Re: [vox-tech] Before I do this...
OK, thanks. I work with a lot of different distribution releases and like to put all the distribution-specific stuff in one partition, and things like /home and /opt and /tmp elsewhere. Since /var is more or less distribution-specific I tend to leave it in the root filesystem for my own use. It's just a convenience thing. Cheers, -- Rod http://www.sunsetsystems.com/ On Monday 25 March 2002 13:34, Rusty Minden wrote: > It is not hard to fill a computer with a load of crap. When a partition > is filled you can not do much with it until you get rid of the crap that > has it filled like core dumps or like a recent problem a program taking > up allot of space. Partitioning a hard drive for proper use is easy and > results in more security. I go a little overboard, but I like it that > way. I have /var separate / separate /usr separate /opt separate (I use > SuSE) /home serpate (making upgrades nice I usually do not loose data > when upgrading or even when trying out a new distro like Mandrake 8.2 > (IMHO a real dog). I also keep a partition /local that I have all of my > iso's for the IF in. > > Beyond that I have read several times to do it so I do. I have done so > since my second install and have not been unhappy with this decision. I > have had an instance when /var was filled and I could not mount it. So I > mounted it manually and removed a few of the backup files in /var that > SuSE put there and I was off and running again in no time. > > Rusty > > On Monday 25 March 2002 01:09 pm, you wrote: > > On Monday 25 March 2002 12:44, Rusty Minden wrote: > > > ... Is it partitioned properly IE is /var and / on separate > > > partitions this is a pet peeve of mine... > > > > I'm just curious to know why you feel so stongly about this. > > I've heard it before and tend to think it's a good idea, but > > never thought it was *that* big a deal. > > > > -- Rod > >http://www.sunsetsystems.com/ > > ___ > > vox-tech mailing list > > [EMAIL PROTECTED] > > http://lists.lugod.org/mailman/listinfo/vox-tech > > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
i'd have to agree with rusty on this. it's especially important for people with debian woody or sid. most of us upgrade our system multiple times a day. package updates get downloaded to /var/. after a few months of updating your system, all the cached packages can really eat up some hard drive. it's much nicer to see: apt-get: Not enough room to download requested packages. Try using apt-get clean to clear up some space. than to learn /var is full by getting "filesystem full" errors. also, we've seen loads of people on vox-tech whose (for whatever reason) logrotate daemon fails. perhaps they dual boot and aren't running anacron? i dunno. anyway, it doesn't create a HUGE problem (so i'd agree it's not crucial). but at least if /var is separate, you can use vim without getting pesky "can't open temp file for writing" errors. the only caveat for making /var its own partition is to make DAMN sure it's big enough. there's no worse feeling in the world than having a system with a /var that's too small. ok, a hyperbole to be sure, but i'm sure many of us here had the thought "i wish /var were bigger" at some point or another. it's especially important for people who are "X-drones". people who can't use linux if they don't have gnome or kde sapping up all their cpu. with a full /, their system won't even boot if the default runlevel is 5. and THAT'S a total bummer. :-) so: * having a separate /var can be very useful but not crucial * just make sure it's big enough pete begin Rusty Minden <[EMAIL PROTECTED]> > It is not hard to fill a computer with a load of crap. When a partition is > filled you can not do much with it until you get rid of the crap that has it > filled like core dumps or like a recent problem a program taking up allot of > space. Partitioning a hard drive for proper use is easy and results in more > security. I go a little overboard, but I like it that way. I have /var > separate / separate /usr separate /opt separate (I use SuSE) /home serpate > (making upgrades nice I usually do not loose data when upgrading or even when > trying out a new distro like Mandrake 8.2 (IMHO a real dog). I also keep a > partition /local that I have all of my iso's for the IF in. > > Beyond that I have read several times to do it so I do. I have done so since > my second install and have not been unhappy with this decision. I have had an > instance when /var was filled and I could not mount it. So I mounted it > manually and removed a few of the backup files in /var that SuSE put there > and I was off and running again in no time. > > Rusty > > On Monday 25 March 2002 01:09 pm, you wrote: > > On Monday 25 March 2002 12:44, Rusty Minden wrote: > > > ... Is it partitioned properly IE is /var and / on separate > > > partitions this is a pet peeve of mine... > > > > I'm just curious to know why you feel so stongly about this. > > I've heard it before and tend to think it's a good idea, but > > never thought it was *that* big a deal. > > > > -- Rod > >http://www.sunsetsystems.com/ > > ___ > > vox-tech mailing list > > [EMAIL PROTECTED] > > http://lists.lugod.org/mailman/listinfo/vox-tech > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
It is not hard to fill a computer with a load of crap. When a partition is filled you can not do much with it until you get rid of the crap that has it filled like core dumps or like a recent problem a program taking up allot of space. Partitioning a hard drive for proper use is easy and results in more security. I go a little overboard, but I like it that way. I have /var separate / separate /usr separate /opt separate (I use SuSE) /home serpate (making upgrades nice I usually do not loose data when upgrading or even when trying out a new distro like Mandrake 8.2 (IMHO a real dog). I also keep a partition /local that I have all of my iso's for the IF in. Beyond that I have read several times to do it so I do. I have done so since my second install and have not been unhappy with this decision. I have had an instance when /var was filled and I could not mount it. So I mounted it manually and removed a few of the backup files in /var that SuSE put there and I was off and running again in no time. Rusty On Monday 25 March 2002 01:09 pm, you wrote: > On Monday 25 March 2002 12:44, Rusty Minden wrote: > > ... Is it partitioned properly IE is /var and / on separate > > partitions this is a pet peeve of mine... > > I'm just curious to know why you feel so stongly about this. > I've heard it before and tend to think it's a good idea, but > never thought it was *that* big a deal. > > -- Rod >http://www.sunsetsystems.com/ > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
