This is the first in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified against Oracle Enterprise Linux (OEL) 5.5. You can download OEL here.
How you implement a disk partitioning strategy is largely based on how the server will be used. In this post we'ere not going to cover every possible use case but rather focus only on the security aspects of the base OS install instead.
A default install of OEL, you get two mount points (plus of course shared memory /dev/shm):
- / -> The root directory
- /boot -> The boot partition
This means that by default all OS-related directories fall under the root directory. Remember that availability is part of security and therefore it is better to establish separate partitions for the following so that running out of space in one does not impact the other partitions:
- /home -> Container for all non-root user home directories
- /tmp -> Container for temporary storage
- /var -> Container for application logs
- /var/log/audit -> Container for audit logs
- <swap> -> Container for virtual memory
As separate partitions, mount options can be used to limit permissions and for /home to impose quota. While swap can be implemented as a file, a partition is recommended for performance reasons.