yes, a tape system is partly a security measure, logs are stored offline (and hopefully offsite) as are data. UPS and ECC are uptime features not security IMHO.
Is /usr ro, useful? for a web server or firewall that rarely changes its OS files and is at more of a risk then yes it probably is worth the effort, otherwise probably not. My reasoning is security enhancements are often incremental and that small hurdle may just be enough to defeat a script kiddie or an automated worm. regards Steven -----Original Message----- From: Russell Coker [mailto:[EMAIL PROTECTED] Sent: Friday, 17 October 2003 4:14 PM To: Bernd Eckenfels; debian-security@lists.debian.org Subject: Re: How efficient is mounting /usr ro? On Fri, 17 Oct 2003 07:08, Bernd Eckenfels wrote: > In article <[EMAIL PROTECTED]> you wrote: > > A read-only /usr is not a security measure. > > Depends on your definition og it-security. It reduces downtime, prevents > some admin and software failures and therefore is a security measure. So is a tape backup a security measure? What about a UPS? Is ECC memory a security measure? I guess it's a security measure to buy rack mount servers from companies such as Dell rather than assembling your own white-box machines then. :-# Security is about protection from unauthorised access and keeping the system running in the face of attack. A read-only /usr does not help this in the regular case as anyone who has permissions to modify files under /usr also has permissions to remount it read-write. Any measure you take to prevent remounting /usr will probably also prevent file writes as well, so having it mounted read-only gains little. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
