[Centos] Secure server install

Thu Jan 27 21:54:12 UTC 2005
Beau Henderson <silentbob at gmail.com>

To each his own really. I've had no problems resizing in the past 4
years i've used my partitioning scheme and it works quite well..

Now.. The point here of having this many partitions is reliability and
security. For instance, with /tmp mounted, you can modify the options
to disallow file execution, and others. This is extremely handy on a
web server system as users will upload files to that directory, and at
times so do vulnerable scripts.

In /usr and /var we typically have mysql data, system log files, and
mail data ( among other things ). Partitioning these can be a life
saver in times of, lets say mailbombing, or out of control log files,
etc. If we allowed the data to be combined in one partion, there's a
good chance if full, we'd not be able to log in to the server

Typically you're not going to use all the disk space available on your
drive. And its not always necessary to partition in a way in which
we've advised. I've had clients with horribly configured partions and
in such cases its been necessary ( due to available resources ) to
move the data to a different partion with more space and create
symlinks to that data.. which sort of kills the point of the
partitions in the first place.

Partitioning in the correct way can also help aid performance of the
system, lets not forget that.

Here's what plesk recommends partion wise for plesk 7.5 reloaded:

Beau Henderson

On Fri, 28 Jan 2005 08:19:12 +1100, Gavin Carr <gavin at openfusion.com.au> wrote:
> > Here's an example of one of my systems which handles everything:
> >
> > /dev/hda6            1012M  238M  723M  25% /
> > /dev/hda1             244M   21M  210M   9% /boot
> > /dev/hda7              91G   19G   68G  22% /home
> > none                 1004M     0 1004M   0% /dev/shm
> > /dev/hda5             2.0G   33M  1.8G   2% /tmp
> > /dev/hda2             9.7G  2.9G  6.3G  31% /usr
> > /dev/hda3             9.7G  1.8G  7.5G  19% /var
> >
> > Generally a 512 - 1 GB is enough for tmp. The size of each really
> > depends upon what software you'll have installed and where it places
> > its files.
> Just to put a slightly different point of view, I tend not to use
> too many partitions because I end up wasting space and admin time
> on partitions I've sized incorrectly. These days you can use LVM to
> minimise the annoyance, but it's still an issue.
> I've been partitioning like this lately:
> /dev/hda1       2.0G    swap
> /dev/hda2       100M    /boot
> /dev/hda3       100M    /boot2
> /dev/hda5       5.0G    /
> /dev/hda6       5.0G    /2
> /dev/hda7       rest    /export
> and then putting large directories like /home and /var/www in /export,
> symlinked from the top.
> The purpose of the /boot2 and /2 is alternate boot and root directories:
> (1) they can be used as a backup of the initial install, and (2) they allow
> non-destructive reinstalls - you just install your new OS to /boot2 and /2,
> leaving the current OS on /boot and / - that way if you run into problems,
> you can just reboot and the old OS is still there.
> My AU2c.
> Cheers,
> Gavin
> --
> Open Fusion P/L - Open Source Business Solutions [ Linux - Perl - Apache ]
> ph:  +612 9875 5032                                    fax: +612 9875 4317
> web: http://www.openfusion.com.au                      mob: +61 403 171712
> - Fashion is a variable, but style is a constant - Programming Perl
> _______________________________________________
> CentOS mailing list
> CentOS at caosity.org
> http://lists.caosity.org/mailman/listinfo/centos