Results 1 to 1 of 1
I'm a relative noob to Linux, and having managed to install Linux and get things pretty much set up how I want, I've decided to now focus on security. My ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 05-31-2005 #1
- Join Date
- Feb 2005
- Wellington, New Zealand
What partition permissions should I set?
My PC is a pentium 3 800MHz running slackware 10.0 (I ran some older Redhat distros first, then jumped in the deep end!). It is mostly (actually make that entirely) used for internet browsing. I don't really have much that needs protecting, just the basic install and various peices of rubbish I've downloaded, but I'd like to have a go at "hardening" my computer mainly for educational reasons (I'm looking towards a career in IT) and just out of interest. I've uninstalled Apache and Samba since I won't use them, and have been researching iptables in order to set up a firewall, but the thing I first figured I'd have a go at is setting some permissions for my partitions. Here is my /etc/fstab..
/dev/hda2 swap swap defaults 0 0
/dev/hda6 / reiserfs defaults 1 1
/dev/hda1 /boot ext2 defaults 1 2
/dev/hda5 /var reiserfs defaults 1 2
/dev/hda7 /usr reiserfs defaults 1 2
/dev/hda8 /home reiserfs defaults 0 2
/dev/cdrom /mnt/cdrom iso9660 noauto,owner,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
proc /proc proc defaults 0 0
and here are some sizes..
as you can see, I put /boot, /var, /usr and /home on seperate partitions. I also made the following soft links..
/opt -> /usr/opt
/tmp -> /var/tmp
..after seeing this done elsewhere. It seemed to make sense - /opt is similar to /usr and would be better off there than on the root partition? /tmp is variable data like /var and should be better off there than on the root partition?
The plan was to install LVM so I can later change partion sizes around easily.
Now I have a few questions..
1. I wanted use partitions for security reasons (so I could set them nosuid, noexec, etc) and also tried to make my partitions in an order that would give the best performance with regard to HD access. Does my current partition scheme look like a good one with regard to security and did I place the partitions in the best order with regard to performance?
2. Was it a good idea to link /tmp to /usr/tmp and /opt to /usr/opt? Would this increase security?
3. Most importantly, what options can I put in my /etc/fstab to increase security? I'm talking about settings like nosuid, nosgid, noexec, nodev, ro, etc. I roughly know what each of them does, but after hours of research on the internet, I still have not found any resources explaining which partitions can afford to be mounted with these settings or how to work this out. I have had a go at it, but then "startx" wouldn't work lucky I learned how to use VIM
Any advice would be greatly appreciated
PS: sorry for the long post