[TriLUG] Securing /etc/fstab
Marty Ferguson
marty.ferguson at pobox.com
Tue Dec 11 16:49:23 EST 2001
The Linux File System Standard says to mount /usr ro.
I agree with this philosopy.
Use "ro,defaults" for /usr in your fstab. If you need to administer,
then do this:
# mount -o remount -o rw /usr
do your stuff, and then lock it back down.
Probably same with boot, only mount r/w when
you want to update your kernel or modify your
boot options.
==============
On Tuesday 11 December 2001 16:15, you wrote:
> I'm still on my quest to secure my web server ( RH7.1 soon t/b 7.2 ).
> I've read in the security how-to, and other doc's, about changes I
> should make to my /etc/fstab file. My current version I would
> assume, is very much the default ( i've cut out the first column ):
>
> / ext2 defaults 1 1
> /boot ext2 defaults 1 2
> */home ext2 defaults,usrquota,grpquota,bsdgroups 1 2
> /mnt/cdrom iso9660 noauto,owner,ro 0 0
> /mnt/floppy auto noauto,owner 0 0
> */tmp ext2 defaults 1 2
> /usr ext2 defaults 1 2
> */var ext2 defaults 1 2
> /proc proc defaults 0 0
> /dev/pts devpts gid=5,mode=620 0 0
> swap swap defaults 0 0
>
> I was thinking of changing the '*' lines to something like this (
> according to what i've read )
>
> /home ext2 rw,user,usrquota,grpquota,bsdgroups 1 2
>
> /tmp ext2 rw,user 1 2
>
> /var ext2 rw,user 1 2
>
> Are there other changes I should make??
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
--
Marty Ferguson
mailto:marty.ferguson at pobox.com 919-544-9575
Red Hat Certified Engineer (RHCE #806199530900860)
More information about the TriLUG
mailing list