[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Set up root partition as read only.

On Friday 14 April 2006 22:17, you wrote:
>To increase the security level of my OpenBSD system I have defined at
>/etc/fstab that the root partition should be read only.

That won't increase your security level much, but if you really want to 
make / read-only, there is more involved. (I recently did this on a 
machine with a flash drive instead of a standard hard drive in order to 
save wear on the flash.) To start with, read and understand /etc/rc and 
mfs(8). Convert /dev and /var to be on memory file systems (pay 
attention to -P in mfs(8)). Then edit /etc/rc and comment out the lines 
that mount /, /usr, and /var, and the lines that 
rewrite /etc/resolv.conf.

If you need more information than this, Google is your friend. I also 
have a more detailed HOWTO-style document that i wrote that i would be 
willing to share off-list, though you might learn more if you do your 
own research instead.

Dan Ramaley                            Dial Center 118, Drake University
Network Programmer/Analyst             2407 Carpenter Ave
+1 515 271-4540                        Des Moines IA 50311 USA