Hi: i'm doing custom system creation using Gentoo 2007.0 optimized for Intel P4 (non-HT) based hardware.
There seem to be a requirements for similar entries in /etc/fstab and /etc/mtab Please see the following entries. [/etc/fstab] /dev/hda2 /boot ext3 defaults,noatime 1 2 /dev/hda3 none swap sw 0 0 /dev/hda4 / ext3 noatime 0 1 proc /proc proc defaults 0 0 sysfs /sys sysfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 shm /dev/shm tmpfs nodev,nosuid,noexec 0 0 and [/etc/mtab] /dev/hda4 / ext3 rw,noatime 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 udev /dev tmpfs rw,nosuid 0 0 devpts /dev/pts devpts rw,gid=5,mode=620 0 0 /dev/hda2 /boot ext3 rw,noatime 0 0 shm /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0 usbfs /proc/bus/usb usbfs rw,noexec,nosuid,devmode=0664,devgid=85 0 0 Here are few queries: 1. are proc, sysfs, devpts entries optional in /etc/fstab ? 2. 'shm' entry seems to be required for POSIX shared memory but i don't seem to find on an OpenSuSe 10.2 box ! 3. shm has a 'nosuid' flag. what does that mean ? programs accessing the shared memory created by another process would need setuid, or am i missing something here ? 4. If you were a administrator on a machine, with the above entries, what further optimization would you do from a security perspective ? (except selinux, what other assurance steps would you take ?) Thanks in advance. thanks Saifi.
