Good partitioning does a lot of good to your system's security as it greatly simplifies your admin duties in case of a system crash and data recovery. You can create various partitions, and have them set as read-only, nosuid or similar. By having a partition mounted as nosuid you can simply address the SUID issue, generally connected to buffer overflows and obtaining a root shell or some other possibile security compromising flaws. More about the SUID issue can be read here. If you plan to run an FTP server, setting that partition would save you a lot of trouble in the future, as it is in read-write mode, but no suid programs can be run from it. The same can be said for mounting a partition read-only, or ro. You can always alter these settings, wich are located in /etc/fstab, for any of your block devices. Of course, 'man fstab(5)' and 'man mount(8)' are your good friends to get a grip on all possible options when mounting a filesystem. /etc/fstab is human readable, so you'll easy get into it.
Generally speaking, putting linux, or any other OS on a single partition is a major administration no-no, and with any multiuser, multitasking os, is asking for trouble, sooner or later. So, whenever possible, create at least these partitions, with sizes of your choices:
- / - which needs little space, but will house all of your other directories if you do not create them as stand-alone partitions,so consider that also before creating it
- /usr - houses most of your software, so you might consider allocating a lot of space here,
- /home - is the starting point for all users on your system, so allocate space according to the number of users you plan to have
- /var - which is required for all the administrative logs, mail, usenet news and other.
You can always partition your system prior to the installation of any flavour of linux you have chosen, and most of the distributions come already equipped a partitioning tool. However, if you wish to do it yourself before installing linux, you can always do it with any fdisk, 'man fdisk(8)' or run fdisk and type 'm' for reviewing the list of all commands. Of course, there are other tools for partitioning, such as Disk Druid that comes with Red Hat, or Parted, a tool from the GNU foundation that you can find it here.
Relying solely on decent passwords is not a good security measure, but using good passwords reduces the risks of a security breach. So, use password generation utilities, and most of all, educate your users about the significance of good passwords. Sadly, the best passwords are the ones you'll hardly ever remeber right, so it's always a trade-off between security and usability. Usually, this means horrible passwords, written on paper.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.