Operating System - HP-UX
1839165 Members
4050 Online
110136 Solutions
New Discussion

Re: how to secure /root filesystems

 
SOLVED
Go to solution
pedliz11
Frequent Advisor

how to secure /root filesystems

does anyone know how to prevent users from filling up / root filesystems... I have a trusted system and ssh enabled with auditing enabled.
10 REPLIES 10
Patrick Wallek
Honored Contributor

Re: how to secure /root filesystems

Proper user training is the primary method.

No shell access is also a good bet.

If all else fails, the baseball bat training method works pretty well.
Solution

Re: how to secure /root filesystems

Hi,

I think the more interesting question is why are normal users allowed to create files in / ?

They certainly can't on my system...

What exactly is filling up /

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Tim Nelson
Honored Contributor

Re: how to secure /root filesystems

I second Duncan's response.

Nothing / no-one should be writing to the root filesystem. / is always static with the very very few exceptions of some delivered HPUX apps that must put log files in /etc.

pedliz11
Frequent Advisor

Re: how to secure /root filesystems

i have my hands tied the customer has sudo access and is allowing the application to fill the /var filesystem... I caanot change the config but how can i prevent the cusomer from filling up /var
Dennis Handly
Acclaimed Contributor

Re: how to secure /root filesystems

>is allowing the application to fill the /var filesystem. how can i prevent the customer from filling up /var

By removing files from /var/tmp?? that are older than X days.
whiteknight
Honored Contributor

Re: how to secure /root filesystems

Pedliz,

if your / root filesystem full frequently you should consider moving the /.secure into different lvol, so that to avoid any corruption in your auditing files

my 2 cents

WK
Problem never ends, you must know how to fix it
MarkSyder
Honored Contributor

Re: how to secure /root filesystems

Is his application writing to a subdirectory? If so, you could assign a dedicated lvol/filesystem to that subdirectory. He can then fill it to his heart's content without affecting /var.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
Torsten.
Acclaimed Contributor

Re: how to secure /root filesystems

/var != / (root)

This is another lvol!

Because the user is using sudo, he is root too, more or less. root cannot prevent another root from doing something on the system.

Consider to increase the lvol mounted to /var or free up some space there.

Question is, could the application write to another directory or is the path fixed to /var?


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Bill Hassell
Honored Contributor

Re: how to secure /root filesystems

Because the customer allows sudo access for untrained users, then filling /var (or any other filesystems) is only a small example of how easily your system can be destroyed with undisciplined and untrained users.

/var is indeed the most critical filesystem in HP-UX as it can be filled by anyone (sudo is not required) because /var/tmp is 777 (as it should be). If the huge files are being created in /var/tmp, then the only solution is to create a separate lvol just for /var/tmp (which is a good idea in general). Then if /var/tmp fills, /var is not affected. As an administrator, you need to set a policy for space in /var/tmp...large files more than a few days old are automatically removed. (You can mitigate the outrage by moving those files to another lvol as a quarantine and return them after some discussions). And of course, ask the users' managers to order more disks for their employees so they can continue using larger spaces in /var/tmp.


Bill Hassell, sysadmin
pedliz11
Frequent Advisor

Re: how to secure /root filesystems

thank you all for your input.. I will implememt all of your sugguestions in future bulids.