On 28 Mar 2001, at 8:08, Reckhard, Tobias wrote:
However, of course you'll have programs running on the packet filter as well. First, there's the kernel. Then you've probably got syslogd and crond running.
A DHCP client is more likely. I would not have crond, the only thing it had to do on such a computer is to ratate/compress logs, that implies read write and delete rights to log files and that is the first target for an intruder. Log files are to be append only in multiuser mode, regular backups/logrotate functions are best done in singleuser mode via serial terminal/console.
Unless you're performing administration from the console only, you'll probably have sshd running.
For remote administration a serial line to a modem/ISDN server (callback if possible) is the best thing to combine security with comfort. This can be done and the cost compared to the level of security one can achieve is marginal. And as a bonus, that way you can alter even network configurations off site. By the way, does someone here have ressources of a port of mtree to Linux? TIA mike