[Asterisk-Users] Linux Partitions (before asterisk install)
Andrew Kohlsmith
akohlsmith-asterisk at benshaw.com
Sat Dec 17 13:41:15 MST 2005
On Saturday 17 December 2005 15:18, Michiel van Baak wrote:
> I disagree here.
> You have at least 1 user to remotaly login to the system to
> do some work on it. Think config changes etc.
> In case of unauthorized access (ppl stole your password or
> whatever) you will be glad you have /home on a seperate
> partition that is mounted noexec,nosuid,nodev
And I disagree with you. :-) My Asterisk installs are minimal. Two
partitions, one for / and one for /var, with /tmp symlinked to /var/tmp. I
have only two accounts log in, root and a script account, both using DSA
keys. I imagine you could put /home in /var/home but really it's not that
critical for me. If someone gains root or the script user access they can
cause a lot more damage than any rootkit.
> Even better would be to use LVM for /var partitions.
> That way you can easily add extra space to it without the
> hassle of moving around data.
I use LVM for everything but /. :-)
Good tips for general multiuser setups but I dunno; you can secure everything
out the wazoo and just end up with a local root exploit crashing through all
your security. I prefer the minimal approach which doesn't let / fill up and
if someone manages to grab a password... well you're screwed anyway.
minimize the impact to other systems. :-)
-A.
-A.
More information about the asterisk-users
mailing list