Posted by: Anonymous Coward
on February 27, 2007 12:15 AM
The first part of Linux security is to not use a single partition setup as MS has taught everyone. The reason for this is simple; it provides improved protection because you can then set sane permissions that enhance the basic Linux security.
For example, I always create seperate partitions for /<nobr> <wbr></nobr>/usr<nobr> <wbr></nobr>/tmp<nobr> <wbr></nobr>/var<nobr> <wbr></nobr>/home and<nobr> <wbr></nobr>/boot and set permissions correctly. EG<nobr> <wbr></nobr>/tmp<nobr> <wbr></nobr>/home get the noexec flag set and that blocks 90+% of the script kiddies from doing anything and on a production system I normally set<nobr> <wbr></nobr>/usr to read-only as the only time I allow anything to be installed-upgraded is when it's scheduled.
Of course when I'm suggesting to someone that they should look at Linux, I also provide a simple checklist and basic partitioning schema list for them to look at and yes it really doesn't take much time to create such a checklist with the partitioning schema while keeping it distro agnostic. Sheesh, I keep a few copies on hand in my various class notebooks for those times I'm asked about my OS choice.
Learn about Linux
Download Linux
Get Linux help
Re:Yet!
Posted by: Anonymous Coward on February 27, 2007 12:15 AMFor example, I always create seperate partitions for /<nobr> <wbr></nobr>/usr<nobr> <wbr></nobr>/tmp<nobr> <wbr></nobr>/var<nobr> <wbr></nobr>/home and<nobr> <wbr></nobr>/boot and set permissions correctly. EG<nobr> <wbr></nobr>/tmp<nobr> <wbr></nobr>/home get the noexec flag set and that blocks 90+% of the script kiddies from doing anything and on a production system I normally set<nobr> <wbr></nobr>/usr to read-only as the only time I allow anything to be installed-upgraded is when it's scheduled.
Of course when I'm suggesting to someone that they should look at Linux, I also provide a simple checklist and basic partitioning schema list for them to look at and yes it really doesn't take much time to create such a checklist with the partitioning schema while keeping it distro agnostic. Sheesh, I keep a few copies on hand in my various class notebooks for those times I'm asked about my OS choice.
#