On Dec 27, 2013, at 5:49 PM, bruce <badouglas@xxxxxxxxx> wrote: > Pete. > > The 1st OS will be the os that gets run, it's the "master".. However > if I detect that it's hacked, I want to be able to reinstall the OS. What if the drive dies? What method are you going to use to get back up and running as soon as possible? And why is that method invalid for the hacked use case? Why wouldn't you have that drive imaged onto another drive, so that if the first one dies, you can replace it and be up and running quickly? Reinstalling is going to take a while and you have all sorts of unknowns that haven't been figured out. It sounds like a Rube Goldberg contraption that doesn't really meet the first requirement you have, and can't be easily repurposed for other failure cases. So it's a single use kitchen tool that also doesn't work very well. I think you need to rethink your approach. > My approach is to have a 2nd minimal system/OS that has the only > function to invoke a complete/fresh netinstall to restore/refresh the > OS on the 1st system. Nope, won't work. 1st system is compromised? The 2nd one must be assumed to be compromised. > This allows the 1st OS/system to be completely restored, wiping out > any remnants of the hacked process. Which as I said before is almost certainly illegal destruction of evidence, you should be asking a lawyer about this. > > At the same time, the master/2nd OS will periodically update/restore > the minimal/1st OS by the 2nd OS/system. This process allows the > system to be able to be refreshed as required, with a clean OS.. This makes no sense. > > If you have a better approach, I'm open for discussion. Well no, you chopped that part of the conversation out entirely, twice for me, no response to Edward's concerns along the same lines Chris Murphy -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org