Freeze SO Linux, it's possible?
bsilver at chrononomicon.com
Thu Dec 11 14:37:48 UTC 2008
Loïc Grenié wrote:
> 2008/12/11 Bart Silverstrim <bsilver at chrononomicon.com>:
>> Loïc Grenié wrote:
>>>> Anthony M. Rasat wrote:
>>>> As a side note, no, I've never found similar-type software
>>>> for Linux to "Freeze" it despite looking around.
>>> The Ubuntu live-CD is doing exactly what you are looking
>>> for (I think). It's not very difficult to change the "stable"
>>> filesystem (look for "personalizing live cd") to exactly fit
>>> your situation.
>> Unless you want to update the system or install more software easily
>> without burning another CD or DVD :-)
> You do not need to. You can store your system on a rewritable medium:
> I use an USB key, but a hard disk would work as well (and faster).
> You can even choose to not do the "squashfs" part, but you will probably
> need to modify the initial ramdisk a little.
Part of this is to explain what I do know to people unfamiliar with DF...
The thing with deep freeze is that it lets you make any change you
want...infect it, install P2P, install trojans...and it will let you if
the OS will let you do it. It doesn't interfere with programs as they
run. At reboot, ALL changes are gone.
If you're using a non-RW media, you will get errors if anything tries to
alter a file. If /etc is on a CD (like...I don't know, maybe devil linux
does this) you'll get an error if you try to alter contents of apache's
If you run from memory, you'd be able to make changes but whenever you
reboot you again need to alter contents. Unless you edit the non-rw
media. That's the safe part...it can't be altered, so no one can slip
changes or trojans or rootkits onto non-alterable media.
If you're using USB you can make changes that persist across reboot.
That's defeating the purpose of deep freeze.
Deep Freeze means that you can have users with extra privileges that
will possibly infect, alter, or fiddle with workstation settings, and
even if there's an infection in an NTFS alternate filestream or a
rootkit hiding from tools and disinfectors, a reboot will wipe the
changes away, and at the same time they have the ability to run
problematic programs that balk if permissions are secure or some other
antimalware measures interfere with legitimate (yet badly designed)
While others are suggesting what are essentially snapshots and backups,
there isn't an actual equivalent I've ever seen in Linux.
Rsync/tar is just backing up at intervals. You'll take malware with the
backups if you didn't catch it in time.
Permissions locking and SElinux magic and the like are just being
secure...it gets in the way of user convenience, administration
overhead, etc...it's a replay in some ways, from the user perspective,
of moving to Vista's constant security blocking and nagging, and if the
user can install programs or do updates etc. then you still defeat the
purpose of deep freeze.
Live CD's need editing if you want to update or alter configurations.
Running entirely in memory is close, but you need a floppy or hardware
lockable USB drive to prevent any and all alterations to store custom
configs, like devil linux does.
Closer still is virtualbox, where you take a snapshot of the state of
the machine, makes changes, then revert back to the previous state and
lose any and all changes. That's essentially what DF is doing from what
I can gather.
I don't know how DF works other than I theorize it is intercepting and
logging changes to the filesystem. I do know that it is altering files
on the fly since the filesystem becomes *heavily* fragmented over time;
when I thaw a machine to do windows updates I will often run the defrag
just to help older systems a smidge.
Unless you're running a VM of Linux or maybe rigging up a way of running
entirely in memory, you really aren't coming quite as close to what DF
does for Windows though.
More information about the ubuntu-users