On Tue, Jun 21, 2016, at 10:47 AM, Gregory Edigarov wrote: > On 21.06.16 16:55, Kenneth Gober wrote: > > On Sun, Jun 19, 2016 at 5:56 AM, Sjöholm Per-Olov <p...@incedo.org> wrote: > >> Does anyone know if there exist any list of recommendations about how to > > make > >> an SSD disk to live as long as possible when using it for firewall purpose > > on > >> OpenBSD? > > I don't know of a list, aside from what you find in this thread and similar > > threads on this list from the past. > > > > My own first recommendation is not to worry about it. > > > > My second recommendation is: if you must worry about it, change as little > > as possible. you don't want to make updates difficult due to excessive > > customization. > > > > I am running OpenBSD 5.9 on an Internet-facing router, on Soekris hardware > > with > > 4GB mSATA SSD storage. My only concern about SSD durability relates to > > /var/log and the potential for Internet traffic to cause constant writes > > there. > > So I have made minimal changes to guard against that:
> > > well, but why not just settup syslogd to fan logs out to some other > server? > +1 this plan. IMHO logs should always be kept locally and separately on a centralized log server. You are much more likely to retain complete logs if the first one is compromised. Why keep logs locally if you are logging them remotely? Because if the box is compromised the attacker will see local logs and be less inclined to look for more logs elsewhere. (true, he would have to be a lazy attacker, but still...) But what we really need to do is STOP THIS STUPID MEME THAT SSD'S ARE UNRELIABLE. All disks should be looked at as unreliable and you make plans from there.
