Date: Fri, 24 Nov 2000 00:04:36 -0600 (CST) From: Mike Meyer <mwm@mired.org> To: Tim McMillen <timcm@umich.edu> Cc: questions@freebsd.org Subject: Re: partitions and a new install Message-ID: <14878.1268.383566.580911@guru.mired.org> In-Reply-To: <65535877@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Tim McMillen <timcm@umich.edu> types: > On Wed, 22 Nov 2000, Nathan Vidican wrote: > > Peter Brezny wrote: > > > For a production firewall machine, is it important to create separate > > > partitions (slices) for different labels. > > > For example, is it a good idea to put > > > / > > > /var > > > /usr > > > /home > > > on separate partitions to help keep the possibility of file system > > > corruption from taking out more than one of these areas at a time? > Yes, I really think so. That way if one of them gets hosed you're > still able to get somewhere. I don't agree - at least not if we're talking about modern BSD systems. Other systems I wouldn't trust, because either my experience indicates their file system code isn't sufficiently crash-resistant, or because I don't have experience indicating otherwise. > > Personally, on a firewall machine I try to put them all on one > > partition, < 100Megs total, and mount it read-only; if at all possible, > then where do you send your logs? You need two partitions - / and /var. The logs and queues are on /var. Home directories for the admin are there as well (/home is a symlink to /var/home), but they should have almost nothing on them. I regularly configure network servers that way, but I haven't worked all the kinks out of the r/o part of the setup. Does anyone have a How-To for doing r/o root file systems? If you don't, I'd appreciate a description of the process. In return, I'll turn it into a FAQ entry for FreeBSD. > > make the bios write-protect it as well. Makes for easy/quick backup, and > > by write-protecting it assures better security. > Yes good point. RO is good. The easy quick backup for multiple > partitions could still be accomplished with a shell script. But how many > backups do you need to take fro a firewall? It shouldn't change much, so > once you get a few backups, you're fine. Cd's blanks are cheap enough - and the data for a server is small enough - that you can probably put it all on a new CD on a regular basis. Making it bootable might be an interesting exercise as well. > Didn't I see something about an append only filesystem for logs? > Where even root cannot delete from it? Is that possible on FreeBSD? That would be a nice idea as well. You might check the other BSD web sites, and possibly Linux. <mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14878.1268.383566.580911>