HPE Community
Operating System - HP-UX
1752808 Members
5983 Online
108789 Solutions
New Discussion юеВ

Re: Security implementation on /etc/fstab

 
Spark_2
Frequent Advisor

тАО09-29-2009 03:22 AM

тАО09-29-2009 03:22 AM

Security implementation on /etc/fstab

In course of hardening my hp-ux box, what all can be done in /etc/fstab. Like modifying permissions etc

What all filesystems may need it
0 Kudos
Reply
8 REPLIES 8
Duncan Edmonstone
HPE Pro

тАО09-29-2009 03:38 AM

тАО09-29-2009 03:38 AM

Re: Security implementation on /etc/fstab

again a completely pointless exercise as even if I set permissions on /etc/fstab to 600, a non priviliged user can still exceute bdf, df and "/sbin/mount -p" to see what filesystems are mounted.

Your client is wasting his time with these sort of unconsidered security measures...

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО09-29-2009 03:40 AM

тАО09-29-2009 03:40 AM

Re: Security implementation on /etc/fstab

Hi:

Yes, I wonder...is this security by obscurity?

The standard permission are -rw-r--r-- with root ownership. What's the problem with being able to see what's mounted? If that's an issue, you have far deeper problems in my opinion.

Regards!

...JRF...
0 Kudos
Reply
Spark_2
Frequent Advisor

тАО09-29-2009 03:41 AM

тАО09-29-2009 03:41 AM

Re: Security implementation on /etc/fstab

:-)...well is client is God

its like he wants to control the permissions of mounted fs like:

/dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec, 1 2
/dev/hda9 /home ext2 rw,nosuid,nodev 1 2

My question is what all fs should be controlled and what should be the permissions
0 Kudos
Reply
TTr
Honored Contributor

тАО09-29-2009 03:45 AM

тАО09-29-2009 03:45 AM

Re: Security implementation on /etc/fstab

Any user can type "mount" or "bdf" or "df" and get the mounted filesystems.

There is nothing special in /etc/fstab. It is volumes and filesystems and everybody knows and expects that. What kind of server is this, how many end users are on and what are you protecting yourself from?
0 Kudos
Reply
Spark_2
Frequent Advisor

тАО09-29-2009 03:49 AM

тАО09-29-2009 03:49 AM

Re: Security implementation on /etc/fstab

I want to set the best security on the filesystem permissions. Like

/dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec, 1 2
/dev/hda9 /home ext2 rw,nosuid,nodev 1 2


What all filesystems should be controlled and with what permissions please
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО09-29-2009 03:58 AM

тАО09-29-2009 03:58 AM

Re: Security implementation on /etc/fstab

Hi (again):

> /dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec, 1 2

This looks like a snippet from an AIX box, not HP-UX.

That said, I would mark non-OS filesystems as 'nosuid' if you want to increase your security. If I am correct, and this is AIX, I suggest you read those manpages and decide what additional protection those options might offer.

Regards!

...JRF...
0 Kudos
Reply
Spark_2
Frequent Advisor

тАО09-29-2009 04:15 AM

тАО09-29-2009 04:15 AM

Re: Security implementation on /etc/fstab

ok...for an HPUX box...what all filesystems should be controlled and how
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО09-29-2009 04:18 AM

тАО09-29-2009 04:18 AM

Re: Security implementation on /etc/fstab

Hi (again):

> ok...for an HPUX box...what all filesystems should be controlled and how

I answered that in my response above when I pointed out the some of your mount options were appropriate to AIX servers. Read my response again.

...JRF...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.