Partioning of disks on a UNIX platform can be a physical security issue. Older UNIX versions had a serious problem with the loss of a partition due to a physical error. For example, a sudden power loss may cause a mismatch between the file pointers (inodes) stored in memory and those already written to disk. Such a mismatch could cause the loss of some data on the partition. This risk is greatly mitigated with the new versions of the UNIX file systems. These file systems, such as ext3 in Linux, use journaling to make the recovery of damaged file systems more reliable. Journaling provides for a fast file system restart in the event of a system crash. By using database techniques, journaling can restore a file system in a matter of minutes, or even seconds, versus hours or days with non-journaled file systems. In addition to ext3, jfs, xfs, and reiserfs are also journaling file systems.
Even with journaling, data in a file system (partition) can be lost due to disk damage. One measure that can be taken to reduce this risk is to spread files (based on their use) across different partions. One partition should contain non-changing operating system files. This is usually the /usr directory. If this partition is lost due to some physical problem, the partion can readily be restored either from backup, or by re-installing the operation system. Because this partion will rarely change, incremental backups can be done quickly.
The directory /usr/local is one place under /usr where applications may install themselves. Even though this appears to be on the /usr partition, it can be mounted as a separate partition during the boot process. The most common way to do this is in the /etc/fstab with a line such as the following:
/dev/hda6 /usr/local ext3 defaults 1 2
It is advisable to put the /home directory on a separate partition. This partition holds the home directories of the users who can log in to the workstation. In many cases, these directories will hold configuration information for the individual users.
There should also be one or more partitions that hold the data that will be used by the organization or the particular workstation (referred to here as the /data directory). The advantage to having the data in a separate partition is that it can be backed up and restored separately. Also, when the UNIX operating system is upgraded, the /data directory can be brought forward without the need to copy it off and then back onto the workstation.
Consider directories that could grow very large and, as a result, cause a denial of service for the whole workstation. Typically, these are the /tmp and /var directories. These should each be put on a separate partition. If the /tmp or /var partition fills up, performance and operations may be impacted or impaired, but recovery will be simple. If, instead, the / directory is filled up (because /tmp was on the same partition) the operating system might hang and not be able to reboot without special procedures.
In this tutorial:
- UNIX and Linux Security
- Network and development tools
- UNIX/Linux as a poor target
- Open source issues
- Detecting hardware changes
- Disk partitioning
- Prepare for the eventual attack
- Controlling the Configuration
- Kernel configurations
- Kernel modules
- proc file system
- Operating UNIX Safely
- Uncommon services
- Processes controlling processes
- The chkconfig command
- Controlling users
- Encryption and certificates
- Hardening UNIX
- Packet filtering with iptables