On Fri, May 18, 2007 at 08:47:21PM +1000, Timothy Wilson wrote: > Had you thought about mounting certain areas as read only? > For example, /etc, /local can be mounted as read only. When you want > to make changes, such as installing a new package or whatever, just > remount the file systems read/write. > You can also use jails. > > Timothy
I think the point is that if someone roots your machine because you are running a vulnerable service, they can't really install rootkits and things if your binaries are on a filesystem that CAN'T be remounted r/w. If you just mount your harddisks (or portions like /etc) ro and someone roots your box, they just re-mount it, install rootkit, then re-mount back ro. Does nothing really.
