[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Set up root partition as read only.

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: Set up root partition as read only.
From: "Daniel A. Ramaley" <daniel_(_dot_)_ramaley_(_at_)_DRAKE_(_dot_)_EDU>
Date: Wed, 19 Apr 2006 16:00:11 -0500

On Friday 14 April 2006 22:17, you wrote:
>To increase the security level of my OpenBSD system I have defined at
>/etc/fstab that the root partition should be read only.

That won't increase your security level much, but if you really want to 
make / read-only, there is more involved. (I recently did this on a 
machine with a flash drive instead of a standard hard drive in order to 
save wear on the flash.) To start with, read and understand /etc/rc and 
mfs(8). Convert /dev and /var to be on memory file systems (pay 
attention to -P in mfs(8)). Then edit /etc/rc and comment out the lines 
that mount /, /usr, and /var, and the lines that 
rewrite /etc/resolv.conf.

If you need more information than this, Google is your friend. I also 
have a more detailed HOWTO-style document that i wrote that i would be 
willing to share off-list, though you might learn more if you do your 
own research instead.

------------------------------------------------------------------------
Dan Ramaley                            Dial Center 118, Drake University
Network Programmer/Analyst             2407 Carpenter Ave
+1 515 271-4540                        Des Moines IA 50311 USA

Prev by Date: Soekris running squil? Openbsd laptop
Next by Date: Re: install sets as packages
Previous by thread: Re: Soekris running squil? Openbsd laptop
Next by thread: Re: install sets as packages
Index(es):
- Date
- Thread

Visit your host, monkey.org