DEV Community

Faruk
Faruk

Posted on • Originally published at Medium

Why I Use Read-Only Partitions on My Linux Servers (And You Should Too) | by Faruk Ahmed | May, 2025

Member-only story

Why I Use Read-Only Partitions on My Linux Servers (And You Should Too)

--

Share

Most Linux admins overlook this one simple but powerful hardening technique — until it’s too late.

In this post, I’ll walk you through:

🔍 What Are Read-Only Partitions?

A read-only partition is a part of your file system that is mounted in a way that prevents any modifications. This means no files can be written, altered, or deleted — not even by root, unless the partition is remounted.

It’s like locking your system’s most sensitive directories in a glass box.

⚔️ Why It Matters for Security

Attackers who gain access to a system usually:

  • Drop malicious files or binaries (like web shells or crypto miners)
  • Modify startup scripts or logs to maintain persistence
  • Use writable directories to pivot further

By mounting directories like /boot, /usr, or even /var/log as read-only, you block one of their most common attack vectors.

🔐 What I Do on My Production Servers

These are my go-to steps:

  • Mount /boot as read-only
  • sudo mount -o…

👉 Read Full Blog on Medium Here

Top comments (0)