On Saturday 17 December 2005 15:18, Michiel van Baak wrote: > I disagree here. > You have at least 1 user to remotaly login to the system to > do some work on it. Think config changes etc. > In case of unauthorized access (ppl stole your password or > whatever) you will be glad you have /home on a seperate > partition that is mounted noexec,nosuid,nodev
And I disagree with you. :-) My Asterisk installs are minimal. Two partitions, one for / and one for /var, with /tmp symlinked to /var/tmp. I have only two accounts log in, root and a script account, both using DSA keys. I imagine you could put /home in /var/home but really it's not that critical for me. If someone gains root or the script user access they can cause a lot more damage than any rootkit. > Even better would be to use LVM for /var partitions. > That way you can easily add extra space to it without the > hassle of moving around data. I use LVM for everything but /. :-) Good tips for general multiuser setups but I dunno; you can secure everything out the wazoo and just end up with a local root exploit crashing through all your security. I prefer the minimal approach which doesn't let / fill up and if someone manages to grab a password... well you're screwed anyway. minimize the impact to other systems. :-) -A. -A. _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
