[buug] Convert Linux Gateway to OpenBSD
itz at speakeasy.org
Thu Oct 24 12:46:54 PDT 2002
itz> It may be possible (and even advisable, on security grounds) to
itz> run them from another machine over NFS, though. Never tried that
itz> - anyone else care to comment?
jan> care to explain a little more?
Have aide/tripwire/integrit actually run on one of the internal
machines, and nfs-mount the checked filesytems? That way you don't
have to worry about the binaries themselves being replaced, at least
as long as the firewall can be trusted.
Puts a huge load on the ethernet though, probably. Again, I never
actually did it.
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
More information about the buug