"Rodolfo J. Paiz" wrote: > > At 16:12 10/23/2003, you wrote: > >One thing to consider here is to not write the --MARK-- entries, or > >write them only every hour or so (default: each 20 minutes). > > Hrmph. Clearly I have more to learn about this than I thought. OK, so > what's a MARK entry, and where is its logging configured? Look at your logfile. Do you see any entries which have as message only --MARK-- ? They are inserted to give you an easy overview of the time that has passed. They are, of course, configured in /etc/syslogd.conf. The syslogd documentation is a good resource, give it a try! > And if the firewall is hung, dead, and killed? Reinstall. This is, > after all, my home firewall where the critical config files are > backed up. No big deal. Well, the problem with intruders is that you maybe never notice them - especially if you don't use an intrusion detection system. One way to decrease permanent damage is to remove anything an intruder could write permanent data on, and reboot the machine often. For your private network, it should be good enough to just throw out an intruder shartly after he has hacked you. But if you have interesting stuff in your network, like some companies, you want to learn from the intruder and improve your firewall. Keeping backups of important files on the firewall is a *ver bad* idea - the firewall is always the first prey of an intruder and should therefore be considered as the least secure place of the entire network! > Care to add some detail to this? Some special CD-ROM distro? Else how > do you do config files, or temporary files/tables/etc.? Do you create > some sort of a RAM disk for this? How? I started by looking into the Red Hat rescue CD and some CD-based distros (I'm not sure which ones). Some of them have had quite good documentation about how to build your own diskless CD-based box, so try to find some! For creating a RAMdisk I use mkinitrd, of course. Using a CD-based box is basically the sames as being completely diskless, but you have the advantage of using the CD as place for /usr, so you don't need to put all the binaries you may need into the RAMdisk - frees quite some memory, especially nice since you don't have swap... Sorry for being so short, but I'm tired (it's 01:00 AM in Germany), and there is a lot of good documentation on both your Linux box and the internet. Best regards, Martin Stricker -- Homepage: http://www.martin-stricker.de/ Linux Migration Project: http://www.linux-migration.org/ Red Hat Linux 9 for low memory: http://www.rule-project.org/ Registered Linux user #210635: http://counter.li.org/ -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
