Chapter 7 (Web server hosting) . Installing Linux 261 . Protection
Chapter 7 . Installing Linux 261 . Protection from attacks Denial of Service attacks sometimes take actions that try to fill up your hard disk. If public areas, such as /var, are on separate partitions, a successful attack can fill up a partition without shutting down the whole computer. Because /var is the default location for Web and FTP servers, and expected to hold a lot of data, entire hard disks often are assigned to the /var file system alone. . Protection from corrupted file systems If you have only one file system (/), its corruption can cause the whole Linux system to be damaged. Corruption of a smaller partition can be easier to fix and often allows the computer to stay in service while the correction is made. Table 7-2 lists some directories that you may want to consider making into separate file system partitions. Table 7-2 Assigning Partitions to Particular Directories Directory Explanation /boot Sometimes the BIOS in older PCs can access only the first 1,024 cylinders of your hard disk. To make sure that the information in your /boot directory is accessible to the BIOS, create a separate disk partition (of about 100MB) for /boot and make sure that it exists below cylinder 1,024. The rest of your Linux system can exist outside of that 1,024-cylinder boundary if you like. Even with several boot images, there is rarely a reason for /boot to be larger than 100MB. (For newer hard disks, you can select the Linear Mode check box during installation. Then the boot partition can be anywhere on the disk.) /usr This directory structure contains most of the applications and utilities available to Fedora Linux users. Having /usr on a separate partition lets you mount that file system as read-only after the operating system has been installed. This prevents attackers from replacing or removing important system applications with their own versions that may cause security problems. A separate /usr partition is also useful if you have diskless workstations on your local network. Using NFS, you can share /usr over the network with those workstations. /var Your FTP (/var/ftp) and Web-server (/var/www) directories are, by default in many Linux systems, stored under /var. Having a separate /var partition can prevent an attack on those facilities from corrupting or filling up your entire hard disk. /home Because your user account directories are located in this directory, having a separate /home account can prevent a reckless user from filling up the entire hard disk. /tmp Protecting /tmp from the rest of the hard disk by placing it on a separate partition can ensure that applications that need to write to temporary files in /tmp are able to complete their processing, even if the rest of the disk fills up.
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.