HPE Community
Operating System - HP-UX
1827458 Members
5688 Online
109965 Solutions
New Discussion

how to secure /root filesystems

 
SOLVED
Go to solution
pedliz11
Frequent Advisor

‎11-28-2007 03:38 AM

‎11-28-2007 03:38 AM

how to secure /root filesystems

does anyone know how to prevent users from filling up / root filesystems... I have a trusted system and ssh enabled with auditing enabled.
0 Kudos
Reply
10 REPLIES 10
Patrick Wallek
Honored Contributor

‎11-28-2007 03:40 AM

‎11-28-2007 03:40 AM

Re: how to secure /root filesystems

Proper user training is the primary method.

No shell access is also a good bet.

If all else fails, the baseball bat training method works pretty well.
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

‎11-28-2007 03:44 AM

‎11-28-2007 03:44 AM

Solution

Re: how to secure /root filesystems

Hi,

I think the more interesting question is why are normal users allowed to create files in / ?

They certainly can't on my system...

What exactly is filling up /

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Reply
Tim Nelson
Honored Contributor

‎11-28-2007 06:10 AM

‎11-28-2007 06:10 AM

Re: how to secure /root filesystems

I second Duncan's response.

Nothing / no-one should be writing to the root filesystem. / is always static with the very very few exceptions of some delivered HPUX apps that must put log files in /etc.

0 Kudos
Reply
pedliz11
Frequent Advisor

‎11-28-2007 07:13 AM

‎11-28-2007 07:13 AM

Re: how to secure /root filesystems

i have my hands tied the customer has sudo access and is allowing the application to fill the /var filesystem... I caanot change the config but how can i prevent the cusomer from filling up /var
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-28-2007 12:04 PM

‎11-28-2007 12:04 PM

Re: how to secure /root filesystems

>is allowing the application to fill the /var filesystem. how can i prevent the customer from filling up /var

By removing files from /var/tmp?? that are older than X days.
Reply
whiteknight
Honored Contributor

‎11-28-2007 04:30 PM

‎11-28-2007 04:30 PM

Re: how to secure /root filesystems

Pedliz,

if your / root filesystem full frequently you should consider moving the /.secure into different lvol, so that to avoid any corruption in your auditing files

my 2 cents

WK
Problem never ends, you must know how to fix it
Reply
MarkSyder
Honored Contributor

‎11-28-2007 07:39 PM

‎11-28-2007 07:39 PM

Re: how to secure /root filesystems

Is his application writing to a subdirectory? If so, you could assign a dedicated lvol/filesystem to that subdirectory. He can then fill it to his heart's content without affecting /var.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
Reply
Torsten.
Acclaimed Contributor

‎11-28-2007 08:37 PM

‎11-28-2007 08:37 PM

Re: how to secure /root filesystems

/var != / (root)

This is another lvol!

Because the user is using sudo, he is root too, more or less. root cannot prevent another root from doing something on the system.

Consider to increase the lvol mounted to /var or free up some space there.

Question is, could the application write to another directory or is the path fixed to /var?


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Reply
Bill Hassell
Honored Contributor

‎11-28-2007 11:20 PM

‎11-28-2007 11:20 PM

Re: how to secure /root filesystems

Because the customer allows sudo access for untrained users, then filling /var (or any other filesystems) is only a small example of how easily your system can be destroyed with undisciplined and untrained users.

/var is indeed the most critical filesystem in HP-UX as it can be filled by anyone (sudo is not required) because /var/tmp is 777 (as it should be). If the huge files are being created in /var/tmp, then the only solution is to create a separate lvol just for /var/tmp (which is a good idea in general). Then if /var/tmp fills, /var is not affected. As an administrator, you need to set a policy for space in /var/tmp...large files more than a few days old are automatically removed. (You can mitigate the outrage by moving those files to another lvol as a quarantine and return them after some discussions). And of course, ask the users' managers to order more disks for their employees so they can continue using larger spaces in /var/tmp.


Bill Hassell, sysadmin
Reply
pedliz11
Frequent Advisor

‎11-29-2007 01:25 AM

‎11-29-2007 01:25 AM

Re: how to secure /root filesystems

thank you all for your input.. I will implememt all of your sugguestions in future bulids.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.