On Wed, 3 Nov 1999, Evan Moore wrote: > port to act as a loging machine, and then make the web server a read > only system. How may a person make a read only system. Would mounting > the drive ro do the trick, or would it be easy for someone to remount > the system rw.
In general it is neither possible nor desirable to make a system "read only." Such a setup will increase your hassle dramatically but will not really improve security in any meaningful way. The best way to preserve security on a web server is to block off all the ports other than port 80 using a firewall, and make sure you follow the Apache mailing list and keep up to date on possible security concerns in the Apache software itself as well as any software that you have that works in conjunction with it, such as CGI scripts, PHP, etc. Having another machine attached via serial port is a reasonable thing to do. It won't really provide any security, but it will provide a (hopefully unassailable) syslog facility. Of course, you must configure the logging machine to not accept any data from the webserver other than the syslog using the Linux kernel's packet filtering abilities. You would then (possibly) want to connect the logger to the rest of your network for easy monitoring.
