Find the answer to your Linux question:
Page 3 of 3 FirstFirst 1 2 3
Results 21 to 23 of 23
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #21

    In case it's not already clear enough: I have nothing to complain about your fstab except what I've posted: I'd rather use labels instead of UUIDs (and again, I wrote labels, not device names!) and I'd be careful with the mount options. Giving all partitions nosuid, nosgid and noexec cross-the-board is as useless as granting all of them execution and SUID/SGID rights when they don't need them. Always think of what you're doing. Is it worth it, restricting access here or is it not? Does it do more harm than good or not? Those are the questions you have to ask yourself all the time. I don't know what your configuration is actually good for. It's as if you were asking me whether you should use benzine or diesel for your car. The only thing I could reply is: it depends on which engine your car has.
    Furthermore I pointed out that your system does not only consist of your /etc/fstab and that you rather need a solid security concept than a few guidelines and tools. I also didn't say that you haven't educated yourself. Maybe I should've written "Keep on educating yourself". I gave you some rules of thumb (see beginning of this posting and all my other postings within this thread), that's all I can do. No reliable security expert would give you advice further than this. The universal answer is "it depends". There is no one solution, there is no one "Securing your system in 21 days" or "The absolute guide to software security for Dummies". Security means hard work.
    I'm not Mr. know-it-all, who just wants to annoy you with some useless maybes and it-depends. I just point out that nobody can answer your question seriously. You don't have to accept that but then please don't expect any expert to give you a universal answer.
    Refining Linux Advent calendar: “24 Outstanding ZSH Gems

  2. #22
    Just Joined!
    Join Date
    Aug 2010
    Amsterdam, The Netherlands
    The kernel and filesystem order doesn't change when you have Ubuntu (desktop) or Debian (server). The security demands also don't change very much, in /usr you have your applications, in /var your logs, etc. You don't need every permission in the book for every partition. It's all the same with all types of roles. So that's why I didn't gave an entire scenario to clarify my goals

    Thank you for your technical advice!

  3. #23
    Just because the server edition of a distribution is almost the same as the desktop edition that doesn't mean that the security demands are the same. Of course also Ubuntu server Edition is still UNIX, Linux and Ubuntu. However, the security demands are completely different or let's say they differ in many aspects. On desktop systems you'd make sure nobody can access your system from outside. However, on servers you actually want people to access but of course you don't want that they can compromise it either.

    in /usr you have your applications, in /var your logs, etc
    Just a short technical note: that's not 100% correct. Actually in /usr you have your "UNIX System Resources" (as the name suggests) which is static shareable data whereas in /var you have your "variable" data, which is dynamic unshareable data. In fact you have your logs in /var/log because they are dynamic and unshareable. Your applications are in /usr/bin and your admin tools in /usr/sbin because they are more or less static and shareable. But you also have executables, which are crucial for the Linux system to work, in /bin and /sbin.
    Refining Linux Advent calendar: “24 Outstanding ZSH Gems

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts