Re: [gentoo-user] Partitions - last questions...
Am 24.04.2013 18:12, schrieb Tanstaafl: On 2013-04-24 11:31 AM, Florian Philipp li...@binarywings.net wrote: Am 24.04.2013 17:12, schrieb Tanstaafl: Ok, but - does it make sense to add the noexec option to /var/tmp? Is it possible that there are other apps that need exec capability in there? It makes sense. Any world-writable directory should be noexec to make script injection harder. Other directories, too, like /var/www (if you can, i.e. no cgi). I cannot tell you if any application might need it. Try it. It is easy enough to revert, maybe even with a `mount -o remount`, I'm not sure. Also, look at http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec Hmmm, this only talks about /tmp... I'm talking about /var/tmp... So, I guess you're right, I'll just need to try it and see... Just stumbled across this: http://blog.siphos.be/2013/04/securely-handling-libffi/ Might be relevant, might be not. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Partitions - last questions...
On 2013-04-23 1:59 PM, Neil Bothwick n...@digimed.co.uk wrote: On Tue, 23 Apr 2013 18:34:38 +0200, Florian Philipp wrote: So - first, is 5G way too big for the two /tmp dirs? I have lots of space, but hate waste If you worry about waste consider bind-mounting both from the same partition and install quotas to avoid one filling up the other. Or set PORTAGE_TMPDIR to use /tmp. Then /var/tmp will be so small you can leave it as a sub-directory of /var. If this is a server, 5G is fine for this, but for a desktop it may need to be bigger, to accommodate LibreOffice builds. One thing I'm trying to do is make the system as secure as possible at the filesystem level, and I've read that making /tmp and /var/tmp separate partitions so you can mount them /nodev/noexec/nosuid is one way to make things a bit more secure... On that note, I realized I can't make two /tmp's in lvm, so, I guess I can make a vtmp, and just bind that to /var/tmp in fstab like: /dev/vg/vtmp/var/tmp ext4 nodev,noexec,nosuid 0 0 Will that work? Last issue - I was planning on using XFS for my /var so I've been researching filesystems on VMs, and ran into this FAQ on the XFS site: http://xfs.org/index.php/XFS_FAQ#Q:_Which_settings_are_best_with_virtualization_like_VMware.2C_XEN.2C_qemu.3F Q: Which settings are best with virtualization like VMware, XEN, qemu? The biggest problem is that those products seem to also virtualize disk writes in a way that even barriers don't work any more, which means even a fsync is not reliable. Tests confirm that unplugging the power from such a system even with RAID controller with battery backed cache and hard disk cache turned off (which is safe on a normal host) you can destroy a database within the virtual machine (client, domU whatever you call it). In qemu you can specify cache=off on the line specifying the virtual disk. For others information is missing. Which says there IS NO BEST SETTING, and that XFS (and by implication, ANY FS) will always be very vulnerable to sudden power loss by the Host... Comments welcome...
Re: [gentoo-user] Partitions - last questions...
Am 24.04.2013 12:48, schrieb Tanstaafl: On 2013-04-23 1:59 PM, Neil Bothwick n...@digimed.co.uk wrote: On Tue, 23 Apr 2013 18:34:38 +0200, Florian Philipp wrote: So - first, is 5G way too big for the two /tmp dirs? I have lots of space, but hate waste If you worry about waste consider bind-mounting both from the same partition and install quotas to avoid one filling up the other. Or set PORTAGE_TMPDIR to use /tmp. Then /var/tmp will be so small you can leave it as a sub-directory of /var. If this is a server, 5G is fine for this, but for a desktop it may need to be bigger, to accommodate LibreOffice builds. One thing I'm trying to do is make the system as secure as possible at the filesystem level, and I've read that making /tmp and /var/tmp separate partitions so you can mount them /nodev/noexec/nosuid is one way to make things a bit more secure... noexec won't work for portage so put PORTAGE_TMPDIR somewhere else. On that note, I realized I can't make two /tmp's in lvm, so, I guess I can make a vtmp, and just bind that to /var/tmp in fstab like: /dev/vg/vtmp/var/tmp ext4 nodev,noexec,nosuid 0 0 Will that work? Sure why not but you should set the pass column to 2 instead of 0. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Partitions - last questions...
