[svlug] Security question: read-only drive
dagmar at dsurreal.org
Tue Feb 6 05:01:01 PST 2001
On Mon, 5 Feb 2001, Aaron Lehmann wrote:
> On Tue, Feb 06, 2001 at 03:29:10AM +0000, Drew Bertola wrote:
> > Does anyone have experience with this? What would my directory layout
> > be? I know I have to put /etc on the root partition, and /etc has to
> > be writable (to accomodate mtab, ssh_random_seed, etc.), so what would
> > I want to put on the read-only disk?
> Preferably, nothing. I was considering a read only /usr until I
> realized how difficult that would make installing security fixes, or
> other updates. Ironically, you're probably more secure with a
> read-write /usr.
You *should* have /usr read-only, or stick everything important to your
integrity checker *elsewhere*. Prepare to see unhappy things when you
start turning ldd loose on your current core system binaries.
More information about the svlug