Here we go again. I decided to write another article concerning some overall security aspects of installing and running linux. To keep it short and simple, here are some good pointers to enhancing your system's security. But remember, there's no absolute security, so keep your eyes open, subscribe yourself to a few good mailing lists, and keep your software up-to-date.

Partitioning

Good partitioning does a lot of good to your system's security as it greatly simplifies your admin duties in case of a system crash and data recovery. You can create various partitions, and have them set as read-only, nosuid or similar. By having a partition mounted as nosuid you can simply address the SUID issue, generally connected to buffer overflows and obtaining a root shell or some other possibile security compromising flaws. More about the SUID issue can be read here. If you plan to run an FTP server, setting that partition would save you a lot of trouble in the future, as it is in read-write mode, but no suid programs can be run from it. The same can be said for mounting a partition read-only, or ro. You can always alter these settings, wich are located in /etc/fstab, for any of your block devices. Of course, 'man fstab(5)' and 'man mount(8)' are your good friends to get a grip on all possible options when mounting a filesystem. /etc/fstab is human readable, so you'll easy get into it.


Generally speaking, putting linux, or any other OS on a single partition is a major administration no-no, and with any multiuser, multitasking os, is asking for trouble, sooner or later. So, whenever possible, create at least these partitions, with sizes of your choices:

• / - which needs little space, but will house all of your other directories if you do not create them as stand-alone partitions,so consider that also before creating it


• /usr - houses most of your software, so you might consider allocating a lot of space here,


• /home - is the starting point for all users on your system, so allocate space according to the number of users you plan to have


• /var - which is required for all the administrative logs, mail, usenet news and other.

From a security point, a good thing would be to consider at least having a separate / and a /home partition. This way you can restrict access to some partitions, can easily repair damaged filesystem and keep the system running and so on. It even might be good to keep your temporary data and logs on a separate, RAM partition. That way, no information about your system and all events that took place can be traced, because all the information on the RAM disk is lost when the system is rebooted or shut down. But, you also might consider taring the files before shutting down, and copy them elswhere for later safe reading, if neccessary. It's up to you.