Kernel security levels may do what you want with less hassle. Machine would need a reboot before they can be lowered.
See man page (7) for securelevel > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Matt Garman > Sent: Friday, July 01, 2005 11:06 AM > To: OpenBSD Misc > Subject: read-only storage media > > Is there any kind of storage media that can be set as read-only, and > only reset to read and write by physical access? > > I'm thinking about something like the (seemingly ancient) 3.5" > floppy disks that had that little "switch" you could use to set the > disk to read only. > > Are there any hard drives that have a similar kind of feature? > > I'm thinking that this would be nice for a firewall machine: if the > machine was compromised, it still couldn't be modified (i.e., > volumes mounted read only can always be remounted read-write if the > machine is root compromised). > > I'm thinking that I could burn a CD-R (and re-burn it whenever > there's a configuration change), but it seems like the system might > have a lot of latency and the CD-ROM drive might prematurely fail. > > Any thoughts? > > Thanks, > Matt > > -- > Matt Garman > email at: http://raw-sewage.net/index.php?file=email
