[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] lock down ubuntu
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] lock down ubuntu
- From: David Hare <davidhare77@xxxxxxxxxxx>
- Date: Tue, 12 Apr 2011 03:32:26 +0100
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1302575525; bh=6Rj9rsP6nK8S+6SIUfetgIbdbd2uE6+/PaRLpxPReI4=; h=X-Yahoo-Newman-Id:Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=IRgxjBwRYGKrCDoh7pCbJuilZ4iG/VkCoaZyQNXMNYERmk0d3yV9HJggErtLZ9zrB9WSc516pB3AJbZlrEHXQr74TTNP6iTzEJbvcyrPxi1J5iFtuH32v/VUYXofw5LNNaxtA7lDgLDfVRDh9JmZ0j/OQ7wjck6W6c47tefq0HY=
One option for a "lockdown" system is a Debian-live session without
persistence (on reboot no changes are saved) or to have persistence to a
set location only. A user cannot damage the system, since changes are
discarded on shutdown/reboot. If su/sudo is disabled a user cannot mount
other hard disk partitions.
My Debian-live systems (I use custom scripts for the Exe Linux live
builds) boot and run as fast as a normal HD install, especially from ISO
image on a fixed disk (which could be a designated, read-only partition)
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
