[nycbug-talk] FreeBSD security document & tool. . .
Tillman Hodgson
tillman
Fri Feb 18 12:28:38 EST 2005
On Fri, Feb 18, 2005 at 08:37:14AM -0500, steverieger wrote:
> To be honest with you
>
> I have this exact issue with the fbsd folks (the developers not the users)
>
> On my other os, I always mount /usr as read only, and all my sql and apache
> stuff goes elswhere, but the default fbsd setup puts the apache rootdir in
> /usr/local/www and sometimes the /var slice is a bit small to handle all my
> databases.
>
> But for any decent sys admin I recommend to always mount /usr as
> ro,nosuid,logging
I usually do mount /usr with restricted rights on boxes where the
ability to upgrade quickly isn't a concern (the security tradeoff for
thsi practice). But I also have /usr/local as a seperate partition (as
well as /usr/ports, /usr/obj and /usr/src -- those are usually remote
filesystems in my case anyway).
-T
--
There should be a science of discontent. People need hard times and oppression
to develop psychic muscles.
- from "Collected Sayings of Muad'Dib" by the Princess Irulan
More information about the talk
mailing list