How to partition an OpenBSD if it’s used as a static HTTPD server

openbsd

So mount options can be useful because it can afaik increase the security of a webserver that is only serving static html files.

What are the best mount options/partition schemes for az OpenBSD 5.2 that is used only for static HTTPD server?

Best Answer

If security is your concern, keep in mind that httpd in OpenBSD is chrooted by default, which means that in case of a potential compromise of your web server, the attacker will stay in the chroot jail of your webserver, isolated from the rest of your system, therefore minimizing the effects of the breach.

As far as mount options go, you could mount the partitions where binaries are not expected to be executed as noexec (for example, user /home directories). You could also consider enabling nosuid and nodev mount options where applicable. Check the mount manual page for more information.

You could also use a restricted shell such as rbash in conjunction with chroot jailing of daemons.

Best Answer

Related Solutions

How to secure an OpenBSD-based Apache webserver

Is this enough for a working mail server

Related Question