View Single Post
Old 08-19-10, 08:47 AM   #4
Nerd, Geek, Freak
wnd's Avatar
Join Date: Sep 2005
Location: Finland
Posts: 703
Default Re: A more secure install

Originally Posted by grey_1 View Post
protection from loss of data through breakage rather than hardening an existing install

It's my understanding that setting up separate partitions for /tmp and /var can protect a system if a process begins uncontrollable writes...

/home I'll have on it's own partition anyway, but for backup purposes /home and /etc are really the only *must haves*, but that backing up /etc alone doesn't preserve program updates.
It is indeed useful to have separate /home for number of reasons, but the rest mostly depends on your goals. Separate /home prevents you from rendering your system unusable by filling up /var, and makes it easier to make backups for data that really matters. Having a separate /tmp can also be a good idea, but from my experience it is extremely rare for size of /tmp to become a problem. If you worry about /tmp, you may also want to worry about /var/tmp, which is often used for boot-presistent temporary data.

/etc is probably the most interesting directory after /home. Backing up /etc does not automatically allow you to restore a lost system to its former self. Restoring /etc ofter requires deeper knowledge of the system. Information about (system wide) installed applications is often stored under /var/lib or such, but this is package manager and/or distribution dependant. On Debian-based systems, this information can be easily backed up, but having a copy of /var/lib is not the way. Preserving program updates is more harmful than it is useful. It is often easier and safer to restore a system with no applications than a system with broken or compromised applications.

Best practices depend on your distribution, but as for file system alone, File Hierarchy Standard is the way to go. Wikipedia links to number of webpages about distribution specific policies.

Finally, you obviously want to run backups on a separate disk, or remote host if possible. Having backups on local disk only protects from innocent accidents (e.g. rm), not from rogue applications (if mounted read-write), or kernel space and hardware failures.

My workstation basically has 32 GiB root (/) and 40 GiB home. The rest of disk is split between /wrk (~518 GiB), Windows (one 100 GiB partition), and an experimental 4 GiB partition to make it easy to play with file systems. /wrk contains non-critical data such as media and games. Only /home and /wrk/pics (i.e. user created data) are backed up. I used to separate /tmp and root filesystem, but I always ended up filling up the other. Then again, disk space is cheap.

My server, on the other hand, has the following partition layout.
                       2064208    215944   1743408  12% /
tmpfs                   496976         0    496976   0% /lib/init/rw
udev                     10240       724      9516   8% /dev
tmpfs                   496976         0    496976   0% /dev/shm
/dev/sda1               241116     24634    204034  11% /boot
                       8256952    363400   7809668   5% /home
/dev/mapper/vg00-tmp   2064208     68696   1890656   4% /tmp
/dev/mapper/vg00-usr   4128448    885184   3033552  23% /usr
/dev/mapper/vg00-var   4128448    773712   3145024  20% /var
/dev/mapper/vg00-log   2064208    128284   1831068   7% /var/log
                       2064208     68772   1890580   4% /var/spool
/dev/mapper/vg00-www  82569904   5496468  75395716   7% /var/www
/dev/mapper/vg00-wrk 130852396 111108952  18414048  86% /wrk
/dev/md0             307663736 199341436  92693872  69% /raid
This layout separates critical system components (/bin, /lib, /etc, mounted under /) from security components (/var/log, also for remote workstation logging), http-server (/var/www, which also runs chrooted) and mail daemon (/var/spool) from the rest of the system. Separate /boot is mostly legacy, but it makes recovering a LVM system much easier. /raid contains RAID-1-mirrored space for workstation backups only. Running backups to such a system is dangerous, but considering current options that's the best I have. /wrk can be remotely mounted and is shared for intra. Technically this layout would allow me to run most of the filesystems read-only, but so far I've been lacking the motivation.
web | cat

Christianity, noun: The belief that a cosmic Jewish Zombie who was his own father can make you live forever if you symbolically eat his flesh and telepathically tell him you accept him as your master, so he can remove an evil force from your soul that is present in humanity because a rib-woman was convinced by a talking snake to eat from a magical tree. [mad.frog]
wnd is offline   Reply With Quote