By creating different partitions, data can be separated and grouped. When an unexpected accident occurs, only data on that partition will be damaged, while the data on other partitions will survive.
During the initial installation, mount filesystems with user-writeable directories, such as the following, on separate partitions:
Apache and FTP server root directories should also be mounted on separate partitions.
To limit user access to filesystems, add the mount options from the following table to the filesystems configuration in /etc/fstab . The defaults option is equal to rw,suid,dev,exec,auto,nouser,async.
Modify the /boot directory to be read only (ro). This reduces the risk of unauthorized modification of critical boot files.
For example, to modify the /etc/fstab entry to limit user access on /dev/sda5 (ftp server root directory):
Find the line that reads:
And change it to:
During the initial installation, mount filesystems with user-writeable directories, such as the following, on separate partitions:
- /usr
- /home
- /var
- /var/tmp
- /tmp
Apache and FTP server root directories should also be mounted on separate partitions.
To limit user access to filesystems, add the mount options from the following table to the filesystems configuration in /etc/fstab . The defaults option is equal to rw,suid,dev,exec,auto,nouser,async.
| Option | Description |
|---|---|
| noexec | Prevents the execution of binaries (although scripts will not be prevented from running). |
| nosuid | Prevents the setuid bit from having an effect. |
| nodev | Prevents the use of device files. |
Modify the /boot directory to be read only (ro). This reduces the risk of unauthorized modification of critical boot files.
For example, to modify the /etc/fstab entry to limit user access on /dev/sda5 (ftp server root directory):
Find the line that reads:
/dev/sda5 /ftpdata ext3 defaults 1 2And change it to:
/dev/sda5 /ftpdata ext3 defaults,nosuid,nodev,noexec 1 2
No comments :
Post a Comment