Re: [Asterisk-Users] Linux Partitions (before asterisk install)
On Mon, Dec 12, 2005 at 11:28:35AM -0800, Johnny Voice wrote: For my asterisk installation in my lab, I will install the RedHat Linux ES v4 distribution (with kernel 2.6) onto a Dell Power Edge 1650 with ~16GB of Raid-1 hard disk space. Not much. Asterisk on its own doesn't take much either. However what else do you need to run on that system besides Asterisk? Below are some recommendations that are hopefully better than nothing: Before installing Linux, what should I set the following disk partitions to?: (root)/ /boot Keep /boot off the RAID? Otherwise, I see little point in a separate /boot . swap /usr Again, I see a little point in a separate /usr . Consider keeping a separate /usr/local , though. /home An asterisk system typically does not have users and need nt have a separate /home /tmp Enoughtemporary space. Though if you have really really much memory, it can be a tmpfs. /var Here sit: * logs * mail spool * mail messages * asterisk sounds * asterisk recordings etc. In other words: it should be big. In some cases you should even create seperate subpartitions under it to prevent them from filling up the rest of the partition (e.g: to limit the size of the recording, should you like to). -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | | friend ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Linux Partitions (before asterisk install)
/home An asterisk system typically does not have users and need nt have a separate /home I disagree here. You have at least 1 user to remotaly login to the system to do some work on it. Think config changes etc. In case of unauthorized access (ppl stole your password or whatever) you will be glad you have /home on a seperate partition that is mounted noexec,nosuid,nodev /tmp Enoughtemporary space. Though if you have really really much memory, it can be a tmpfs. Same here as with /home. Although this will need some scripting work for apt/up2date cause they run the installer scripts from /tmp /var Here sit: * logs * mail spool * mail messages * asterisk sounds * asterisk recordings etc. In other words: it should be big. In some cases you should even create seperate subpartitions under it to prevent them from filling up the rest of the partition (e.g: to limit the size of the recording, should you like to). Even better would be to use LVM for /var partitions. That way you can easily add extra space to it without the hassle of moving around data. All this is just my tipstricks archive for server installs. Feel free to trash it cause it's by no means 'the way to do it' It just works for me. -- Michiel van Baak http://michiel.vanbaak.info [EMAIL PROTECTED] GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x7E0B9A2D Why is it drug addicts and computer afficionados are both called users? ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Linux Partitions (before asterisk install)
On Saturday 17 December 2005 15:18, Michiel van Baak wrote: I disagree here. You have at least 1 user to remotaly login to the system to do some work on it. Think config changes etc. In case of unauthorized access (ppl stole your password or whatever) you will be glad you have /home on a seperate partition that is mounted noexec,nosuid,nodev And I disagree with you. :-) My Asterisk installs are minimal. Two partitions, one for / and one for /var, with /tmp symlinked to /var/tmp. I have only two accounts log in, root and a script account, both using DSA keys. I imagine you could put /home in /var/home but really it's not that critical for me. If someone gains root or the script user access they can cause a lot more damage than any rootkit. Even better would be to use LVM for /var partitions. That way you can easily add extra space to it without the hassle of moving around data. I use LVM for everything but /. :-) Good tips for general multiuser setups but I dunno; you can secure everything out the wazoo and just end up with a local root exploit crashing through all your security. I prefer the minimal approach which doesn't let / fill up and if someone manages to grab a password... well you're screwed anyway. minimize the impact to other systems. :-) -A. -A. ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Linux Partitions (before asterisk install)
