Technical Generalism

Work-in-progress projects, ideas, how-tos, and rants from a guy in the InfoSec industry

Setting Up a Read-only Rootfs Fedora Box - Part 1

| Comments

For this example/howto I’m going to be using a Fedora 19 system. I’m trying to set up a read-only root VM where it’s usable as a general Linux server, not as some single-purpose appliance, like a streaming media center server. Depending on your desired use-case for OS/application data, you have some options for managing data that isn’t in the read-only root filesystem.

There are two basic concepts in Fedora’s implementation of read-only root. A temporary scratch space, and a persistent storage space. You will ultimately always end up using the temporary scratch space, so the persistent storage space is optional.

Read-only Root Filesystems

| Comments

This is a quick post - I’ll flesh it out later, I promise. I haven’t posted in a while, and I wanted to brain dump what I’m working on at home in some VMs.

Long story short: I accept the fact that at some point, all of my computers will be compromised. Whether that compromise is mass-malware, or some kind of targeted attack is irrelevant. The point is some kind of unauthorized change will occur. If I can reduce the number of disk locations that are writable, I can reduce the number of locations an attacker can leverage to remain on my system.

Nova Labs MAL100 Classes: Status

| Comments

The Nova Labs MAL100 class in April was a hit, and there’s one upcoming in May on the 15th that has already filled up all available slots. That’s fantastic, but it’s going to take forever for me to train everybody if I’m doing it at 15 students at a time. I’ve got some work to do for making things available to students whom are remote.

Adventures in Ruby

| Comments

After reading a a blog post on exactly what I needed for students to remotely access the virtual machines in the Nova Labs classes, I decided I needed to give back to the community just a bit more. Because I like github, and because I’ve used github-pages before, I decided on Octopress. I’d soon find out this wouldn’t be as simple as setting up github-pages for my thin-provisioning site, which oddly enough appears to be returning a 404 as I compose this post. Sigh.

This is the story of me getting Octopress operating “correctly” at home.