Re: switching from linux to freebsd
- From: Freminlins <freminlins@xxxxxxxxx>
- Date: Tue, 1 Aug 2006 20:04:08 +0100
On 01/08/06, Erik Nørgaard <norgaard@xxxxxxxxxxxx> wrote:
If you configure your server using LDAP or NIS for user management then
you only need to mount the root file system rw when updating the base
system or changing root password. Add the MAC and you will likely be
able to protect further against the attack you mention.
Or when you want to patch or install other software, unless you put
/usr/local on its own partition. And put /usr/ports somewhere else. And
don't tinker with anything in /etc/mail. I think we're just going to
disagree on this.
I have never yet seen a situation where mounting the OS disk ro proved to be
useful. I have seen it hinder perfectly normal sysadmin work.
I have seen one instance in 10 years where it would have stopped a silly
mistake (someone moved libc on Solaris). But as that person was doing
something they were supposed to be doing and just made a mistake, they would
have made the same mistake after mounting the disk rw if it had been mounted
ro.
Cheers, Erik
Cheers,
Frem.
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- switching from linux to freebsd
- From: Tyler Spivey
- Re: switching from linux to freebsd
- From: Erik Norgaard
- Re: switching from linux to freebsd
- From: Freminlins
- Re: switching from linux to freebsd
- From: Erik Nørgaard
- Re: switching from linux to freebsd
- From: Freminlins
- Re: switching from linux to freebsd
- From: Erik Nørgaard
- switching from linux to freebsd
- Prev by Date: Reducing the timeout on a TCP connection
- Next by Date: Re: Reducing the timeout on a TCP connection
- Previous by thread: Re: switching from linux to freebsd
- Next by thread: Safe card to replace for ICP Vortex GDT8514RZ ...
- Index(es):
Relevant Pages
|
|
