Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

101

102

103

104

105

106

107

108

109

110

Observe the following precautions when mounting a file system or disk:

• Create a mount point directory (such as /mnt) on which to mount a new file system.

Never mount a file system on a directory that already contains files, because those

files will become inaccessible.

The mount point of a mounted file system acquires the permissions and ownership

of the file system's root directory.

• Set permissions and access control list entries on disk path names to control access

to disks.

• Use the -r option of the mount command to mount the file system as read-only.

You must mount physically write-protected file systems this way.

• When mounting a new or foreign file system, assume that the medium is insecure.

— Make sure that the PATH environment variable does not include “.” (the current

directory); otherwise, you might run a Trojan horse version of ls or some similar

command while examining the new file system.

— Run the fsck command to verify that the file system is not technically corrupted.

See fsck(1M).

— Run the ncheck_hfs -s or ncheck_vxfs -s command to scan for setuid

and setgid programs and device files, and investigate any suspicious findings.

The -s option is intended to discover concealed violations of security policy. For

more information, see ncheck_hfs(1M) and ncheck_vxfs(1M).

— Create a directory restricted to root by setting its permissions at 700

(drwx------).

# mkdir /securefile

# chmod 700 /securefile

— Mount the foreign file system read-only at that location:

# mount -r /dev/disk1 /securefile

— Check all directories for privileged programs, and verify the identity of every

program.

— Remount the system read and write permissions and remove any unnecessary

setuid and setgid permissions from files that you discovered in the previous

step. These precautions are especially important if a user requests that you mount

a personal file system.

Only after performing these tests should you unmount the file system and remount it

in its desired location.

• Be sure to unmount all mounted file systems of a user whose account you are

disabling or removing.

For information on files mounted in an NFS environment, see Section 5.10.2.

5.9 Security Guidelines for Mounting and Unmounting File Systems 105