On 2013-04-24 8:48 AM, Florian Philipp li...@binarywings.net wrote: One thing I'm trying to do is make the system as secure as possible at the filesystem level, and I've read that making /tmp and /var/tmp separate partitions so you can mount them /nodev/noexec/nosuid is one way to make things a bit more secure... noexec won't work for portage so put PORTAGE_TMPDIR somewhere else. Ok, but - does it make sense to add the noexec option to /var/tmp? Is it possible that there are other apps that need exec capability in there? On that note, I realized I can't make two /tmp's in lvm, so, I guess I can make a vtmp, and just bind that to /var/tmp in fstab like: /dev/vg/vtmp/var/tmp ext4 nodev,noexec,nosuid 0 0 Will that work? Sure why not but you should set the pass column to 2 instead of 0. What is the 'pass' column? Th 5th column is the 'dump' column, and the 6th is the 'fsck' column, afaik? Thanks for the comments!
Re: [gentoo-user] Partitions - last questions...
Am 24.04.2013 17:12, schrieb Tanstaafl: On 2013-04-24 8:48 AM, Florian Philipp li...@binarywings.net wrote: One thing I'm trying to do is make the system as secure as possible at the filesystem level, and I've read that making /tmp and /var/tmp separate partitions so you can mount them /nodev/noexec/nosuid is one way to make things a bit more secure... noexec won't work for portage so put PORTAGE_TMPDIR somewhere else. Ok, but - does it make sense to add the noexec option to /var/tmp? Is it possible that there are other apps that need exec capability in there? It makes sense. Any world-writable directory should be noexec to make script injection harder. Other directories, too, like /var/www (if you can, i.e. no cgi). I cannot tell you if any application might need it. Try it. It is easy enough to revert, maybe even with a `mount -o remount`, I'm not sure. Also, look at http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec On that note, I realized I can't make two /tmp's in lvm, so, I guess I can make a vtmp, and just bind that to /var/tmp in fstab like: /dev/vg/vtmp/var/tmp ext4 nodev,noexec,nosuid 0 0 Will that work? Sure why not but you should set the pass column to 2 instead of 0. What is the 'pass' column? Th 5th column is the 'dump' column, and the 6th is the 'fsck' column, afaik? Okay, your fsck column is called pass in my fstab. Anyway, a value of two means fsck after root, one means fsck as root and 0 no fsck. See `man fstab`. Obviously you want fsck. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Partitions - last questions...
On 2013-04-23 12:34 PM, Florian Philipp li...@binarywings.net wrote: Am 23.04.2013 16:44, schrieb Tanstaafl: /boot (ext2), 100M /swap, 2G / (ext4), 40G then on LVM /tmp (ext2), 5G? - how big? /var/tmp (ext2), 5G? - how big? If this is a production server I wouldn't use ext2. In the case of a crash or reboot, you don't want to loose precious uptime just because of fsck or corrupted file systems. Noted, changed these to ext4... /var/log (ext4) - size? should I even have this separate? Doesn't need to be separate but could prevent a runaway process from filling /var just because it is spamming log entries. Could also be achieved with quotas. Filling up due to runaway logging is why I wanted this on a separate partition, and I prefer this to quotas... One question... I have some MySQL databases running on this system too, for my userdbs, and on the new server, SOGo (groupware)... Is it recommended to incorporate scripts to perform dumps of the dbs, or is the lvm snapshot reliable enough for backing these up in their raw state? Restoring from lvm snapshot is like restoring after a black out or similar crash. Having proper dumps is always a good idea. The snapshots are strictly transient, created/dropped during rsnapshot backups... I think I will schedule a cronjob for sql dumps too, for an extra backup/restore option... Hope this helps, Very much, thanks Florian!
Re: [gentoo-user] Partitions - last questions...
