[SunHELP] Standards for OS installation

velociraptor velociraptor at gmail.com
Tue Aug 24 15:50:40 CDT 2004

On Tue, 24 Aug 2004 15:55:24 -0400, Grindell, Joan M. <grindellj at sec.gov> wrote:
> Does anyone know of or have standards for OS installs.  We are working in a
> contracting environment and need to come up with standards that can be used
> for our
> production boxes.

Depending on where your hosts will be located and what 
their purposes are, consider referring to some of the hardening 
docs that folks sent out over the last week for Solaris.

The full OEM install of Solaris has a lot of, for lack of a better 
term, "kruft" in it that a server designed for a single purpose does 
not need.  Therefore, unless you have a single purpose in mind,
or these are general purpose servers you want to be alike for 
ease of administration, I'd suggest analyzing your server types
and designing your package sets from there.
>     There is a question about what to include under the root partition.
> Some folks favor separating out /var, /home and putting them in their own
> slices.
> the main reason is protect against the root slice storage from being eaten
> up by users or logging applications.
>     In addition, we are looking for recommendations as to what size
> partitions should be.  Our disks are 72 gigs.

I prefer to split partitions out, myself.  At a minimum, /var, /, and 
/tmp; if you anticipate a lot of users doing work on the system,
you might want to separate out /var/tmp as well.  Personally, I
also segregate off a partition for home directories as well as /usr.
I use /usr rather than /opt.

At a minimum, if I have the disk space, I slice up space:

/ 1GB
/tmp 1GB (more if the machine has a lot of RAM or there 
  will be a lot of users using the system)
/usr   4GB
/var   2GB (preferrably 4GB)

Of course, these sorts of things are SA dependent--I would 
venture to say it's dependent upon how you, as an individual
SA, have been burned. :-)

I also advise, never, ever, using slice 2 on the disk for anything
(for just that reason--been burned).


More information about the SunHELP mailing list