securitybreach Posted October 17, 2010 Share Posted October 17, 2010 I just ran across this article from Archlinux's Rolling Release Ezine and I thought I would share it: The first question you have to ask yourself is: How paranoid are you?It is possible to tighten the security so much as to make your system unusable. The trick is to secure it without overdoing it.The first step actually already starts before you install the system. You should take a minute to consider your partition layout.Partition setupSeparate partitions for /var, /tmp, /home and any other user data you may have would be a good idea. Keeping /var and /tmp on separate partitions will make sure your system does not stop responding due to /var or /tmp filling up your root partition. Additionally the partitions should be mounted with the option NOEXEC (this ensures that the execute bit is disabled on any binary files on the partition) and NOSUID (this disables the SUID/SGID file-attribute on the partition).Please note that some programs may stop working when NOEXEC is used. If you should indeed need to run a program from a data partition, a workaround could be to use a script to remount the partition with the option EXEC. Then perform the desired task and then remount the partition with the option NOEXEC again.Please see following example:#!/bin/bashmount -o remount,exec /tmp/tmp/someprogrammount -o remount,noexec /tmp Data partitions should always be mounted with option NOEXEC and NOSUID, as there should never be the need for a program to run from such a partition. And especially not with root privileges!If you don’t plan to install any programs in your home folder, you can also set NOEXEC on the /home partition. NOSUID should always be set on /home.Please note that programs like crossover-office and eagle-cad, when installed directly from the downloaded run file, will install in the home directory. Setting the NOEXEC option on the partition would of course keep those programs from running.User setupAfter installation make a normal user for daily use. Don’t use the root user for daily use!Pick a secure password. I trust you know not to use a dictionary word or something like your dogs name.A password should be at least eight characters long. Contain a mix of upper and lower case letters. It should include at least one number and/or one special character.If you, like me, have a good memory for passwords then you can use a program like pwgen to create a bunch of passwords and print them on the screen. Then just pick one to use.Alternately you can make a password using the first characters from every word in a sentence.Take for instance “the girl is walking down the rainy street” could be translated to “t6!WdtR5”. This approach could make it easier to remember a password.......... http://rollingrelease.com/system/2010/10/securing-arch-linux Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.