On Sat, Dec 17, 2005 at 09:18:39PM +0100, Michiel van Baak wrote: /home An asterisk system typically does not have users and need nt have a separate /home I disagree here. You have at least 1 user to remotaly login to the system to do some work on it. Think config changes etc. In case of unauthorized access (ppl stole your password or whatever) you will be glad you have /home on a seperate partition that is mounted noexec,nosuid,nodev noexec? What will that give you against a user with a shell acount? [EMAIL PROTECTED]:~/Proj/Debs/Netcat/netcat-1.10$ $ cp /bin/ech /tmp/echonoexec $ chmod 644 /tmp/echonoexec $ ls -l /tmp/echonoexec -rw-r--r-- 1 tzafrir tzafrir 13912 2005-12-17 23:52 /tmp/echonoexec $ /lib/ld-linux.so.2 /tmp/echonoexec it runs! it runs! Not to mention all of the #! executables. Only static executables are harmed. So what was it that noexec prevented me form doing? -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | | friend ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Linux Partitions (before asterisk install)
On 00:03, Sun 18 Dec 05, Tzafrir Cohen wrote: On Sat, Dec 17, 2005 at 09:18:39PM +0100, Michiel van Baak wrote: /home An asterisk system typically does not have users and need nt have a separate /home I disagree here. You have at least 1 user to remotaly login to the system to do some work on it. Think config changes etc. In case of unauthorized access (ppl stole your password or whatever) you will be glad you have /home on a seperate partition that is mounted noexec,nosuid,nodev noexec? What will that give you against a user with a shell acount? [EMAIL PROTECTED]:~/Proj/Debs/Netcat/netcat-1.10$ $ cp /bin/ech /tmp/echonoexec $ chmod 644 /tmp/echonoexec $ ls -l /tmp/echonoexec -rw-r--r-- 1 tzafrir tzafrir 13912 2005-12-17 23:52 /tmp/echonoexec $ /lib/ld-linux.so.2 /tmp/echonoexec it runs! it runs! Not to mention all of the #! executables. Only static executables are harmed. So what was it that noexec prevented me form doing? I agree with this. But noexec is not the only thing. As this was not really a security thread, I just posted my personal prefs. Together with those mount options I also use systrace. There I disable the /lib/ld-linux hacks and stuff. Like I said, my setup is not the way to do it. It's just what works for me. I was commenting on the fact ppl think having seperate partitions for different parts of a system is not what is needed. There are some uses for it, that's what it was all about. Having partitions with mount options is not the only step in securing your system, that much is shown here ;) Actually in my setup my /home is not even local. That is just another reason to setup a box with seperate partitions for /home, /tmp, /usr etc. It will save you time in the occasion you want to deploy a remote filesystem for one of them. I'm sorry if you took my points as attacks on your setup. -- Michiel van Baak http://michiel.vanbaak.info [EMAIL PROTECTED] GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x7E0B9A2D Why is it drug addicts and computer afficionados are both called users? ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Linux Partitions (before asterisk install)
On 15:41, Sat 17 Dec 05, Andrew Kohlsmith wrote: On Saturday 17 December 2005 15:18, Michiel van Baak wrote: I disagree here. You have at least 1 user to remotaly login to the system to do some work on it. Think config changes etc. In case of unauthorized access (ppl stole your password or whatever) you will be glad you have /home on a seperate partition that is mounted noexec,nosuid,nodev And I disagree with you. :-) My Asterisk installs are minimal. Two partitions, one for / and one for /var, with /tmp symlinked to /var/tmp. I have only two accounts log in, root and a script account, both using DSA keys. I imagine you could put /home in /var/home but really it's not that critical for me. If someone gains root or the script user access they can cause a lot more damage than any rootkit. true. No setup is secure. The only security is disconnecting your system from the net ;) Even better would be to use LVM for /var partitions. That way you can easily add extra space to it without the hassle of moving around data. I use LVM for everything but /. :-) Same here. drbd devices as low-level with lvm on top of it. Good tips for general multiuser setups but I dunno; you can secure everything out the wazoo and just end up with a local root exploit crashing through all your security. I prefer the minimal approach which doesn't let / fill up and if someone manages to grab a password... well you're screwed anyway. minimize the impact to other systems. :-) This is becoming a thread that totally looses track of the OP question. Security is a complex issue and every system/install needs it's own policy. Like I said, I was just posting my own view on things. -- Michiel van Baak http://michiel.vanbaak.info [EMAIL PROTECTED] GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x7E0B9A2D Why is it drug addicts and computer afficionados are both called users? ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Linux Partitions (before asterisk install)
