View Single Post
  #4   (View Single Post)  
Old 12th January 2009
Mantazz Mantazz is offline
Shell Scout
 
Join Date: Oct 2008
Posts: 90
Default

Quote:
Originally Posted by Oko View Post
It is VERY important of course. Lots of security measures can not be implemented
when you have only single partition /.

On OpenBSD I have at least / , /swap, /tmp, /var, /usr, /home .
Swap is 2xRAM and is crypted by default on OpenBSD, /tmp and /var are mounted with noexec options. / is mounted with read only option.
You probably want to put at least 3xswap for var in the case of the core damp.
The size of /var, /usr, /home depends on purpose. If you are running mail serer
obviously /var would have to be very big. If you are running file server at a
university /home it will have to be big.

If you are running something as chrooted I would put it on the separate partition.
On OpenBSD if I install Linux applications they their partition is mounted separately.

So on and so forth.
I neglected to mention the swap partition - really it is so ingrained in me (at 2x ram) that I even do it in windows.

The security advantages of partitioning I guess I had forgotten as well. Although my poor little web server really does so little serving (and has so little to serve) that I think I can survive with it setup as it is (currently just partitions for /, /usr, /var, and swap)?
Reply With Quote