Securing mount points on Linux

Michael Boelen

By default the mount options are not focused on security, which gives us a room to further improve hardening of the system. Via mount options we can apply additional security controls to protect our data. Mount points Let’s have a look at our /etc/fstab file. rw = read write auto = mount automatically nouser = do not allow a user to mount the file system async = asynchronous saving of data, to improve performance Since this is a virtual file system, which has no user data or binaries stored, we leave it with the defaults option. Useful for: /boot /dev/shm /home /tmp /var and data partitions Not suitable for: root (/) Apply system hardening To harden mount points, replace the defaults entry and add the related options to the related field.

Visit Link