[SunHELP] Standards for OS installation
velociraptor at gmail.com
Tue Aug 24 15:50:40 CDT 2004
On Tue, 24 Aug 2004 15:55:24 -0400, Grindell, Joan M. <grindellj at sec.gov> wrote:
> Does anyone know of or have standards for OS installs. We are working in a
> contracting environment and need to come up with standards that can be used
> for our
> production boxes.
Depending on where your hosts will be located and what
their purposes are, consider referring to some of the hardening
docs that folks sent out over the last week for Solaris.
The full OEM install of Solaris has a lot of, for lack of a better
term, "kruft" in it that a server designed for a single purpose does
not need. Therefore, unless you have a single purpose in mind,
or these are general purpose servers you want to be alike for
ease of administration, I'd suggest analyzing your server types
and designing your package sets from there.
> There is a question about what to include under the root partition.
> Some folks favor separating out /var, /home and putting them in their own
> the main reason is protect against the root slice storage from being eaten
> up by users or logging applications.
> In addition, we are looking for recommendations as to what size
> partitions should be. Our disks are 72 gigs.
I prefer to split partitions out, myself. At a minimum, /var, /, and
/tmp; if you anticipate a lot of users doing work on the system,
you might want to separate out /var/tmp as well. Personally, I
also segregate off a partition for home directories as well as /usr.
I use /usr rather than /opt.
At a minimum, if I have the disk space, I slice up space:
/tmp 1GB (more if the machine has a lot of RAM or there
will be a lot of users using the system)
/var 2GB (preferrably 4GB)
Of course, these sorts of things are SA dependent--I would
venture to say it's dependent upon how you, as an individual
SA, have been burned. :-)
I also advise, never, ever, using slice 2 on the disk for anything
(for just that reason--been burned).
More information about the SunHELP