[svlug] Security question: read-only drive

Dagmar d'Surreal dagmar at dsurreal.org
Tue Feb 6 05:01:01 PST 2001

Previous message: [svlug] Security question: read-only drive
Next message: [svlug] Security question: read-only drive
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 5 Feb 2001, Aaron Lehmann wrote:

> On Tue, Feb 06, 2001 at 03:29:10AM +0000, Drew Bertola wrote:
> > Does anyone have experience with this?  What would my directory layout
> > be?  I know I have to put /etc on the root partition, and /etc has to
> > be writable (to accomodate mtab, ssh_random_seed, etc.), so what would
> > I want to put on the read-only disk?
> 
> Preferably, nothing. I was considering a read only /usr until I
> realized how difficult that would make installing security fixes, or
> other updates. Ironically, you're probably more secure with a
> read-write /usr.

You *should* have /usr read-only, or stick everything important to your
integrity checker *elsewhere*.  Prepare to see unhappy things when you
start turning ldd loose on your current core system binaries.

Previous message: [svlug] Security question: read-only drive
Next message: [svlug] Security question: read-only drive
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list