Does such a system exist?

[Robert Brockway]

On Tue, 18 Aug 2009, S P Arif Sahari Wibowo wrote:

[Proposed serial console daisy chain snipped]

> Security just need to be setup in each machine to control who has access to 
> the serial port.

Remember anyone with root on the box can 0wn the serial port and therefore 
the console of the adjoining box.   They could easily brute force the root 
password or send Magic SysRq signals to the console.

> Never actually got around to implement it, though; but seems possible, what 
> do you think?

That approach does work from a technical POV.  You should only do it if 
all of the servers are in the same 'security domain' though.

An alternative is to designate a 'console server' which has the serial 
console of each box connected (a serial board is needed). You can 
selectively allow access to consoles based on account group membership on 
the console server.  You can afford to make the console server at least as 
secure as any box it is connected to.  Naturally root access to the 
console server is severely restricted.

Cheers,

Rob

-- 
I tried to change the world but they had a no-return policy
Projected IPv4 exhaustion: http://www.potaroo.net/tools/ipv4/index.html
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists