[geeks] Solaris resiliency to crashing w/full root partition?

D.A. Muran-de Assereto dmuran at tuad.org
Thu Sep 29 14:46:17 CDT 2005 

On Thu, 29 Sep 2005 13:26:57 -0400, velociraptor wrote
> On 9/28/05, D.A. Muran-de Assereto <dmuran at tuad.org> wrote:
> > On Wed, 28 Sep 2005 16:11:15 -0400, velociraptor wrote
> > Speaking as a security engineer for the US Navy, government systems in
> general
> > are supposed to have "audit data" like system logs kept on a separate
> > partition from anything else. In Solaris, we encourage the use of a
> separate
> > /var partition and a separate /var/audit partition if c2 auditing is
> enabled
> > (which we also require). The relevant guidance depends on what environment
> > you're running in and what agency does your system security certifications.
> If
> > you'd like more info, email me off-list, since this could get lengthy.
> 
> Let me clarify:
> 
> The ding was: "These system files can occupy a large portion of the
> disk partition and can therefore negatively impact server performance."
> It has nothing to do with logging levels or running c2 audit (as in, we
> don't).  It's public, non-sensitive web site data.
> 
> I'm not sure how moving them to a logical partition of their own would
> correct that ding, anyway, given that a different logical partition is going
> to be on the same disk.
> 
> Really, these IG people (not another agency, we are talking "The"
> IG's office--they won't let us get a different agency to do our security
> certs--we'd love that!) are like a cross between FBI wannabes and
> caveman knuckle draggers.  They wasted two extra nights of my life
> scanning the network because they misconfigured their scanner,
> then tried to play it off like scanning from a static IP vs. a DHCP IP
> in our networks would produce a "different baseline".
> 
> Regards--
> =Nadine=
> =Nadine=
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks

Ah. Sounds like outdated requirements and incompetent auditors, especially
given the DHCP/Static comment. The government certainly has it's share of
them. Our requirements have nothing to do with root filling up; they have more
to do with separation of privilege and protection of audit trails.

Dave

***********************
Aude Sapere!
Carpe Scientia!
***********************

More information about the geeks mailing list