Not sure if this is the right place to ask, but I'll try.
When I do a minimum install of Centos, which default users should I delete (users that won't be needed on a server) It will be used for webhosting, mail, sql.. And, what partitions would you advice me to create? /root, /tmp, swap, /... should I have more?
/Håvard
Håvard Hebnes wrote:
Not sure if this is the right place to ask, but I'll try.
When I do a minimum install of Centos, which default users should I delete (users that won't be needed on a server) It will be used for webhosting, mail, sql.. And, what partitions would you advice me to create? /root, /tmp, swap, /... should I have more?
I don't usually create a seperate /root. The partition structure I usually go with is:
/boot /tmp /var / swap
And some people throw in /home.
Ben
On our web hosting servers, we generally use: / /tmp /var /usr /boot swap /home
Not necessarily in the above order.
Any recomendations how big they should be? Have 160GB to use..
Thanks,
regards Håvard
-----Original Message----- From: centos-bounces@caosity.org [mailto:centos-bounces@caosity.org] On Behalf Of Beau Henderson Sent: 27. januar 2005 17:36 To: CentOS discussion and information list Subject: Re: [Centos] Secure server install
On our web hosting servers, we generally use: / /tmp /var /usr /boot swap /home
Not necessarily in the above order.
Well now that really depends on what your going to have installed on the server. Will it handle mail? mysql or other databases ? web serving, etc ? Will you have any control panel system installed on this system ?
Here's an example of one of my systems which handles everything:
/dev/hda6 1012M 238M 723M 25% / /dev/hda1 244M 21M 210M 9% /boot /dev/hda7 91G 19G 68G 22% /home none 1004M 0 1004M 0% /dev/shm /dev/hda5 2.0G 33M 1.8G 2% /tmp /dev/hda2 9.7G 2.9G 6.3G 31% /usr /dev/hda3 9.7G 1.8G 7.5G 19% /var
Generally a 512 - 1 GB is enough for tmp. The size of each really depends upon what software you'll have installed and where it places its files.
Yes, it will handle mail (qmail, stores in /var/qmail), mysql, www sites /home
Will use Plesk as CP
Think your example looks good. Have you any suggestions to which default users I should delete?
/Håvard
-----Original Message----- From: centos-bounces@caosity.org [mailto:centos-bounces@caosity.org] On Behalf Of Beau Henderson Sent: 27. januar 2005 17:49 To: CentOS discussion and information list Subject: Re: [Centos] Secure server install
Well now that really depends on what your going to have installed on the server. Will it handle mail? mysql or other databases ? web serving, etc ? Will you have any control panel system installed on this system ?
Here's an example of one of my systems which handles everything:
/dev/hda6 1012M 238M 723M 25% / /dev/hda1 244M 21M 210M 9% /boot /dev/hda7 91G 19G 68G 22% /home none 1004M 0 1004M 0% /dev/shm /dev/hda5 2.0G 33M 1.8G 2% /tmp /dev/hda2 9.7G 2.9G 6.3G 31% /usr /dev/hda3 9.7G 1.8G 7.5G 19% /var
Generally a 512 - 1 GB is enough for tmp. The size of each really depends upon what software you'll have installed and where it places its files.
It's not a question of what "users" to delete by default. Most default user accounts are there for a specific task. Think about what services you don't intend to use. Stop those daemons from running on boot and kill the corresonding account for them. My experience is that there are very few accounts that would need to be removed. Services are more important to focus on.
-- <<JAV>>
---------- Original Message ----------- From: Håvard Hebnes centos@kral.no To: "'CentOS discussion and information list'" centos@caosity.org Sent: Thu, 27 Jan 2005 17:57:38 +0100 Subject: RE: [Centos] Secure server install
Yes, it will handle mail (qmail, stores in /var/qmail), mysql, www sites /home
Will use Plesk as CP
Think your example looks good. Have you any suggestions to which default users I should delete?
/Håvard
-----Original Message----- From: centos-bounces@caosity.org [mailto:centos-bounces@caosity.org] On Behalf Of Beau Henderson Sent: 27. januar 2005 17:49 To: CentOS discussion and information list Subject: Re: [Centos] Secure server install
Well now that really depends on what your going to have installed on the server. Will it handle mail? mysql or other databases ? web serving, etc ? Will you have any control panel system installed on this system ?
Here's an example of one of my systems which handles everything:
/dev/hda6 1012M 238M 723M 25% / /dev/hda1 244M 21M 210M 9% /boot /dev/hda7 91G 19G 68G 22% /home none 1004M 0 1004M 0% /dev/shm /dev/hda5 2.0G 33M 1.8G 2% /tmp /dev/hda2 9.7G 2.9G 6.3G 31% /usr /dev/hda3 9.7G 1.8G 7.5G 19% /var
Generally a 512 - 1 GB is enough for tmp. The size of each really depends upon what software you'll have installed and where it places its files. -- Beau Henderson http://www.iminteractive.net
On Thu, 27 Jan 2005 17:41:30 +0100, Håvard Hebnes centos@kral.no wrote:
Any recomendations how big they should be? Have 160GB to use..
