Presentation on theme: "Afternotes Discussion on presentation of these slides made it clear to me that what I seek is simplification of the backup and recovery process, not just."— Presentation transcript:
Afternotes Discussion on presentation of these slides made it clear to me that what I seek is simplification of the backup and recovery process, not just of data, but of the working system in a fashion that it can be transferred to different hardware if necessary. There are certainly some options out there for this, and the discussion was very helpful. Thanks OCLUG participants. JN
Operate from R/O – Does it exist? J C Nash -- March 2006 ● The wish list: ● Boot from r/o media, preferably write-protect USB, but possibly a CD ● Have SSH keys and other important files (?? passwd, etc.) on r/o media too ● Be able to configure / update easily ● /home or parts, /var or parts, ??others on separate partitions – and easy to set up / reconfigure as system grows ● easy backup and restore
What's out there? ● NSA Security Enhanced Linux – http://www.nsa.gov/selinux/ http://www.nsa.gov/selinux/ – focuses on kernel and utilities to enforce access control – likely NOT what I want, but.... – Seems to be FLOSS
Trustix Secure Linux ● http://www.trustix.net/ http://www.trustix.net/ ● Own installer SWUP / Viper (rpm based??) ● Keep it simple claim ● Server oriented (what I want!) ● Maintained ● Appears open and free ● Anybody have experience of it?
LIDS ● http://www.lids.org/ http://www.lids.org/ ● Linux Intrusion Detection System ● Probably somewhat orthogonal to my wants, but...
En Garde Secure Linux ● http://www.engardelinux.org http://www.engardelinux.org ● Simple & Secure Remote Administration ● Powerful Host Intrusion Detection ● Secure Network Services ● Built-in Support and Alerts ● Robust Network Intrusion Detection ● Quick and Secure Web, DNS email, FTP ● Community edition free, but clear that it is commercial ● debian based (my preference)
Onward.... ● Plan to try to implement some sort of r/o bootup (e.g. could use a knoppix basis) ● BUT don't want lots of h/w detect each time – want faster reboot if necessary, with disk examination ● Willing to try one of the options above, esp. if others willing to share expertise and write up what is learned. ● Should OCLUG be a focus for such reports?