Freeze SO Linux, it's possible?

[Bart Silverstrim]

Loïc Grenié wrote:
> 2008/12/11 Bart Silverstrim <bsilver at chrononomicon.com>:
>> Loïc Grenié wrote:
>>>> Anthony M. Rasat wrote:
>>>> As a side note, no, I've never found similar-type software
>>>> for Linux to "Freeze" it despite looking around.
>>>     The Ubuntu live-CD is doing exactly what you are looking
>>>   for (I think). It's not very difficult to change the "stable"
>>>   filesystem (look for "personalizing live cd") to exactly fit
>>>   your situation.
>> Unless you want to update the system or install more software easily
>> without burning another CD or DVD :-)
> 
>       You do not need to. You can store your system on a rewritable medium:
>   I use an USB key, but a hard disk would work as well (and faster).
> 
>    You can even choose to not do the "squashfs" part, but you will probably
>   need to modify the initial ramdisk a little.

Part of this is to explain what I do know to people unfamiliar with DF...

The thing with deep freeze is that it lets you make any change you 
want...infect it, install P2P, install trojans...and it will let you if 
the OS will let you do it. It doesn't interfere with programs as they 
run. At reboot, ALL changes are gone.

If you're using a non-RW media, you will get errors if anything tries to 
alter a file. If /etc is on a CD (like...I don't know, maybe devil linux 
does this) you'll get an error if you try to alter contents of apache's 
config.

If you run from memory, you'd be able to make changes but whenever you 
reboot you again need to alter contents. Unless you edit the non-rw 
media. That's the safe part...it can't be altered, so no one can slip 
changes or trojans or rootkits onto non-alterable media.

If you're using USB you can make changes that persist across reboot. 
That's defeating the purpose of deep freeze.

Deep Freeze means that you can have users with extra privileges that 
will possibly infect, alter, or fiddle with workstation settings, and 
even if there's an infection in an NTFS alternate filestream or a 
rootkit hiding from tools and disinfectors, a reboot will wipe the 
changes away, and at the same time they have the ability to run 
problematic programs that balk if permissions are secure or some other 
antimalware measures interfere with legitimate (yet badly designed) 
programs.

While others are suggesting what are essentially snapshots and backups, 
there isn't an actual equivalent I've ever seen in Linux.

Rsync/tar is just backing up at intervals. You'll take malware with the 
backups if you didn't catch it in time.

Permissions locking and SElinux magic and the like are just being 
secure...it gets in the way of user convenience, administration 
overhead, etc...it's a replay in some ways, from the user perspective, 
of moving to Vista's constant security blocking and nagging, and if the 
user can install programs or do updates etc. then you still defeat the 
purpose of deep freeze.

Live CD's need editing if you want to update or alter configurations.

Running entirely in memory is close, but you need a floppy or hardware 
lockable USB drive to prevent any and all alterations to store custom 
configs, like devil linux does.

Closer still is virtualbox, where you take a snapshot of the state of 
the machine, makes changes, then revert back to the previous state and 
lose any and all changes. That's essentially what DF is doing from what 
I can gather.

I don't know how DF works other than I theorize it is intercepting and 
logging changes to the filesystem. I do know that it is altering files 
on the fly since the filesystem becomes *heavily* fragmented over time; 
when I thaw a machine to do windows updates I will often run the defrag 
just to help older systems a smidge.

Unless you're running a VM of Linux or maybe rigging up a way of running 
entirely in memory, you really aren't coming quite as close to what DF 
does for Windows though.