View | Details | Raw Unified | Return to bug 115981
Collapse All | Expand All

(-)articles/hubs/article.sgml (-1 / +1 lines)
Lines 379-385 Link Here
379 
          Here is an excerpt from <filename>/etc/fstab</filename>,
 379 
          Here is an excerpt from <filename>/etc/fstab</filename>,
380 
          how to set up such a MFS:
 380 
          how to set up such a MFS:
381 
          <programlisting>
 381 
          <programlisting>
382 
/dev/da0s1b /anoncvstmp mfs rw,-s=786432,-b=4096,-f=512,-i=560,-c=3,-m=0,nosuid,nodev 0 0
 382 
/dev/da0s1b /anoncvstmp mfs rw,-s=786432,-b=4096,-f=512,-i=560,-c=3,-m=0,nosuid 0 0
383 
          </programlisting>
 383 
          </programlisting>
384 
          This is (of course) tuned a lot, and was suggested by &a.jdp;.
 384 
          This is (of course) tuned a lot, and was suggested by &a.jdp;.
385 
        </para>
 385 
        </para>
(-)books/handbook/basics/chapter.sgml (-9 lines)
Lines 1630-1644 Link Here
1630
1630
1631 
      <variablelist>
 1631 
      <variablelist>
1632 
	<varlistentry>
 1632 
	<varlistentry>
1633 
	  <term>nodev</term>
1634
1635 
	  <listitem>
1636 
	    <para>Do not interpret special devices on the
1637 
	      file system.  This is a useful security option.</para>
1638 
	  </listitem>
1639 
	</varlistentry>
1640
1641 
	<varlistentry>
1642 
	  <term>noexec</term>
 1633 
	  <term>noexec</term>
1643
1634
1644 
	  <listitem>
 1635 
	  <listitem>
(-)books/handbook/security/chapter.sgml (-3 / +2 lines)
Lines 712-720 Link Here
712 

          712
          

        

        

          713
          
      <para>If you have a huge amount of user disk space, it may take too

          713
          
      <para>If you have a huge amount of user disk space, it may take too

        

        

          714
          
	long to run through every file on those partitions.  In this case,

          714
          
	long to run through every file on those partitions.  In this case,

        

          
            

              715
              
	setting mount flags to disallow suid binaries and devices on those


              715
              
	setting mount flags to disallow suid binaries is a good idea.

            

            

              716
              
	partitions is a good idea.  The <literal>nodev</literal> and


              716
              
	The <literal>nosuid</literal> option (see &man.mount.8;) is what you

            

            

              717
              
	<literal>nosuid</literal> options (see &man.mount.8;) are what you


              
              
            

        

          718
          
	want to look into.  You should probably scan them anyway, at least

          717
          
	want to look into.  You should probably scan them anyway, at least

        

        

          719
          
	once a week, since the object of this layer is to detect a break-in

          718
          
	once a week, since the object of this layer is to detect a break-in

        

        

          720
          
	attempt, whether or not the attempt succeeds.</para>

          719
          
	attempt, whether or not the attempt succeeds.</para>

        






  

  Return to bug 115981