From owner-freebsd-questions@FreeBSD.ORG Mon Dec 12 20:18:38 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A6F4106566B for ; Mon, 12 Dec 2011 20:18:37 +0000 (UTC) (envelope-from pulley@dabus.com) Received: from aegir.dabus.com (aegir.dabus.com [173.14.229.218]) by mx1.freebsd.org (Postfix) with ESMTP id BB8DC8FC13 for ; Mon, 12 Dec 2011 20:18:37 +0000 (UTC) Received: from aegir.dabus.com (localhost.dabus.com [127.0.0.1]) by aegir.dabus.com (Processor) with ESMTP id 955605F2CD for ; Mon, 12 Dec 2011 13:00:30 -0700 (MST) DomainKey-Signature: a=rsa-sha1; b=aMEDvs8NKtLMejtbll1KAKDw1VLNt1zB6qWgvPtWOf9/SK5gZlsFcvqXuBcleLc//1udjz2Hy6YdNk0GofJEK2LOudLPqUK/YZc3hbHLhBB0BoHOFP73Bat5xQSPY8dSxZcnCHcxorBqYuERud1kROK/a58o0oezqcn40vwj0L4=; c=nofws; d=dabus.com; q=dns; s=aegir1 Received: from webmail.dabus.com (aegir.dabus.com [173.14.229.218]) by aegir.dabus.com (Dabus) with ESMTPA id 9ED9C5F2B6 for ; Mon, 12 Dec 2011 13:00:28 -0700 (MST) Received: from 131.77.1.84 (SquirrelMail authenticated user pulley) by webmail.dabus.com with HTTP; Mon, 12 Dec 2011 13:00:29 -0700 Message-ID: <4989a3ebb7810ed26951cbbd23b7645c.squirrel@webmail.dabus.com> In-Reply-To: <4EE3D1F0.60500@herveybayaustralia.com.au> References: <4EE32BB6.3020105@herveybayaustralia.com.au> <4EE38454.3020307@otenet.gr> <4EE3D1F0.60500@herveybayaustralia.com.au> Date: Mon, 12 Dec 2011 13:00:29 -0700 From: "Eric S Pulley" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.20 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: 9.0 install and journaling X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2011 20:18:38 -0000 > > As for one big / partition- linux may be using it: and its their biggest > failing! I've had a system lockup due to lack of space. Never a problem > with bsd as logs will only fill up var, a user won't break it with > filling up usr, etc. And root always stays protected! Its saved my life > a number of times... I can quickly fill TB's of data in no time, and if > something goes bang the logs can be a silent killer too. My 2c's anyway... > _______________________________________________ > And along those lines for security of the system, this is the U.S. DoD recommendations (well mandates really) including ZFS. Not that the DoD doesn’t have security problems... but I’m not big fan of the one or two mount point solution either… never understood why other OS packagers think is okay to just dump it all under / Per the DISA STIG (Security Technical Implementation Guide) / (obviously) / /var /tmp / should all be separate mount points "The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing"... in addition... All local file systems must employ journaling or another mechanism that ensures file system consistency. Removable media, remote file systems, and any file system that does not contain approved device files must be mounted with the "nodev" option. Removable media, remote file systems, and any file system that does not contain approved setuid files must be mounted with the "nosuid" option. The nosuid option must be enabled on all NFS client mounts. and so on... you can find a copy of the UNIX STIG online and some of it is just crazy paranoia and makes your life a pain, but there are a lot of good practices in it too.