4MB of RAM and less
than 1024k of the space on the floppy -- compressed filesystems are a
good thing.  Proxy daemons will cost you a bit more in the memory
department, but that's no big deal.  We've never gotten above 6MB of
ram used with our proxy servers and firewall and ramdisks.

You'll know you've done this right when you don't need a shell and
have less than 100 files (counting device files) on the whole system.

dwb

Jozsef> [REW: Good idea. Remember to make /tmp a link to /var/tmp. Don't 
Jozsef> bother with the mount thing. I'd assume that the hackers would be 
Jozsef> able to get themselves a new mount binary. (If they are already running
Jozsef> stuff as root.......)

... but not as secure as a system which had no shell, and ran no
processes at all as root.

dwb

home help back first fref pref prev next nref lref last post