[Asterisk-Users] Linux Partitions (before asterisk install)

Michiel van Baak michiel at vanbaak.info
Sat Dec 17 16:40:51 MST 2005 

On 15:41, Sat 17 Dec 05, Andrew Kohlsmith wrote:
> On Saturday 17 December 2005 15:18, Michiel van Baak wrote:
> > I disagree here.
> > You have at least 1 user to remotaly login to the system to
> > do some work on it. Think config changes etc.
> > In case of unauthorized access (ppl stole your password or
> > whatever) you will be glad you have /home on a seperate
> > partition that is mounted noexec,nosuid,nodev
> 
> And I disagree with you.  :-)  My Asterisk installs are minimal.  Two 
> partitions, one for / and one for /var, with /tmp symlinked to /var/tmp.  I 
> have only two accounts log in, root and a script account, both using DSA 
> keys.  I imagine you could put /home in /var/home but really it's not that 
> critical for me.  If someone gains root or the script user access they can 
> cause a lot more damage than any rootkit.

true. No setup is secure. The only security is disconnecting
your system from the net ;)
> 
> > Even better would be to use LVM for /var partitions.
> > That way you can easily add extra space to it without the
> > hassle of moving around data.
> 
> I use LVM for everything but /.  :-)

Same here. drbd devices as low-level with lvm on top of it.

> 
> Good tips for general multiuser setups but I dunno; you can secure everything 
> out the wazoo and just end up with a local root exploit crashing through all 
> your security.  I prefer the minimal approach which doesn't let / fill up and 
> if someone manages to grab a password... well you're screwed anyway.  
> minimize the impact to other systems.  :-)

This is becoming a thread that totally looses track of the
OP question. Security is a complex issue and every
system/install needs it's own policy.
Like I said, I was just posting my own view on things.

-- 
Michiel van Baak
http://michiel.vanbaak.info
michiel at vanbaak.info
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7E0B9A2D

"Why is it drug addicts and computer afficionados are both called users?"

More information about the asterisk-users mailing list