Thanks,
regards Håvard
-----Original Message----- From: centos-bounces@caosity.org [mailto:centos-bounces@caosity.org] On
Behalf Of Beau Henderson
Sent: 27. januar 2005 17:36 To: CentOS discussion and information list Subject: Re: [Centos] Secure server install
On our web hosting servers, we generally use: / /tmp /var /usr /boot swap /home
Not necessarily in the above order.
-- Beau Henderson http://www.iminteractive.net
On Thu, 27 Jan 2005 07:30:34 -0600, Benjamin J. Weiss benjamin@birdvet.org wrote:
Håvard Hebnes wrote:
Not sure if this is the right place to ask, but I'll try.
When I do a minimum install of Centos, which default users should I
delete (users that won't be needed on
a
server) It will be used for webhosting, mail, sql.. And, what
partitions would you advice me to create?
/root,
/tmp, swap, /... should I have more?
I don't usually create a seperate /root. The partition structure I usually go with is:
/boot /tmp /var / swap
And some people throw in /home.
Ben _______________________________________________ CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
------- End of Original Message -------
On that subject, it's worth considering that many installations are not terribly "secure" right out of the box. For example, SSH allows protocol version 1 and remote root logins by default on Centos. Many admins consider this to be rather insecure - some have no problem with it in their environments.
Whatever services you do need, it would be worth auditing all of their config files.
Greg
On Thu, 27 Jan 2005 15:33:47 -0400, Joe Polk listuser@javelinux.com wrote:
It's not a question of what "users" to delete by default. Most default user accounts are there for a specific task. Think about what services you don't intend to use. Stop those daemons from running on boot and kill the corresonding account for them. My experience is that there are very few accounts that would need to be removed. Services are more important to focus on.
-- <<JAV>>
---------- Original Message ----------- From: Håvard Hebnes centos@kral.no To: "'CentOS discussion and information list'" centos@caosity.org Sent: Thu, 27 Jan 2005 17:57:38 +0100 Subject: RE: [Centos] Secure server install
Yes, it will handle mail (qmail, stores in /var/qmail), mysql, www sites /home
Will use Plesk as CP
Think your example looks good. Have you any suggestions to which default users I should delete?
/Håvard
-----Original Message----- From: centos-bounces@caosity.org [mailto:centos-bounces@caosity.org] On Behalf Of Beau Henderson Sent: 27. januar 2005 17:49 To: CentOS discussion and information list Subject: Re: [Centos] Secure server install
Well now that really depends on what your going to have installed on the server. Will it handle mail? mysql or other databases ? web serving, etc ? Will you have any control panel system installed on this system ?
Here's an example of one of my systems which handles everything:
/dev/hda6 1012M 238M 723M 25% / /dev/hda1 244M 21M 210M 9% /boot /dev/hda7 91G 19G 68G 22% /home none 1004M 0 1004M 0% /dev/shm /dev/hda5 2.0G 33M 1.8G 2% /tmp /dev/hda2 9.7G 2.9G 6.3G 31% /usr /dev/hda3 9.7G 1.8G 7.5G 19% /var
Generally a 512 - 1 GB is enough for tmp. The size of each really depends upon what software you'll have installed and where it places its files. -- Beau Henderson http://www.iminteractive.net
On Thu, 27 Jan 2005 17:41:30 +0100, Håvard Hebnes centos@kral.no wrote:
Any recomendations how big they should be? Have 160GB to use..
Thanks,
regards Håvard
-----Original Message----- From: centos-bounces@caosity.org [mailto:centos-bounces@caosity.org] On
Behalf Of Beau Henderson
Sent: 27. januar 2005 17:36 To: CentOS discussion and information list Subject: Re: [Centos] Secure server install
On our web hosting servers, we generally use: / /tmp /var /usr /boot swap /home
Not necessarily in the above order.
-- Beau Henderson http://www.iminteractive.net
On Thu, 27 Jan 2005 07:30:34 -0600, Benjamin J. Weiss benjamin@birdvet.org wrote:
Håvard Hebnes wrote:
Not sure if this is the right place to ask, but I'll try.
When I do a minimum install of Centos, which default users should I
delete (users that won't be needed on
a
server) It will be used for webhosting, mail, sql.. And, what
partitions would you advice me to create?
/root,
/tmp, swap, /... should I have more?
I don't usually create a seperate /root. The partition structure I usually go with is:
/boot /tmp /var / swap
And some people throw in /home.
Ben _______________________________________________ CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
------- End of Original Message -------
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Greg Knaddison wrote: | On that subject, it's worth considering that many installations are | not terribly "secure" right out of the box. For example, SSH allows | protocol version 1 and remote root logins by default on Centos. Many | admins consider this to be rather insecure - some have no problem with | it in their environments.