On 2013-04-24 11:31 AM, Florian Philipp li...@binarywings.net wrote: Am 24.04.2013 17:12, schrieb Tanstaafl: Ok, but - does it make sense to add the noexec option to /var/tmp? Is it possible that there are other apps that need exec capability in there? It makes sense. Any world-writable directory should be noexec to make script injection harder. Other directories, too, like /var/www (if you can, i.e. no cgi). I cannot tell you if any application might need it. Try it. It is easy enough to revert, maybe even with a `mount -o remount`, I'm not sure. Also, look at http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec Hmmm, this only talks about /tmp... I'm talking about /var/tmp... So, I guess you're right, I'll just need to try it and see... What is the 'pass' column? Th 5th column is the 'dump' column, and the 6th is the 'fsck' column, afaik? Okay, your fsck column is called pass in my fstab. Anyway, a value of two means fsck after root, one means fsck as root and 0 no fsck. See `man fstab`. Obviously you want fsck. Gotcha, that's what I thought... Thanks again Florian
Re: [gentoo-user] Partitions - last questions...
On 04/24/2013 11:39 AM, Tanstaafl wrote: On 2013-04-23 12:34 PM, Florian Philipp li...@binarywings.net wrote: Am 23.04.2013 16:44, schrieb Tanstaafl: /boot (ext2), 100M /swap, 2G / (ext4), 40G then on LVM /tmp (ext2), 5G? - how big? /var/tmp (ext2), 5G? - how big? If this is a production server I wouldn't use ext2. In the case of a crash or reboot, you don't want to loose precious uptime just because of fsck or corrupted file systems. Noted, changed these to ext4... Sideways question: Are there disk-based filesystems which don't persist? I don't think I've heard of any, short of cranking up the amount of space dedicated to swap, and using tmpfs. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Partitions - last questions...
Am 23.04.2013 16:44, schrieb Tanstaafl: Ok, this is the last question I need to answer for myself before installing a final version of my new virtualized gentoo server... I'll be using the following partition layout: /boot (ext2), 100M /swap, 2G / (ext4), 40G then on LVM /tmp (ext2), 5G? - how big? /var/tmp (ext2), 5G? - how big? If this is a production server I wouldn't use ext2. In the case of a crash or reboot, you don't want to loose precious uptime just because of fsck or corrupted file systems. /var/log (ext4) - size? should I even have this separate? Doesn't need to be separate but could prevent a runaway process from filling /var just because it is spamming log entries. Could also be achieved with quotas. /var (xfs), 750G /snapshots (xfs), 10G? - for lvm snapshots of /var for backups I'm not using a separate /home because there are no system users beyond my admin user (and the system user accounts)... So - first, is 5G way too big for the two /tmp dirs? I have lots of space, but hate waste If you worry about waste consider bind-mounting both from the same partition and install quotas to avoid one filling up the other. A bit like poor-man's btrfs sub volumes. Since you are using LVM you should also keep some unallocated memory, start with smaller partitions and monitor usage. A cron job that looks at `df` and sends a mail when a partition is more than x% full helps a lot. This mail server is not all that busy, and the backups only take about an hour, so I guesstimate that there won't be more than about 100-300MB of changes at the *extreme* outside of the envelope, so the 10G is most likely extreme overkill... but I'll know soon enough, and besides, I've got plenty of disk space to play with. One question... I have some MySQL databases running on this system too, for my userdbs, and on the new server, SOGo (groupware)... Is it recommended to incorporate scripts to perform dumps of the dbs, or is the lvm snapshot reliable enough for backing these up in their raw state? Restoring from lvm snapshot is like restoring after a black out or similar crash. Having proper dumps is always a good idea. Thanks as always for comments/suggestions/criticisms... Hope this helps, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Partitions - last questions...
On Tue, 23 Apr 2013 18:34:38 +0200, Florian Philipp wrote: So - first, is 5G way too big for the two /tmp dirs? I have lots of space, but hate waste If you worry about waste consider bind-mounting both from the same partition and install quotas to avoid one filling up the other. Or set PORTAGE_TMPDIR to use /tmp. Then /var/tmp will be so small you can leave it as a sub-directory of /var. If this is a server, 5G is fine for this, but for a desktop it may need to be bigger, to accommodate LibreOffice builds. -- Neil Bothwick WinErr 01A: Operating system overwritten - Please reinstall all your software. We are terribly sorry. signature.asc Description: PGP signature
