[nycbug-talk] FreeBSD security document & tool. . .
Fri Feb 18 11:27:23 EST 2005
On Fri 2005.02.18 at 08:37 -0500, steverieger wrote:
> To be honest with you
> I have this exact issue with the fbsd folks (the developers not the users)
> On my other os, I always mount /usr as read only, and all my sql and apache
> stuff goes elswhere, but the default fbsd setup puts the apache rootdir in
> /usr/local/www and sometimes the /var slice is a bit small to handle all my
i'm not too familiar with where stuff goes in freebsd, but i like data
in /var - including www and mysql and pgsql...etc. but each data dir
gets its own slice if it is important to me.
> But for any decent sys admin I recommend to always mount /usr as
i've heard that statement many times before, but what exactly does
that give you? mounting /usr as nosuid? - what do you break? read-only
/usr for what reason? whoever gets root can easily do a re-mount.
not flaming, but curious to hear additional reasons that i've heard
before behind this ;)
> My .02C
> On 2/17/05 9:46 PM, "G. Rosamond" <george at sddi.net> wrote:
> > There's a great security document and tool available for a number of
> > OSs, including FreeBSD, at www.cisecurity.org
> > I'm going through the doc right now, which documents the tool's
> > procedures. . . some looks pretty basic (disabling anonymous ftp) but
> > some is very interesting (making sure no dot files are world
> > writeable).
> > Highly recommended.
> > I'm going to run on my FBSD 5.3 workstation now, and maybe tryout on a
> > less-than-mission-critical server tomorrow . . .
> > George
> > _______________________________________________
> > % NYC*BUG talk mailing list
> > http://lists.nycbug.org/mailman/listinfo/talk
> > %Be sure to check out our Jobs and NYCBUG-announce lists
> > %We meet the first Wednesday of the month
> % NYC*BUG talk mailing list
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
Okan Demirmen <okan at demirmen.com>
PGP-Fingerprint: 226D B4AE 78A9 7F4E CD2B 1B44 C281 AF18 B367 0934
More information about the talk