Better host security was Re: Several Different kernel related (?) problems
Stephen J Smoogen
smoogen at lanl.gov
Tue Aug 17 13:39:56 UTC 2004
Hans Kristian Rosbach wrote:
>>On public servers, I now put
>>/tmp
>>/var/tmp
>>
>>as seperate partitions with noexec,nosuid on them. We may also put nodev
>>on them but I am not sure if that broke things or not. Each are limited
>>to 100->500 megs in size. We were looking at a script that did an hourly
>>cleanup of files that were in it so that nothing stayed too long, but I
>>think we dropped that in case we needed to keep an audit trail.
>
>
> nosuid, good idea
> nodev? What does that do, positive/negative?
>
For certain kinds of attacks/machines a /tmp/kmem that is the /dev/kmem
device and crw-rw-rw is very bad. Not allowing it to be used can fix
that. I cant rememeber what the problem was though..
--
Stephen John Smoogen smoogen at lanl.gov
Los Alamos National Lab CCN-5 Sched 5/40 PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545
More information about the fedora-devel-list
mailing list