Re: Recommendations for server, 2 take

To: debian-isp@lists.debian.org
Subject: Re: Recommendations for server, 2 take
From: Craig Sanders <cas@taz.net.au>
Date: Tue, 31 Jan 2006 17:22:11 +1100
Message-id: <[🔎] 20060131062211.GR27432@taz.net.au>
In-reply-to: <[🔎] slrndsl6ef.l6h.spambait@truffula.sj.ca.us>
References: <5tQf2-Wa-25@gated-at.bofh.it> <5u2pR-1VG-3@gated-at.bofh.it> <5u82I-1Ch-63@gated-at.bofh.it> <5vjpX-7o6-19@gated-at.bofh.it> <5vjyf-7NZ-7@gated-at.bofh.it> <[🔎] slrndsl6ef.l6h.spambait@truffula.sj.ca.us>

On Sun, Jan 15, 2006 at 10:51:59AM -0800, Cameron L. Spitzer wrote:
> First thing I do is move /tmp and /var/tmp to a partition that's
> mounted noexec.
>
> Too many sloppy PHP apps. Worms drop things in /tmp and run them from
> there.

BTW, if you forgot to create a spare partition for /tmp, and you have a
decent amount of RAM you can use tmpfs for this. just add the following
to /etc/fstab:

tmpfs    /tmp        tmpfs    size=512M,noexec    0       0
tmpfs    /var/tmp    tmpfs    size=256M,noexec    0       0

if you don't have enough RAM, then add more. it's cheap. and it's the
best way of speeding up your system if your system is disk I/O-bound
(e.g. web, mail, database servers) rather than CPU-bound (e.g. games,
graphics, number crunching).

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)

Reply to:

References:
- Re: Recommendations for server, 2 take
  - From: "Cameron L. Spitzer" <cls@truffula.sj.ca.us>

Prev by Date: Re: Recommendations for server, 2 take
Next by Date: Re: Exim not accepting undescore in server name?
Previous by thread: Re: Recommendations for server, 2 take
Next by thread: mysql and users on 2 servers
Index(es):
- Date
- Thread