[lug] Re: partitions
bgiles at coyotesong.com
Tue Sep 24 14:38:54 MDT 2002
I normally recommend that *home* systems use a simple partitioning
scheme. I mentioned multiple partitions here primarily because his
system had already exhausted the /var partition and moving some of
that data into a new partition is a quick solution to that problem.
That said, anything that's *public* needs to have separate log
partitions, and arguably separate application data partitions.
Yes, it's a pain.
Yes, if you're guessing blindly you may have one partition filled
while another is mostly empty.
But that's all irrelevant. IMHO, when you're a public system one
of your highest responsibilities is to avoid becoming a hazard to
others. In turn, the first step in doing *that* is to maintain
accurate records of what you've done, and it's hardly an onerous
burden to maintain a separate /var/log partition so that malicious
users, authorized and unauthorized, will find it hard to cover their
(The next steps are harder for an individual with a cable modem or
DSL connection to pull off. Dedicated syslog servers, snort boxes
feeding into a database, etc.)
You may never need these logs, but they can be invaluable if somebody
complains about what you're doing. E.g., a few months back somebody
was fradulently sending out spam with my domain name and I identified
over a dozen open relays. Of the sites with the technical competence
to understand the problem (many sites were just using services provided
by a third party), all were vehement that they were not spamming and not
running an open relay. Then a few hours later they sheepishly acknowledged
that their Microsoft Exchange Server (almost without exception - I think
one site had a Cisco router cracked) had been misconfigured. With the
logs, we were able to quickly determine that the problem was real and fixed.
Without logs, they could have spent days trying to point the finger at
AOL (which sent me the bounce messages), etc.
More information about the LUG