Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
Re: [suse-security] root fs read-only
  • From: "BrŠulio Gergull" <webmaster@xxxxxxxxxxxxxx>
  • Date: Tue, 18 Jul 2000 18:47:20 -0300
  • Message-id: <01b701bff101$cb155f20$0200a8c0@xxxxxxxxxxxxxx>
> I found, that I could use symlinks for that directories, I had
> such a config on a server running without problems. Sometimes
> /var has it's own partition, and so /tmp. Another way seems to
> put symlinks /tmp and /var pointing to a "own" (r/w of course)
> partition, which at least decreases problems at system crashes,
> what do you think?

Certainly it is also a solution. In fact for production servers I always
split the system into various filesystems, not only for security reasons,
but also for integrity.

It's a good idea to _always_ put at least the following directories on their
own filesystem:

/boot
/home
/var
/tmp
/usr
/opt

This way you can still bring your machine up if you have a corrupted
filesystem.

Also consider using LIDS, as Kurt already sugested.

Regards,
Br√°ulio Gergull


< Previous Next >