super-dedicated apache2 arch (boot squashfs)

iaw4 · 2014-12-18 01:47:05

dear arch experts:

I have a somewhat unusual goal. I would like to create a usb-based arch webserver which is much harder to corrupt than anything else out there. let e explain.

I want to boot linux, test if a certain squashfs ext4 file exists, and boot from it if it exists and if the user types 'y' on the console. after the squashfs starts, I want to unplug the usb stick that originally served up this squashfs. obviously, the original usb stick must not have any files open---everything that is live at this point should be from the squashfs file system.

the squashfs should itself contain my main dedicated boot, i.e., with only some programs I absolutely want, in particular apache2. every file that is not used should not be on it. for example, I don't want to see a "mount" or a "sudo" command on my squashfs. ideally, everytime someone tries to access a non-existent command, it is logged to /var/* to help me see what needed files I have forgotten to include.

the obvious problem is that I need to make changes to my safe arch over time, for example, to /etc/apache2/ . also, at early stages, I will learn often that I forgot to include file 'X', and I need to rebuild my squashfs system again. so, from the same usb stick, if the user has typed 'n' at the boot stage, then I continue to boot into the usb stick, which is just a plain arch setup. on this usb stick in the plain arch, there will then be a script that builds the squashfs, ready for the next boot attempt.

this means that I need to learn the following (and all help and pointers appreciated):

(1) as early on, in the upstart process, as possible, I need to do three things: (a) display a message on the console; (b) read a keystroke; (c) be able to test for the existence of a sqsh file on an ext4 partition. all this needs to be done before networking comes up.

(2) I need to stop booting the current system, close all of its files, and load-to-RAM and then boot (kexec?) the sqsh system . (then I will prompt the user to remove the usb stick, just before the networking comes up.)

(3) the following is probably easy: I need to make sure that my sqsh has all the necessary device etc. files needed to boot.

a hacker breaking into the system will have a hell of a time doing much. there will be no sudo, mount, or overlay file system. everything executable exists only on a read-only file system in RAM. the device containing the boot up will be physically removed. all the data ssd itself (incl. /var) will be noexec on another device. there may or may not even be languages, like perl, installed. even with a full zero-day root compromise on apache2, it should still be near impossible for a hacker to install a rootkit. after all, on the next reboot, only the data device can have been changed.

pointers and help highly appreciated. my first two needs above are probably [well, I hope] easy and quick for experts, and painful to learn for amateurs.

/iaw

PS: also, I have never figured out how to boot virtualbox, vmware, or parallel from a USB stick. this used to be possible a long time ago. it would make experimentation a whole lot faster.

Last edited by jasonwryan (2014-12-19 19:21:24)

jasonwryan · 2014-12-18 01:52:30

Holding, subject to mod review...

jasonwryan · 2014-12-19 19:22:15

Restored after deliberations.

Arch Linux

#1 2014-12-18 01:47:05

super-dedicated apache2 arch (boot squashfs)

#2 2014-12-18 01:52:30

Re: super-dedicated apache2 arch (boot squashfs)

#3 2014-12-19 19:22:15

Re: super-dedicated apache2 arch (boot squashfs)

Board footer