Knowledge Base    Contact Us
Search  
Knowledge Base
Knowledge Base .: Root Category .: Linux tips & security settings .: Making HDD partitions secure

Making HDD partitions secure

Partitioning

Base partitioning should look like 

	/
	/boot
	/usr
	/var
	/home

Next partitions /boot / /usr must be read-only. That allows to prevent many
problems like changes /etc and system binaries ( /usr, /sbin, /bin ).
Partition "/var" will be not-executable, "/home" won\'t allow to run suid
software.

Also lets add "noatime", "nodiratime" to reduce I/O.

so, as finall, our /etc/fstab will look like



/dev/sda7  /      ext3   ro,nodiratime,noatime,defaults 0 0
/dev/sda1  /boot  ext3   ro,defaults,      0 0 
/dev/sda6  /home  xfs    nosuid,nodev,async,noatime,nodiratime    1 2
/dev/sda3  /usr   xfs    ro,noatime,nodev,async 0 0 
/dev/sda2  /var   xfs    noatime,nosuid,nodev,noexec,async        1 2


To make /tmp writable, lets move that to /var and make symlink

	rm -rvf /var/tmp && mv /tmp /var/ && ln -s /var/tmp /tmp
Article 001
Created 7-24-2005
Author admin

How helpful was this article to you?

Related Articles

article Making Linux Kernel secure
article How can I get my own SSL certificate?

User Comments

Add Comment
No comments have been posted.


.: Powered by Lore 1.4.2