LAMP Production Server - Dell 2850
Alejandro Sanchez Marín
asmarin at us.es
Fri Sep 8 16:00:42 UTC 2006
Michael Hipp escribió:
>> From: "Alejandro Sanchez Marín" <asmarin at us.es>
>>
>> Logical drive 0: Put here / and swap partition if you need it.
>>
>> Logical drive 1: Use LVM to split RAID5 hardware into 3 partitions and
>> put here /var, /usr and /home partitions. About partition distribution....
>>
>> /home = 300 users * quota space for each one
>> /var= 70% of raid5 - /home
>> /usr= 30% of raid5 - /home
>>
>> Using LVM on your RAID5 you will say something like that (example from
>> linux RAID howto, dont see values like optimal for you....):
>>
>> # df -h
>> Filesystem Size Used Avail Use% Mounted on
>> /dev/md0 942M 419M 475M 47% /
>> /dev/vg0/backup 40G 1.3M 39G 1% /backup
>> /dev/vg0/amdata 496M 237M 233M 51% /var/lib/amanda
>> /dev/vg0/mirror 62G 56G 2.9G 96% /mnt/mirror
>> /dev/vg0/webroot 97M 6.5M 85M 8% /var/www
>> /dev/vg0/local 2.0G 458M 1.4G 24% /usr/local
>> /dev/vg0/netswap 3.0G 2.1G 1019M 67% /mnt/netswap
>>
>
> I noticed you're not using a separate /boot partition. Is this no longer considered best practice?
>
> Thanks,
> Michael
>
These example is not my actual configuration ;-D
Well, if you can put more security its a good option but if an attacker
WANTS to invade your system (not a script-kiddie...), a local exploit
and a kernel rootkit can be enough for destroy your defenses. For this
reason /boot on a single partition doesnt have add security.
But this sound grsecurity kernel patch...If you want a "ultraparanoid"
secure server, this is the way... :-P
Bye.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: asmarin.vcf
Type: text/x-vcard
Size: 416 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20060908/fa2ae427/attachment.vcf>
More information about the ubuntu-server
mailing list