On Monday 25 March 2002 12:44, Rusty Minden wrote: > ... Is it partitioned properly IE is /var and / on separate > partitions this is a pet peeve of mine... I'm just curious to know why you feel so stongly about this. I've heard it before and tend to think it's a good idea, but never thought it was *that* big a deal. -- Rod http://www.sunsetsystems.com/ ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
begin Rusty Minden <[EMAIL PROTECTED]> > For what my limited advice is worth I would start by checking the install. Is > it partitioned properly IE is /var and / on separate partitions this is a pet > peeve of mine I like to start with proper partitioning, but that is only my > opinion. good advice, but i think you mean ie instead of IE, which could be interpreted as something else. ;) > Check your system for proper patches and keep it to a minimum. * actually, go hog wild on proper patches. don't stop installing them, and keep on installing them until you've installed ALL of them. :) * keep /functionality/ to a minimum (which is what rusty was saying). this is pretty standard stuff: don't enable cgi's or SSI unless you use them. don't load apache modules you won't use. many distros turn everything on but the kitchen sink by default. * disable directory browsing so people can't look at what files you have. * install portsentry, at least for a few months just so that you educate yourself on what nasty traffic you have. key point: DON'T FREAK OUT. you'll see lots of nasty stuff. mostly doorknob twisting that you really don't need to care about. but you should at *least* be aware of. once you have the ability to look at your portsentry logs and not want to vomit your breakfast all over your keyboard, then you can uninstall portsentry. * use a log reader. i use logcheck based on jeff's advice. it's pretty good, but i don't think the filtering works 100% as advertised. > The more > software you have installed the more can go wrong IE less is better than more > :-) Other than that keep good logs and check them monitor your traffic and > use programs like ntop to monitor your network flow and saint to look for > security holes like unused ports. * yes. use saint, or even better, nmap. saint is kind of over the hill and not maintained well. nmap is pretty much the defacto standard. * other things you CAN use are cops and tara (both very out of date). > You may also want to look into a good > security book. LUGOD has one that I donated a while back and I have "Hack > Proofing LINUX" by Syngress Press. I was impressed with it personally. Look > at http://www.nerdbooks.com for other good books Dave has a great book store. excellent advice. all the advice in the world can't equal reading a good book. and nerdbooks.com is the best place to go. they're linux friendly, lugod friendly and has an incredible assortment of books. security is a tug of war between a tight system vs convenience and time you want to spend thinking about security. no clear cut value of how much is enough. but i think everything i mention here is prolly more than enough for a home adsl user. also, go to the vox-tech archives and read about mark kim's hacking project he did for a class at ucdavis. imho, it's in the top 10 "best posts ever made to vox-tech". pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
For what my limited advice is worth I would start by checking the install. Is it partitioned properly IE is /var and / on separate partitions this is a pet peeve of mine I like to start with proper partitioning, but that is only my opinion. Make certain that you have the accessed files properly separated from the rest of your system and if you are accepting data from browsers check for overflows and such. Check your system for proper patches and keep it to a minimum. The more software you have installed the more can go wrong IE less is better than more :-) Other than that keep good logs and check them monitor your traffic and use programs like ntop to monitor your network flow and saint to look for security holes like unused ports. You may also want to look into a good security book. LUGOD has one that I donated a while back and I have "Hack Proofing LINUX" by Syngress Press. I was impressed with it personally. Look at http://www.nerdbooks.com for other good books Dave has a great book store. The last item keep backups. Do it offten and keep them for at least a few weeks cdr's are dirt cheep so don't shoot yourself in the foot by not backing up your system. Rusty On Monday 25 March 2002 10:09 am, you wrote: > Please forgive a network newbie. > > I would like to set up one of the computers in my house as a webserver > on port 8080. I already know how to configure Apache on the computer, > and the firewall on our router... But I also know that opening this > computer to port 8080 will expose it to security risks and that I should > take precautions on the computer in addition to the router. > > So... What precautions should I take on the computer that will be > hosting the website? > > For what it's worth, the computer in question is running RH7.2, and > Apache 1.3.22. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Before I do this...
Please forgive a network newbie. I would like to set up one of the computers in my house as a webserver on port 8080. I already know how to configure Apache on the computer, and the firewall on our router... But I also know that opening this computer to port 8080 will expose it to security risks and that I should take precautions on the computer in addition to the router. So... What precautions should I take on the computer that will be hosting the website? For what it's worth, the computer in question is running RH7.2, and Apache 1.3.22. -- Sliante, Richard S. Crawford mailto:[EMAIL PROTECTED] http://www.mossroot.com AIM: Buffalo2K ICQ: 11646404 Yahoo!: rscrawford MSN: [EMAIL PROTECTED] "It is only with the heart that we see rightly; what is essential is invisible to the eye." --Antoine de Saint Exupery ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech