If you go for the "one size fits it all" philosophy, you can't set
parts of your installation to mount read-only like the /usr partition
which might be considered being a good idea in a security sensitive
environment.
Btw. beginning with Solaris 7 one can enable filesystems to log
write actions with the "logging" UFS mount option which speeds up
fsck after crashes: mount_ufs(1M)
Hans
At 14:18 21.07.00 -0400, Harry Chu wrote:
>I have to disagree. Today's hard disk come in sizes such as 9gb, and 18gb.
>If you have over 8GB of log files on your systems you have other problems
>outside of the system. A firewall systems doesn't in anyway require the
>amount of storage that comes with systems.
>
>HC
>
>
>
>
>
>
>
>Aaron Turner <[EMAIL PROTECTED]> on 07/21/2000 01:50:54 PM
>
>To: James Edwards <[EMAIL PROTECTED]>
>cc: "'Paul McDonald, (614) 265-6982'"
> <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (bcc: Harry Chu/SIAC)
>Subject: RE: [FW1] Recommended Solaris Disk Partition
>
>
>
>
>
>
>There are two issues that I've had with the one big partition approach.
>
>1) If you ever have a crash, your root partition is going to take a LONG
>time to fsck. I prefer to keep root small so that in a recovery situation
>I can get things up and running quicker.
>
>2) If you don't keep track of your disk space, your firewall logs (which
>can grow fast) can fill up your root partition and crash the firewall. It
>really sucks when you're taking a week off around Christmas only to have
>to come in New Years becuase the firewall crashed. If /var is it's own
>partition, you won't log anymore, but at least the box won't crash.
>
>With that in mind, I'd have 3 partitions on a Solaris for FW-1:
>
>/ (OS and applications)
>/tmp (Solaris by default will use this for swap too)
>/var (firewall and system logs go here)
>
>But as James said, it's very much based on taste and your own preferences.
>Disk partitioning is much more an art than a science IMHO.
>
>--
>Aaron Turner [EMAIL PROTECTED] 650.237.0300 x252
>Security Engineer Vicinity Corp.
>Cell: 408-314-9874 http://www.vicinity.com
>
>On Fri, 21 Jul 2000, James Edwards wrote:
>
> >
> > I'll probably catch some flak for this but make one big partition for
>root
> > (I would say 4 GB) and another one for your logs. You can redirect your
> > logs to anyplace you like. There has been a long running argument among
> > Unix folks about whether to make one big partition or provide separate
> > partitions for / /usr /var /opt. I had always done the separate
>partition
> > route just because I had always done it that way and was always running
>out
> > of room in /usr or /opt when trying to install packages and doing
>different
> > things. I have since tried the one big partition route and have not had
>one
> > single problem (my firewall is done that way). Sure beats guessing how
>much
> > space you might need for each partition.
> >
> > Jim Edwards
> > Systems Manager
> > Texas Secretary of State
> >
> >
> >
> > -----Original Message-----
> > From: Paul McDonald, (614) 265-6982
> > [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 20, 2000 4:30 PM
> > To: [EMAIL PROTECTED]
> > Subject: [FW1] Recommended Solaris Disk Partition
> >
> >
> >
> >
> > Hello,
> >
> > I am setting up a new FW-1/VPN-1 Enterprise system w/Reporting Module on
> > a Solaris Ultra 10 with a 9gb disk and 512mb memory. I also intend
> > to use the "Solastice Disk Suit" to mirror this disk. What would the
> > recommended disk partition sizes?
> >
> > Also, should I install the Solaris 64bit support or just 32 bit?
> >
> > Thanks.
> >
> >
> >
> >
>===========================================================================
>=
> > ====
> > To unsubscribe from this mailing list, please see the instructions
>at
> > http://www.checkpoint.com/services/mailing.html
> >
>===========================================================================
>=
> > ====
> >
> >
> >
>===========================================================================
>=====
> > To unsubscribe from this mailing list, please see the instructions
>at
> > http://www.checkpoint.com/services/mailing.html
> >
>===========================================================================
>=====
> >
>
>
>
>===========================================================================
>=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
>=====
>
>
>
>
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
