>I remember a discussion several weeks ago about using a CD-ROM based
>bastion host, mounting filesystems read-only, etc. I was wondering if
>anyone has given thought to netbooting a bastion host from a trusted
>system inside the firewall. Is there any value to this? I was
>thinking that this way you could ensure a "virgin" system just by
>rebooting the machine... Any changes to the kernel or other files
>would be gone after reboot, etc.
If you can make your own boot cd with things like root and usr
it sure llooks a good idea, the machile will be slow, ok but methinks
it will be SAFE.
But how to solve things like /usr/tmp and /var/tmp ? Those can't be in
cdrom and I think they must be mounted at boot time.
We have a cdrom burner, but I have no idea of how to write a solaris