Results 21 to 23 of 23
In case it's not already clear enough: I have nothing to complain about your fstab except what I've posted: I'd rather use labels instead of UUIDs (and again, I wrote ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-05-2010 #21
In case it's not already clear enough: I have nothing to complain about your fstab except what I've posted: I'd rather use labels instead of UUIDs (and again, I wrote labels, not device names!) and I'd be careful with the mount options. Giving all partitions nosuid, nosgid and noexec cross-the-board is as useless as granting all of them execution and SUID/SGID rights when they don't need them. Always think of what you're doing. Is it worth it, restricting access here or is it not? Does it do more harm than good or not? Those are the questions you have to ask yourself all the time. I don't know what your configuration is actually good for. It's as if you were asking me whether you should use benzine or diesel for your car. The only thing I could reply is: it depends on which engine your car has.
Furthermore I pointed out that your system does not only consist of your /etc/fstab and that you rather need a solid security concept than a few guidelines and tools. I also didn't say that you haven't educated yourself. Maybe I should've written "Keep on educating yourself". I gave you some rules of thumb (see beginning of this posting and all my other postings within this thread), that's all I can do. No reliable security expert would give you advice further than this. The universal answer is "it depends". There is no one solution, there is no one "Securing your system in 21 days" or "The absolute guide to software security for Dummies". Security means hard work.
I'm not Mr. know-it-all, who just wants to annoy you with some useless maybes and it-depends. I just point out that nobody can answer your question seriously. You don't have to accept that but then please don't expect any expert to give you a universal answer.
- 12-05-2010 #22
- Join Date
- Aug 2010
- Amsterdam, The Netherlands
The kernel and filesystem order doesn't change when you have Ubuntu (desktop) or Debian (server). The security demands also don't change very much, in /usr you have your applications, in /var your logs, etc. You don't need every permission in the book for every partition. It's all the same with all types of roles. So that's why I didn't gave an entire scenario to clarify my goals
Thank you for your technical advice!
- 12-05-2010 #23
Just because the server edition of a distribution is almost the same as the desktop edition that doesn't mean that the security demands are the same. Of course also Ubuntu server Edition is still UNIX, Linux and Ubuntu. However, the security demands are completely different or let's say they differ in many aspects. On desktop systems you'd make sure nobody can access your system from outside. However, on servers you actually want people to access but of course you don't want that they can compromise it either.
in /usr you have your applications, in /var your logs, etc