Run FBSD with config files from a remote server

[triumdh]

I am trying to run a standard install FBSD server but have config files load from a remote server instead of /usr/local/etc at boot.
I do not want to scp the files. I am hoping to have the files load into memory without residing on the local server.
The remote server is at a different location/subnet.
Thanks in advance.

FreeBSD keep up the great work.�e

 

[SirDice]

Is there a reason why you want this?

If you just want some centralized configuration management, I'd use a cronjob with cvs to pull in config files. The config files are stored in a central CVS server. The biggest benefit would be having version control on those files.

 

[randi@]

NFS mounts.

 

[triumdh]

Thank you randi@
NFS mount with the /net switch will work.

SirDice
When your config files hold sensitive data you may not want them residing locally although I did look at encryption also.

 

[SirDice]

Thank you randi@
NFS mount with the /net switch will work.

SirDice
When your config files hold sensitive data you may not want them residing locally although I did look at encryption also.

Then NFS isn't going to help you either. Somebody could just mount the exported filesystem and have a look at your files.

The real question is.. What do you consider sensitive data and why is it stored in configuration files?

 

[triumdh]

The mac and ip addresses would not match for access to the NFS server.
Where else would you put configuration data?

 

[SirDice]

The mac and ip addresses would not match for access to the NFS server.

Both are easily set by anyone and it won't stop people from accessing the data.

Where else would you put configuration data?

I'm more interested in what you deem to be 'sensitive' configuration data.
If we understood what you're trying to protect we may have better solutions.

 

[triumdh]

Sorry, I can't really post information on our sensitive data.
We are evaluating several OS's and the spec requires that certain configuration data not reside on the hard drive.

Thanks for all your help.

 

[SirDice]

Of course I don't need to know the exact details. But some hints would be nice.
I can't remember ever having to put 'sensitive' data into a config file. That's why I'm wondering what could be so important.

If the data is that important only encryption will help. Everything else is basically useless as a security measure.

 

[triumdh]

That's a good point.
I think the main concern is that someone takes the machine off site and slaves the hard drive then unencrypts the data.

 

[SirDice]

That's a good point.
I think the main concern is that someone takes the machine off site and slaves the hard drive then unencrypts the data.

If the encryption is good and you've chosen a proper password it will take several hundred years before they're able to read it

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html