Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 3. Installation of your Linux ServerNext

3.4. Disk Setup- Disk Druid

Versian All

We assume that you are installing your new Linux server to a new hard drive, with no other existing file system or operating system previously installed. A good partition strategy is to create a separate partition for each major file system. This enhances security and prevents accidental denial of service or exploit of SUID programs.

Creating multiple partitions offers you the following advantages:

Protection against denial of service attack.
Protection against SUID programs.
Faster booting.
Easy backup and upgrade management.
Ability for better control of mounted file system.
Limit each file system's ability to grow.

Warning

If previous file system or operating system exist on the hard drive and computer where you want to install your Linux system, we highly recommend, that you make a backup of your current system before proceeding with the disk partitioning.

Step 1. For performance, stability and security reasons you must create something like the following partitions listed below on your computer. We suppose for this partition configuration the fact that you have a SCSI hard drive of 3.2 GB. Of course you will need to adjust partition sizes according to your own needs and disk size. Partitions that must be created on your system: 
                      /boot	   5MB		(1)
                      /usr	 512MB		(2)
                      /home	1146MB		(3)
                      /chroot	 256MB		(4)
                      /cache	 256MB		(5)
                      /var	 256MB		(6)
                   <Swap>	 128MB		(7)
                      /tmp	 256MB		(8)
                      /		 256MB		(9)

(1)
All Kernel images are kept here.
(2)
Must be large, since all Linux binaries programs are installed here.
(3)
Proportional to the number of users you intend to host i.e. 10MB per users multiplied by the number of users 114 = 1140MB.
(4)
If you want to install programs in chroot jail environment i.e. DNS.
(5)
This is the cache partition of a proxy server i.e. Squid.
(6)
Contains files that change when the system run normally i.e. Log files.
(6)
Our swap partition. The virtual memory of the Linux operating system.
(8)
Our temporary files partition.
(9)
Our root partition.

We have made two more special partitions:

/chroot

The /chroot partition can be used for DNS server chrooted, Apache server chrooted and other chrooted future programs.

/cache

The /cache partition can be used for a Squid Proxy server.

If you are not intending to install Squid Proxy server you don't need to create the /cache partition.

Keeping /tmp and /home on separate partitions is pretty much mandatory if users have shell access to the server- protection against SUID programs; splitting these off into separate partitions also prevent users from filling up any critical file system -denial of service attack. The same applies to /var, and /usr on separate partitions is also a very good idea. By isolating the /var partition, you protect your root partition from overfilling -denial of service attack.

In our partition configuration we'll reserve 256 MB of disk space for chrooted programs like Apache, DNS and other software. This is necessary because Apache DocumentRoot files and other binaries, programs related to Apache will be installed in this partition if you decide to run Apache web server in a chrooted jail.

Take note that the size of the Apache chrooted directory on the chrooted partition is proportional to the size of your DocumentRoot files. If you're not intending to install and use Apache on your server, you can reduce the size of this partition to something like 10 MB for DNS server that you always need in a chrooted jail environment for security reasons.

Note

Minimum size of partitions: For information purposes only, this is the minimum size in megabytes, which a Linux installation must have to function properly. The sizes of partitions listed below are really small. This configuration can fit into a very old hard disk of 512MB in size that you might find in old x486 computers. We show you this partition just to get an idea of the minimum requirements. 
              /	         35MB
              /boot	  5MB
              /chroot	 10MB
              /home	100MB
              /tmp	 30MB
              /usr	232MB
              /var	 25MB

PrevHomeNext
Installation Class and Method (Install Type)UpDisk Druid
  
 
  Published under the terms of the Open Publication License Design by Interspire