[buug] Convert Linux Gateway to OpenBSD

Ian Zimmerman itz at speakeasy.org
Thu Oct 24 12:46:54 PDT 2002


itz> It may be possible (and even advisable, on security grounds) to
itz> run them from another machine over NFS, though.  Never tried that
itz> - anyone else care to comment?

jan> care to explain a little more?

Have aide/tripwire/integrit actually run on one of the internal
machines, and nfs-mount the checked filesytems?  That way you don't
have to worry about the binaries themselves being replaced, at least
as long as the firewall can be trusted.

Puts a huge load on the ethernet though, probably.  Again, I never
actually did it.

-- 
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087  9C0F 194F 203A 63F7 B1B8  6E5A 8CA3 27DB 433B A087



More information about the buug mailing list