boot scripts

goodoldmarty at gmail.com goodoldmarty at gmail.com
Wed Nov 7 17:56:47 PST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you want to P a guy off ...

HLFS is pretty much intended for a different audience than LFS. Not many
people can handle the needs of a hardened system. So it is understood
that we must fill in many of the gaps to make our systems work properly.

Unfortunately the lfs/blfs boot scripts are not even in the ballpark for
 many things related to our server type system. Let's think professional.

1. NTP will hang your system terminally on boot without a working
Ethernet connection. Config is not the issue. The ethernet connection
may eventually come alive, but you remain hung in init.

2. A suppposed ext3 disk error will hang the system terminally on a
reboot. (I automate reboots with cron to control possible memory leaks)
I get hung when the system is actually clean. The script is not handling
the return value properly, and aside from total disaster, ext3 can take
care of itself very well anyway, from my experience. Why halt the boot?

3. several of the boot scripts fail to report progress correctly due to
missing .pid or some other reason. They say things are started or
stopped when ps shows otherwise. MySQL is a lost leader.
The apache script validates all virtual hosts on shutdown. Ridiculous.
I had to re-write all mine so my system is not the issue here. It is the
distributed boot scripts.

Security hardening is great but reliability is a very big necessity.
A minimal software watchdog needs to be incorporated as a standard
component in hlfs - it is in the kernel. If the boot sequence hangs it
needs to automatically re-run in (n) min. That should be fairly easy,
and would allow for some anomalies at least.

For a hardened server, things like tripwire are great if you never
sleep. I have long used OSSec to provide more viable real time
monitoring and with small exception it is a great tool. I recommend this
be something brought into hlfs, as it works pretty well. The developer
is also very communicative and addresses problems quickly.

I am putting Roberts latest dev work online tonight. I moved up to
2.6.23 as it has a grsec patch. I expect no problems as it played so
well in testing. Faster too. I feel it's time to look at donating a bit
more to the cause; how about the rest of you join in with me?

Marty B



- --
Putting Microsoft in a computer is like putting screen doors in a
submarine. Hopeless.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFHMmzfodd/GHZYnVQRArntAJ4xVhGb7OMeP+2BkCGt+rSd6S1w4wCdGPKo
ZROyi5VaFrc1hk9B9b+4Os0=
=1cMf
-----END PGP SIGNATURE-----



More information about the hlfs-dev mailing list