Prevent creating new file for root directory

Started by peterwkc, December 30, 2024, 09:20:31 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 30, 2024, 09:20:31 AM
Dear all, I'm seeks a method to prevent to create new file after my configuration is stable. I want to turn on n off easily when need.
For instance, during upgrade, i will enable it. Please help. Thanks.
December 30, 2024, 03:46:40 PM #1
unclear. What file in which location? After your configuration is stable, there is nothing modifying it except the admin(s) of the system. In other words if you are the only admin, only you can take it from stable to unstable by making changes ;)
December 30, 2024, 09:04:56 PM #2
The OP is just paranoid and wants to keep trojans from modifying OpnSense's file system. Which is impossible without breaking most things.
BTW: If it were possible and you could change the write protection "easily" - trojans or hackers could do that, too.

And remember: Just because you are paranoid does not mean that they are not after you!
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
December 31, 2024, 07:28:13 AM #3
Quote from: cookiemonster on December 30, 2024, 03:46:40 PMunclear. What file in which location? After your configuration is stable, there is nothing modifying it except the admin(s) of the system. In other words if you are the only admin, only you can take it from stable to unstable by making changes ;)

The root directory files. Script or policy can do this?
December 31, 2024, 04:20:54 PM #4
Quote from: peterwkc on December 31, 2024, 07:28:13 AM
Quote from: cookiemonster on December 30, 2024, 03:46:40 PMunclear. What file in which location? After your configuration is stable, there is nothing modifying it except the admin(s) of the system. In other words if you are the only admin, only you can take it from stable to unstable by making changes ;)

The root directory files. Script or policy can do this?
If you mean / yes you can make it read only. At that point it becomes a paperweight and you have to reinstall the system straight away. Why? Because the OS needs to be able to read, add, modify and delete files to function. Do not do it (set read-only).
I've seen your posts and see where meyergru is coming from. You are in a geography that might need you to be extra careful but please allow yourself to be convinced, your OPN can not be "hacked" from the outside on a default configuration. The only problems you seem to have are to do with either hardware or configuration problems.
Print
Go Up Pages1
User actions