This is merely a duplication of the configuration of RHEL out of the box. IMHO, security due diligence is not a function of the distro provider.
| Whatever services you do need, it would be worth auditing all of their | config files.
Their or the config files?
.dn
Donavan, I think he was making a suggestion to the thread starter regarding disabeling direct root login, not a complaint :) Not all of us hate the direct root login, especially with a fresh install thats half way around the world and you got a monkey installing the OS :) ( I've been there done that w/ freebsd ).
On Thu, 27 Jan 2005 17:22:38 -0500, Beau Henderson silentbob@gmail.com wrote:
Donavan, I think he was making a suggestion to the thread starter regarding disabeling direct root login, not a complaint :)
Yes, thanks for the translation.
Not all of us hate the direct root login, especially with a fresh install thats half way around the world and you got a monkey installing the OS :) ( I've been there done that w/ freebsd ).
For boxes in an environment behind a firewall, I use remote root login all the time without much concern about the (in)security of the situation.
Greg
Hi!
You can always use LVM to provide dinamically resizable partitions.
Zizi
On Thursday 27 January 2005 17.49, Beau Henderson wrote:
Well now that really depends on what your going to have installed on the server. Will it handle mail? mysql or other databases ? web serving, etc ? Will you have any control panel system installed on this system ?
Here's an example of one of my systems which handles everything:
/dev/hda6 1012M 238M 723M 25% / /dev/hda1 244M 21M 210M 9% /boot /dev/hda7 91G 19G 68G 22% /home none 1004M 0 1004M 0% /dev/shm /dev/hda5 2.0G 33M 1.8G 2% /tmp /dev/hda2 9.7G 2.9G 6.3G 31% /usr /dev/hda3 9.7G 1.8G 7.5G 19% /var
Generally a 512 - 1 GB is enough for tmp. The size of each really depends upon what software you'll have installed and where it places its files.
On Thu, Jan 27, 2005 at 11:49:13AM -0500, Beau Henderson wrote:
Here's an example of one of my systems which handles everything:
/dev/hda6 1012M 238M 723M 25% / /dev/hda1 244M 21M 210M 9% /boot /dev/hda7 91G 19G 68G 22% /home none 1004M 0 1004M 0% /dev/shm /dev/hda5 2.0G 33M 1.8G 2% /tmp /dev/hda2 9.7G 2.9G 6.3G 31% /usr /dev/hda3 9.7G 1.8G 7.5G 19% /var
Generally a 512 - 1 GB is enough for tmp. The size of each really depends upon what software you'll have installed and where it places its files.
Just to put a slightly different point of view, I tend not to use too many partitions because I end up wasting space and admin time on partitions I've sized incorrectly. These days you can use LVM to minimise the annoyance, but it's still an issue.
I've been partitioning like this lately:
/dev/hda1 2.0G swap /dev/hda2 100M /boot /dev/hda3 100M /boot2 /dev/hda5 5.0G / /dev/hda6 5.0G /2 /dev/hda7 rest /export
and then putting large directories like /home and /var/www in /export, symlinked from the top.
The purpose of the /boot2 and /2 is alternate boot and root directories: (1) they can be used as a backup of the initial install, and (2) they allow non-destructive reinstalls - you just install your new OS to /boot2 and /2, leaving the current OS on /boot and / - that way if you run into problems, you can just reboot and the old OS is still there.
My AU2c.
Cheers, Gavin
-- Open Fusion P/L - Open Source Business Solutions [ Linux - Perl - Apache ] ph: +612 9875 5032 fax: +612 9875 4317 web: http://www.openfusion.com.au mob: +61 403 171712 - Fashion is a variable, but style is a constant - Programming Perl
To each his own really. I've had no problems resizing in the past 4 years i've used my partitioning scheme and it works quite well..
Now.. The point here of having this many partitions is reliability and security. For instance, with /tmp mounted, you can modify the options to disallow file execution, and others. This is extremely handy on a web server system as users will upload files to that directory, and at times so do vulnerable scripts.
In /usr and /var we typically have mysql data, system log files, and mail data ( among other things ). Partitioning these can be a life saver in times of, lets say mailbombing, or out of control log files, etc. If we allowed the data to be combined in one partion, there's a good chance if full, we'd not be able to log in to the server completely.
Typically you're not going to use all the disk space available on your drive. And its not always necessary to partition in a way in which we've advised. I've had clients with horribly configured partions and in such cases its been necessary ( due to available resources ) to move the data to a different partion with more space and create symlinks to that data.. which sort of kills the point of the partitions in the first place.
Partitioning in the correct way can also help aid performance of the system, lets not forget that.
Here's what plesk recommends partion wise for plesk 7.5 reloaded: http://faq.sw-soft.com/index.php?ToDo=view&questId=452&catId=88
-
Beau Henderson -
Benjamin J. Weiss -
donavan nelson -
Gavin Carr -
Greg Knaddison -
Håvard Hebnes -
Joe Polk -
Mezei Zoltan