[lug] R00tKIT!! Raah!

[Bear Giles]

Sebastian Sobolewski wrote:
> As a general rule I run my / filesystem mounted Read-Only.  Only my data 
> partitions which are mounted noexec are writable.

How do you get around /etc needing to be rw?  It's not absolutely 
critical, but it breaks a lot of stuff if it isn't.  (E.g., 
/etc/mtab can't be updated, among others.)

> /tmp & /var are symlinked to /data/tmp and /data/var respectively

Why not 'mount -ttmpfs none /tmp', and using separate data 
partitions under /var?

BTW, one standard recommendation is mounting /var/log as its own 
partition so somebody can't cause problems by flooding your log files.