"Bernhard R. Link" <[EMAIL PROTECTED]> writes: > * Tarjei Huse <[EMAIL PROTECTED]> [031009 10:55]: >> The Securing Debian manual suggest one should set the /usr partition to >> ro and use remount when you install new programs. >> I was just wondering how much security one gains with this. > > I do not think one gets much security out of it. I think the most > security one gets by this is that this way /usr has no chance to > go corrupt when de power supply fails and less possible corruption > make it less propable that a corruption helping an attacker accours.
I agree. If you are looking for this kind of security, your best bet is to set the immutable bit on all of your system files. That will ensure that only a reboot in single user mode will allow these files to be changed. (Make sure you set immutable the system boot scripts as well) -- Ted Cabeen Sr. Systems/Network Administrator Impulse Internet Services -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
