Re: read-only file systems

From: James Puckett (gabriel_m_james@yahoo.com)
Date: 09/11/01 

Message-ID: <20010911061645.61452.qmail@web20703.mail.yahoo.com>
Date: Mon, 10 Sep 2001 23:16:45 -0700 (PDT)
From: James Puckett <gabriel_m_james@yahoo.com>
Subject: Re: read-only file systems
To: Kurt Seifried <bugtraq@seifried.org>, Heather Flanagan <HeathFla@reciprocal.com>, focus-sun@securityfocus.com

This person just wants to make /usr read only, not the
entire system. It can be done, is a common practice,
and is described in most UNIX security books.

--- Kurt Seifried <bugtraq@seifried.org> wrote:
> > I know /usr can be comfortably turned in to a
> read-only file system for
> > particularly hardened systems - or at least I
> can't think of any reason
> why
> > not. Can the same be done with / on Solaris 8?
>
> Sure. unless you need to change passwords. or have
> log files locally. or
> create tmp files or lock files. or maybe write to
> /etc/mtab (or whatever it
> is in solaris). I would reccomend something like
> argus pitbull rather then
> going through the insane hassle of trying to make /
> read only. plus once the
> attacker has root they can remount it.
>
> > -heather f.
>
>
> Kurt Seifried, kurt@seifried.org
> PGP Key ID: 0xAD56E574 Fingerprint:
> A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574
> http://www.seifried.org/
>
>

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com