|
A more secure install
Hi guys - just looking to verify some things I've been reading, maybe gain a tip or two. By "more secure" I'm referring to protection from loss of data through breakage rather than hardening an existing install.
It's my understanding that setting up separate partitions for /tmp and /var can protect a system if a process begins uncontrollable writes... /home I'll have on it's own partition anyway, but for backup purposes /home and /etc are really the only *must haves*, but that backing up /etc alone doesn't preserve program updates. Is this accurate? And would anyone mind sharing what type of partitioning scheme you use and why? Thanks guys :) |
Re: A more secure install
In my case, all my sensitive stuff gets regularly backed up to a separate external drive. For partitioning, I use a separate partition named Data. This allows me to clean install Linux when new versions are released without loosing data. I also keep a up to date image of Ubuntu LTS via clonezilla so I can go back to it once I am done playing with other distros.
|
Re: A more secure install
Quote:
I keep my LTS install on a separate drive atm, where I'm looking to dual boot Fedora 13 and OS11.3 on another drive, but having that backup image will come in handy, I'm sure. But this way I can mangle my "practice" installs and configs without damaging my primary. Right now it's all about learning the Linux file structure and what are considered "best practices" by the community. Thanks for sharing Arup. |
Re: A more secure install
Quote:
/etc is probably the most interesting directory after /home. Backing up /etc does not automatically allow you to restore a lost system to its former self. Restoring /etc ofter requires deeper knowledge of the system. Information about (system wide) installed applications is often stored under /var/lib or such, but this is package manager and/or distribution dependant. On Debian-based systems, this information can be easily backed up, but having a copy of /var/lib is not the way. Preserving program updates is more harmful than it is useful. It is often easier and safer to restore a system with no applications than a system with broken or compromised applications. Best practices depend on your distribution, but as for file system alone, File Hierarchy Standard is the way to go. Wikipedia links to number of webpages about distribution specific policies. Finally, you obviously want to run backups on a separate disk, or remote host if possible. Having backups on local disk only protects from innocent accidents (e.g. rm), not from rogue applications (if mounted read-write), or kernel space and hardware failures. My workstation basically has 32 GiB root (/) and 40 GiB home. The rest of disk is split between /wrk (~518 GiB), Windows (one 100 GiB partition), and an experimental 4 GiB partition to make it easy to play with file systems. /wrk contains non-critical data such as media and games. Only /home and /wrk/pics (i.e. user created data) are backed up. I used to separate /tmp and root filesystem, but I always ended up filling up the other. Then again, disk space is cheap. My server, on the other hand, has the following partition layout. Code:
|
Re: A more secure install
Hi wnd - long time no see, hope you're doing well!
Thank you, thank you. You just answered my questions perfectly. My goal as stated is simply to learn best practices while becoming more familiar with the file hierarchy standard. Right now I'm simply learning the basics e.g. structure, commands, repairing an install (which I create plenty of opportunity accidentally... :p)... Soon I hope to have a server with 2 remote (just laptops) networked, which is where I'll begin to delve into the material you're touching on here. Fantastic - thank you again! |
| All times are GMT -5. The time now is 10:01 PM. |
Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©1998 - 2013, nV News.