Using nodev, nosuid, and noexec Options to Temporary Storage Partitions
Temporary storage directories such as /tmp and /dev/shm potentially provide storage space for malicious executables.
Although mount options options cannot prevent interpreted code stored there from
getting executed by a program in another partition, using certain mount options can
be disruptive to malicious code.
Add nodev, nosuid, and noexec Options to /tmp
#Edit the file /etc/fstab. Add the text nodev,nosuid,noexec to the list of mount options in column 4.
#Edit the file /etc/fstab. Add the text ,nodev,nosuid,noexec to the list of mount options in column 4
Add nodev Option to Non-Root Local Partitions
Edit the file /etc/fstab. The important columns for purposes of this section are column 2 (mount point), column 3 (filesystem type), and column 4 (mount options). For any line which satisfies all of the conditions:
The filesystem type is ext2 or ext3
The mount point is not /
add the text “,nodev” to the list of mount options in column 4.
The nodev option prevents users from mounting unauthorized devices on any partition which is known not to contain any authorized devices. The root partition typically contains the /dev directory, which is the primary location for authorized devices, so this option should not be set on /. However, if system programs are being run in chroot jails, this advice may need to be modified further, since it is often necessary to create device files inside the chroot directory for use by the restricted program.
Support for partitions larger than 2.2 TB with BIOS
Installations can now be configured to boot from hard drive partitions larger than 2.2 TB using select BIOS models that support the newer GUID Partition Table (GPT). Legacy BIOS implementations previously limited ability to use large partitions on systems that were not using the newer Unified Extensible Firmware Interface (UEFI).
The initial ramdisk file on 64-bit PowerPC and 64-bit IBM POWER Series systems is now named initrd.img. In previous releases, it was named ramdisk.image.gz.
How Many Partitions in general for RHEL?
While preparing to install Red Hat Enterprise Linux, you must give some consideration to the number and size of the partitions to be used by your new operating system.
You should at least create the following partitions: swap, /boot/ (or a /boot/efi/ partition for Itanium systems), a /var/ partition for Itanium systems, and / (root).
Dedicated partitions needed:
For x86 and AMD64 systems, at least two partitions ( / and swap ) must be dedicated to Red Hat Enterprise Linux.
For Itanium systems, at least three partitions ( / , /boot/efi/ , and swap ) must be dedicated to Red Hat Enterprise Linux.
If your partitioning scheme requires a swap partition that is larger than 2 GB, you should create an additional swap partition. For example, if you need 4 GB of swap, you should create two 2 GB swap partitions. If you have 4 GB of RAM, you should create three 2 GB swap partitions. Red Hat Enterprise Linux supports up to 32 swap files.