HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Security implementation on /etc/fstab

 
Spark_2
Frequent Advisor

Security implementation on /etc/fstab

In course of hardening my hp-ux box, what all can be done in /etc/fstab. Like modifying permissions etc

What all filesystems may need it
8 REPLIES

Re: Security implementation on /etc/fstab

again a completely pointless exercise as even if I set permissions on /etc/fstab to 600, a non priviliged user can still exceute bdf, df and "/sbin/mount -p" to see what filesystems are mounted.

Your client is wasting his time with these sort of unconsidered security measures...

HTH

Duncan

HTH

Duncan
James R. Ferguson
Acclaimed Contributor

Re: Security implementation on /etc/fstab

Hi:

Yes, I wonder...is this security by obscurity?

The standard permission are -rw-r--r-- with root ownership. What's the problem with being able to see what's mounted? If that's an issue, you have far deeper problems in my opinion.

Regards!

...JRF...
Spark_2
Frequent Advisor

Re: Security implementation on /etc/fstab

:-)...well is client is God

its like he wants to control the permissions of mounted fs like:

/dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec, 1 2
/dev/hda9 /home ext2 rw,nosuid,nodev 1 2

My question is what all fs should be controlled and what should be the permissions
TTr
Honored Contributor

Re: Security implementation on /etc/fstab

Any user can type "mount" or "bdf" or "df" and get the mounted filesystems.

There is nothing special in /etc/fstab. It is volumes and filesystems and everybody knows and expects that. What kind of server is this, how many end users are on and what are you protecting yourself from?
Spark_2
Frequent Advisor

Re: Security implementation on /etc/fstab

I want to set the best security on the filesystem permissions. Like

/dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec, 1 2
/dev/hda9 /home ext2 rw,nosuid,nodev 1 2


What all filesystems should be controlled and with what permissions please
James R. Ferguson
Acclaimed Contributor

Re: Security implementation on /etc/fstab

Hi (again):

> /dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec, 1 2

This looks like a snippet from an AIX box, not HP-UX.

That said, I would mark non-OS filesystems as 'nosuid' if you want to increase your security. If I am correct, and this is AIX, I suggest you read those manpages and decide what additional protection those options might offer.

Regards!

...JRF...
Spark_2
Frequent Advisor

Re: Security implementation on /etc/fstab

ok...for an HPUX box...what all filesystems should be controlled and how
James R. Ferguson
Acclaimed Contributor

Re: Security implementation on /etc/fstab

Hi (again):

> ok...for an HPUX box...what all filesystems should be controlled and how

I answered that in my response above when I pointed out the some of your mount options were appropriate to AIX servers. Read my response again.

...JRF...