[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE webserver



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't see the need for 7 partitions, if you use journaling.

For /tmp, use a tmpfs:

none on /tmp type tmpfs (rw,size=2G,nr_inodes=200k,mode=01777)

I use a 2G tmpfs with a 2G swap and 768M physical ram.  I'm a gentoo
user, and even compile stuff on this (it helps by anywhere from 0-10%),
so it should be appropriate for your uses :)

This leaves:

/
/var
/home
/usr
/usr/local
/etc

I've never seen the /sbin/init.d thing, but I'm wary of separate /etc.

/usr and /usr/local I'd think could be the same; if you break the
system, you have to do a full reinstall anyway to rewrite the binaries,
even though you could keep your configuration.

I'm just being skeptic above, of course.  :)

Tom Knight wrote:
|>-----Original Message-----
|>From: Flavius Porumb [mailto:flavius.porumb@xxxxxxxxxxxxx]
|>Sent: 13 July 2004 08:39
|>To: suse-security@xxxxxxxx
|>Subject: [suse-security] SuSE webserver
|>
|>hello,
|>
|>I found something that may interest some of you,
|>
|>good luck,
|>
|>flavius
|>
|>      Security (Beginner): Secure Installation of Apache Web Server
|>      Posted by hakimkt Tuesday, September 02, 2003 - 08:11 PM CEST
|
|
| Fantastic HOWTO, well done HakimKT (whoever you are), and thanks to
Flavius
| for posting it.
|
| So, what are the problems with this approach?
| I haven't seen anything absolutely terrible, but I'm no guru...
|
| * I wouldn't install any ftp server at all, as I just don't go for ftp and
| I'm lucky in that my users don't generally need it...
| * Portmap is installed by default (on SLES), so I remove it.
|
| Tom.
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA9D0xhDd4aOud5P8RAr4OAKCM2doyJC3+GpLOEpbiwNZGAPCnugCfUWmx
DPxG5mHJL2DyW9omvd2Hy6g=
=y9SW
-----END PGP SIGNATURE-----

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here