Thanks for the responses. I do have a firewall in place and the only
open port to the public is 25 which is qmail. I think I'll take your
considerations to heart and rebuild the box with its own /tmp
partition with noexec. I should have done that in the first place.
Thankfully it is not yet in prod
well, its ok to have /tmp on the same partition as /, as long as other
security measurements work, for example a tripwire setup and logging user
actions of any kind, also having an overview over the logs.
as long as these work, and you take care whats going on on the box, it does
not really mat
>
> I'm setting up a mail server at the momment, one of the things that I
> forgot to do was create /tmp as a separate partiton (/ = 2gb). There
> will be no user logins to the machine aside from admins and the only
> thing that it will run is qmail acting as a smarthost (vanilla qmail,
> no amav
Chad Morland wrote:
In your opinion is having /tmp on the same partition as / really THAT
bad in this case? I'm just wondering cause some people have mentioned
that its a major security risk. Really, I don't think it is for what
this box is doing.
It's obviously a much bigger security risk on a mu
I'm setting up a mail server at the momment, one of the things that I
forgot to do was create /tmp as a separate partiton (/ = 2gb). There
will be no user logins to the machine aside from admins and the only
thing that it will run is qmail acting as a smarthost (vanilla qmail,
no amavis or anythin
