Mailinglist Archive: opensuse-security (297 mails)
| < Previous | Next > |
Re: [suse-security] SuSE webserver
- From: John Richard Moser <nigelenki@xxxxxxxxxxx>
- Date: Tue, 13 Jul 2004 15:51:14 -0400
- Message-id: <40F43D32.3070201@xxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't see the need for 7 partitions, if you use journaling.
For /tmp, use a tmpfs:
none on /tmp type tmpfs (rw,size=2G,nr_inodes=200k,mode=01777)
I use a 2G tmpfs with a 2G swap and 768M physical ram. I'm a gentoo
user, and even compile stuff on this (it helps by anywhere from 0-10%),
so it should be appropriate for your uses :)
This leaves:
/
/var
/home
/usr
/usr/local
/etc
I've never seen the /sbin/init.d thing, but I'm wary of separate /etc.
/usr and /usr/local I'd think could be the same; if you break the
system, you have to do a full reinstall anyway to rewrite the binaries,
even though you could keep your configuration.
I'm just being skeptic above, of course. :)
Tom Knight wrote:
|>-----Original Message-----
|>From: Flavius Porumb [mailto:flavius.porumb@xxxxxxxxxxxxx]
|>Sent: 13 July 2004 08:39
|>To: suse-security@xxxxxxxx
|>Subject: [suse-security] SuSE webserver
|>
|>hello,
|>
|>I found something that may interest some of you,
|>
|>good luck,
|>
|>flavius
|>
|> Security (Beginner): Secure Installation of Apache Web Server
|> Posted by hakimkt Tuesday, September 02, 2003 - 08:11 PM CEST
|
|
| Fantastic HOWTO, well done HakimKT (whoever you are), and thanks to
Flavius
| for posting it.
|
| So, what are the problems with this approach?
| I haven't seen anything absolutely terrible, but I'm no guru...
|
| * I wouldn't install any ftp server at all, as I just don't go for ftp and
| I'm lucky in that my users don't generally need it...
| * Portmap is installed by default (on SLES), so I remove it.
|
| Tom.
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA9D0xhDd4aOud5P8RAr4OAKCM2doyJC3+GpLOEpbiwNZGAPCnugCfUWmx
DPxG5mHJL2DyW9omvd2Hy6g=
=y9SW
-----END PGP SIGNATURE-----
Hash: SHA1
I don't see the need for 7 partitions, if you use journaling.
For /tmp, use a tmpfs:
none on /tmp type tmpfs (rw,size=2G,nr_inodes=200k,mode=01777)
I use a 2G tmpfs with a 2G swap and 768M physical ram. I'm a gentoo
user, and even compile stuff on this (it helps by anywhere from 0-10%),
so it should be appropriate for your uses :)
This leaves:
/
/var
/home
/usr
/usr/local
/etc
I've never seen the /sbin/init.d thing, but I'm wary of separate /etc.
/usr and /usr/local I'd think could be the same; if you break the
system, you have to do a full reinstall anyway to rewrite the binaries,
even though you could keep your configuration.
I'm just being skeptic above, of course. :)
Tom Knight wrote:
|>-----Original Message-----
|>From: Flavius Porumb [mailto:flavius.porumb@xxxxxxxxxxxxx]
|>Sent: 13 July 2004 08:39
|>To: suse-security@xxxxxxxx
|>Subject: [suse-security] SuSE webserver
|>
|>hello,
|>
|>I found something that may interest some of you,
|>
|>good luck,
|>
|>flavius
|>
|> Security (Beginner): Secure Installation of Apache Web Server
|> Posted by hakimkt Tuesday, September 02, 2003 - 08:11 PM CEST
|
|
| Fantastic HOWTO, well done HakimKT (whoever you are), and thanks to
Flavius
| for posting it.
|
| So, what are the problems with this approach?
| I haven't seen anything absolutely terrible, but I'm no guru...
|
| * I wouldn't install any ftp server at all, as I just don't go for ftp and
| I'm lucky in that my users don't generally need it...
| * Portmap is installed by default (on SLES), so I remove it.
|
| Tom.
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA9D0xhDd4aOud5P8RAr4OAKCM2doyJC3+GpLOEpbiwNZGAPCnugCfUWmx
DPxG5mHJL2DyW9omvd2Hy6g=
=y9SW
-----END PGP SIGNATURE-----
| < Previous | Next > |