[Nottingham] (Mandrake 9.0) Linux security help please

[Martin]

While my reading up on Linux continues...

For increased online security, I wish to limit filesystem access for an
'online use' user account (I've just got ntl broadband that I want to
use with a Mandrake 9.0 Linux box):


1: There are a few windows partitions that are automatically mounted and
are automatically r/w for all users. How do I make these mounts
inaccessible/invisible for one or more users?

2a: I've read that /, /boot, and /usr should be mounted read-only for
increased security. How should this be done automatically but without
locking up the system?

2b: I've got the following partitions allocated: /, /boot, /usr, /home
and swap. I've set / to be small (500Mb-ish). How do I get such as /tmp
and /var linked over to somewhere on /home (a few Gb big) so that / can
be read-only and won't be threatened with getting full if I start
spooling big printouts? (My worry is to do it such that the boot-up 
sequence is not knackered by how things get mounted/linked...)

3: I've seen crontab/at listed (amongst others) as things to be disabled 
for security. Why? (To stop 'time bombs' being set?)


...Meanwhile, firewalls (Shorewall) are the next exciting read.


Advice welcome.

Thanks,
Martin

-- 
----------------
Martin Lomas
martin@ml1.co.uk
----------------