Ask HN: Building a Linux Appliance. Ideas for config management and automation?
1 comments
Sounds like you have found some initial implementation problems that you have potential solutions for. The most important thing would be how secure is your appliance and how secure things are for when someone does get shell access.
Is all input validated and all output sanitized? Is the software continuously kept updated? Are you keeping up with regulations and security protocols required by the countries that your appliance is used in? Are you offering enterprise support contracts to pay for the added work of maintenance per customer?
Is all input validated and all output sanitized? Is the software continuously kept updated? Are you keeping up with regulations and security protocols required by the countries that your appliance is used in? Are you offering enterprise support contracts to pay for the added work of maintenance per customer?
Can I ask for a sanity check please?
I have built a Linux Appliance. It is delivered via CI/CD as an ISO or AMI, and autoinstalls with a simple guided menu-driven workflow and then does "security type stuff". It runs a few services on network traffic and sends results elsewhere. Consider it a "data collector" used for security investigation.
It's pretty dumb: It does one thing only. It's an appliance. The end-user has no access to the console or shell.
The menu system allows the end-user to change certain key parameters (interface related, ntp server etc), stop and start services and get stats on what's going on. All of this is done in bash - for example changing /etc/network/interfaces files and restarting internal services to change IP details.
However, the menu system is a bit of a mess. It's written in shell.
If you wanted to re-factor this, what would your approach be?
I would like to:
So:
This way I can use automation framework to do the difficult and fiddly parts of Linux configuration and only need to worry about the commands.
Does this make sense?