[geeks] Solaris resiliency to crashing w/full root partition?
velociraptor
velociraptor at gmail.com
Thu Sep 29 12:26:57 CDT 2005
On 9/28/05, D.A. Muran-de Assereto <dmuran at tuad.org> wrote:
> On Wed, 28 Sep 2005 16:11:15 -0400, velociraptor wrote
> Speaking as a security engineer for the US Navy, government systems in
general
> are supposed to have "audit data" like system logs kept on a separate
> partition from anything else. In Solaris, we encourage the use of a
separate
> /var partition and a separate /var/audit partition if c2 auditing is
enabled
> (which we also require). The relevant guidance depends on what environment
> you're running in and what agency does your system security certifications.
If
> you'd like more info, email me off-list, since this could get lengthy.
Let me clarify:
The ding was: "These system files can occupy a large portion of the
disk partition and can therefore negatively impact server performance."
It has nothing to do with logging levels or running c2 audit (as in, we
don't). It's public, non-sensitive web site data.
I'm not sure how moving them to a logical partition of their own would
correct that ding, anyway, given that a different logical partition is going
to be on the same disk.
Really, these IG people (not another agency, we are talking "The"
IG's office--they won't let us get a different agency to do our security
certs--we'd love that!) are like a cross between FBI wannabes and
caveman knuckle draggers. They wasted two extra nights of my life
scanning the network because they misconfigured their scanner,
then tried to play it off like scanning from a static IP vs. a DHCP IP
in our networks would produce a "different baseline".
Regards--
=Nadine=
=Nadine=
More information about the geeks
mailing list