[geeks] Solaris resiliency to crashing w/full root partition?

D.A. Muran-de Assereto dmuran at tuad.org
Wed Sep 28 19:28:58 CDT 2005


On Wed, 28 Sep 2005 16:11:15 -0400, velociraptor wrote
> I'm dealing with the annual IG audit here...
> 
> We have been dinged on / containing /var.
> 
> Given that / is 10GB it seems kind of specious (and
> no mail, web logs elsewhere, &c), but I need some
> "expert" spin to augment my argument.
> 
> Anyone have any references to Solaris's resiliency to
> crashing due to a full root partitions?  Googling is not
> being all that helpful. Even Sun marketing foo would
> be a start.
> 
> TIA--
> =Nadine=
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks

Speaking as a security engineer for the US Navy, government systems in general
are supposed to have "audit data" like system logs kept on a separate
partition from anything else. In Solaris, we encourage the use of a separate
/var partition and a separate /var/audit partition if c2 auditing is enabled
(which we also require). The relevant guidance depends on what environment
you're running in and what agency does your system security certifications. If
you'd like more info, email me off-list, since this could get lengthy.

Dave

***********************
Aude Sapere!
Carpe Scientia!
***********************



More information about the geeks mailing list