20230928 12:48
Attention! This hint requires true paranoids ;)
Shell scripting gives you the ability to mount your core system (/etc, /bin, /sbin) in different time frames.
You have all the potential to do the following:
- mantains copy for your main system folders on root
- boot your system by mounting /etc and all the /bin and /sbin readonly and locked down;
- unmount on demand the system to accept updates;
- mount your system to return in readonly mode.
Consider also these small pieces of code:
unmountEtc() {
(set +e;trap 'umount -f "/etc"' 0 1 2 3 5 7 10 15;sleep 5) || return
}
unmountEtc
if mount -t ffs -r -o nodev,nosuid /dev/sd1j /etc; then
sleep 3
echo "- /etc restored readonly, maybe"
else
sleep 3
echo "!! problems remounting /etc readonly !!"
fi
Enjoy!