Chapter 5. Secure Installation

Security begins with the first time you put that CD or DVD into your disk drive to install Red Hat Enterprise Linux. Configuring your system securely from the beginning makes it easier to implement additional security settings later.

5.1. Disk Partitions

Red Hat recommends creating separate partitions for /boot, /, /home, /tmp/, and /var/tmp/. If the root partition (/) becomes corrupt, your data could be lost forever. By using separate partitions, the data is slightly more protected. You can also target these partition for frequent backups. The purpose for each partition is different and we will address each partition.
/boot - This partition is the first partition that is read by the system during the boot. The boot loader and kernel images that are used to boot your system into Red Hat Enterprise Linux are stored in this partition. This partition should not be encrypted. If this partition is included in / and that partition is encrypted or otherwise becomes unavailable, your system will not be able to boot.
/home - When user data (/home) is stored in / instead of a separate partition, the partition can fill up causing the operating system to become unstable. Also, when upgrading your system to the next version of Red Hat Enterprise Linux, it is a lot easier if you can keep your data in the /home partition as it will not be overwritten during installation.
/tmp and /var/tmp/ - Both the /tmp and the /var/tmp/ directories are used to store data that does not need to be stored for a long period of time. However, if a lot of data floods one of these directories, it can consume all of your storage space. If this happens and these directories are stored within /, your system could become unstable and crash. For this reason, moving these directories into their own partitions is a good idea.