For my asterisk installation in my lab, I will install the Linux ES v4 distribution (with kernel 2.6) ontoa Dell Power Edge 1650 with ~16GB of Raid-1 hard disk space.Before installing Linux, what should I set the following disk partitions to?: (root)/ /boot swap /usr /home /tmp /varThe Dell boot up disk (i.e. theDell OpenManage disk, Configure Hard Drive section), shows this as the default:(root)/ 1024MB /boot 100MB swap 2048MB /usr 5726MB /home 3547MB /tmp 512MB /var 512MBDo you think I should do something like this?(root)/ 512MB /boot 100MB swap 2048MB /usr 1MB /home 2282MB /tmp 256MB /var 2057MBThanks.Tom Yahoo! Shopping Find Great Deals on Holiday Gifts at Yahoo! Shopping ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Linux Partitions (before asterisk install)
Will you be doing much recording? 2GB (/var) is very small for that. If no recording, then no big deal, but the logs for asterisk do go to /var as well and can grow rather large in high-volume. In my experience you can live with 5GB or less on /usr. MATT--- On 12/12/05, Johnny Voice [EMAIL PROTECTED] wrote: For my asterisk installation in my lab, I will install the Linux ES v4 distribution (with kernel 2.6) onto a Dell Power Edge 1650 with ~16GB of Raid-1 hard disk space. Before installing Linux, what should I set the following disk partitions to?: (root)/ /boot swap /usr /home /tmp /var The Dell boot up disk (i.e. the Dell OpenManage disk, Configure Hard Drive section), shows this as the default: (root)/ 1024MB /boot 100MB swap 2048MB /usr 5726MB /home 3547MB /tmp 512MB /var 512MB Do you think I should do something like this? (root)/ 512MB /boot 100MB swap 2048MB /usr 1MB /home 2282MB /tmp 256MB /var 2057MB Thanks. Tom Yahoo! Shopping Find Great Deals on Holiday Gifts at Yahoo! Shopping ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Linux Partitions (before asterisk install)
Johnny Voice wrote: For my asterisk installation in my lab, I will install the Linux ES v4 distribution (with kernel 2.6) onto a Dell Power Edge 1650 with ~16GB of Raid-1 hard disk space. Before installing Linux, what should I set the following disk partitions to?: (root)/ /boot swap /usr /home /tmp /var The Dell boot up disk (i.e. the Dell OpenManage disk, Configure Hard Drive section), shows this as the default: (root)/ 1024MB /boot 100MB swap 2048MB /usr 5726MB /home 3547MB /tmp 512MB /var 512MB Do you think I should do something like this? (root)/ 512MB /boot 100MB swap 2048MB /usr 1MB /home 2282MB /tmp 256MB /var 2057MB Thanks. Tom Tom, For an Asterisk server, /var will grow the most (by default). You should make that your largest partition, or use symlinks or some other way to change the things that make /var grow (voicemail, CDR's, etc). -- Kristian Kielhofner ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Linux Partitions (before asterisk install)
On Mon, 2005-12-12 at 13:54 -0600, Kristian Kielhofner wrote: Johnny Voice wrote: For my asterisk installation in my lab, I will install the Linux ES v4 distribution (with kernel 2.6) onto a Dell Power Edge 1650 with ~16GB of Raid-1 hard disk space. Before installing Linux, what should I set the following disk partitions to?: (root)/ /boot swap /usr /home /tmp /var The Dell boot up disk (i.e. the Dell OpenManage disk, Configure Hard Drive section), shows this as the default: (root)/ 1024MB /boot 100MB swap 2048MB /usr 5726MB /home 3547MB /tmp 512MB /var 512MB Do you think I should do something like this? (root)/ 512MB /boot 100MB swap 2048MB /usr 1MB /home 2282MB /tmp 256MB /var 2057MB Thanks. Tom Tom, For an Asterisk server, /var will grow the most (by default). You should make that your largest partition, or use symlinks or some other way to change the things that make /var grow (voicemail, CDR's, etc). If you need 5Gb on /usr then you're installing an awful lot of things you don't need. Don't see why you need to allocate anything to /home itself. You don't need a gig for / either, your adjustments look better. This is one of my * boxes running RHEL4 :- FilesystemSize Used Avail Use% Mounted on /dev/sda8 487M 231M 231M 51% / /dev/sda1 99M 17M 78M 18% /boot none506M 0 506M 0% /dev/shm /dev/sda7 487M 11M 451M 3% /tmp /dev/sda2 4.9G 2.1G 2.5G 46% /usr /dev/sda6 487M 107M 355M 24% /var /dev/mapper/vg001-lvlog 2G 19M 1.9G 1% /var/log /dev/mapper/vg001-lvast 20G 1.1GM 18.9G 6% /var/spool/asterisk This box actually has a lot installed that isn't required, but as you can see you don't need that much space for usr etc. I used LVM for the partitions likely to grow so I can always allocate more space to them if I need to at a future date. Rgds Pete ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users