[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Re: [fw-wiz] VM system for firewall use
From: Bennett Todd <bet () rahul ! net>
Date: 2004-10-12 20:01:30
Message-ID: 20041012200130.GB6612 () rahul ! net
[Download RAW message or body]
2004-10-12T17:53:28 Marcus J. Ranum:
> Don't follow the usual mantra of "minimization" by taking off
> unnecessary stuff, etc. Invert the process and do a "zero build"
> configuration. Install only the absolute minimum of stuff
> necessary to get the machine to boot and start your program(s).
> Leave out the shell, 90% of /dev, all of /bin, /etc, etc. Leave
> out /etc/passwd because you don't have /bin/login, or sshd or any
> of that crud.
A sweet approach. I've not gone quite that far, I leave myself
busybox, which is pretty much all of /bin. But I'll keep the idea
in mind, someday I'll build one of these gizmos, tune it up, then
write an init that just forks and execs the daemons I want and tear
busybox right back off it. In fact, for a single-daemon appliance,
just call its executable init.
-Bennett
[Attachment #3 (application/pgp-signature)]
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic