# Very first time with any unix, ? about slices/partitions



## sdad (Dec 16, 2010)

I have the extraordinary!!! Handbook on my toolbar but I have a question regarding setting up the partition and file structure that I haven't been able to reference in the Handbook.  The concept of slices cause this question to arise.  Can I span my installation across two computers, therefore 2 physical drives? Maybe after the initial install?   In the Linux world I can do this, but the slice seems to be a container that limits the partitions to a single drive? What I want to do, at least in partial explanation, is set up a pf firewall and store the log files on a separate "logging server".


----------



## DutchDaemon (Dec 16, 2010)

Then why not simply log over the network?


----------



## Beastie (Dec 16, 2010)

Slices and partitions are nothing but abstract subdivisions, just like directories in a way.
Unix filesystems have a single hierarchy on which everything else is grafted (mounted), including separate physical disks or network disks (cf. Samba/SMBFS, NFS).


----------



## sdad (Dec 16, 2010)

Mostly, because I'm trying to learn, not necessarily create the most practical production environment.  I am working very hard trying to ramp up on security and I need to "hands-on" as well as read.  I have been lead to believe that nfs is not the most bullet proof, so thought that if I could send data encrypted to its normal directory, but on a different server I could set up the pf app as a write only to the log, and do a read-write with a different user from the logging server.  Again, its not a "what for/ why question"  its a lab exercise, I want to learn how this stuff works.  I'm told BSD is about the best I can do for security, now I need to learn it and how to use it. Currently my label is STUPID, but I don't intend on staying that way.


----------



## sdad (Dec 16, 2010)

So Beastie, I should be able to, after the initial install go back, mount the logging server, create the /var/log in a partition on that server and then link the logging server's partition to the pf's filesystem.


----------



## UNIXgod (Dec 16, 2010)

READ THIS:

`% man [man]tuning(7)[/man]`


----------



## DutchDaemon (Dec 16, 2010)

There's also sysutils/fusefs-sshfs.


----------



## wblock@ (Dec 16, 2010)

sdad said:
			
		

> The concept of slices cause this question to arise.  Can I span my installation across two computers, therefore 2 physical drives? Maybe after the initial install?   In the Linux world I can do this,



Please provide specifics of how you would do that in Linux, and someone may be able to explain the way to do that in FreeBSD.  It's hard to tell whether you're talking about clustering or RAID or network filesystems or something else.



> but the slice seems to be a container that limits the partitions to a single drive?



A FreeBSD slice is just an MS-DOS partition.  Linux uses them, too.



> What I want to do, at least in partial explanation, is set up a pf firewall and store the log files on a separate "logging server".



Sounds like just a syslogd(8) server, nothing to do with disk setup at all.


----------



## sdad (Dec 16, 2010)

syslogd very well may be what is needed for the pf logging function, however, before I start asking about any of that I should read over how pf works a bit more thoroughly.  I don't want to waste a lot of folks time on something I can dig out of the pf how-tos.  I also have a parallel a study going on, that being oisf.  How the logging for that works is likewise a mystery to me at this point, but it is conceivable that oisf and pf have different logging algorithms.  Goal is to learn about the various ways of writing/reading across a network in a very secure way.  The separate harddrives would be but one alternative.


----------



## tingo (Dec 16, 2010)

@sdad: the whole point for storing (server) logs on a different server / storage system is so that nobody can tamper with the logs. If you mount a remote filesystem (from a log server) on the "target" server (the one you are worried that someone is possibly going to break into), then they would be able to modify the logs, or even (possibly) break into your log server as well. So, this is not necessarily a good idea from a security viewpoint.


----------



## sdad (Dec 17, 2010)

tingo, you make a valid point.  So how do people approach this issue? I do have an additional caveat, that is I am on 4G of hard drive.  Not a lot of room there to hold verbose logs. I suppose I could hang a scsi array off the back of the firewall, gonna be an array someplace, right? Solves storage issue.  What's really gnawing at me though is that this firewall I'm building is first line defense.  I don't have a firewall to hide the firewall behind. But, let me take a deep breathe and first learn how to best fix up my own yard before I extend into the next.  Let's keep the files local, and let me see how best to defend the files if left on the firewall chassis, not downstream somewhere.


----------



## Terry_Kennedy (Dec 17, 2010)

sdad said:
			
		

> tingo, you make a valid point.  So how do people approach this issue?


Even if you are logging to a remote system via a secure path, there are still security implications. An attacker who gets to your first system could flood log messages to your logging system, potentially causing a denial-of-service attack. You can't simply rate-limit messages to the logging system, as then the attacker might be able to do things without being detected, due to logging messages being dropped. Things were a lot simpler in the old days, when you could just hang a paper tape punch on the main system. :e


----------



## sdad (Dec 17, 2010)

Terry, One of the two test pieces I am messing around with is a internet router with a pf  output.  I limited the box to only that, I'd like to run the box as a daemon, once developed.  If I make the login very difficult then I severely limit the options left to the attacker if I also become restrictive on permissions.  If I run without anyone being logged in, making root a real pain to get at, and not allowing any file to run unless part of the router/pf, what other concerns might I have?  I already have denial attacks on my list.

Million things I'm trying to piece together all at once, my order of questions make no sense I suppose when looking in at them.


----------



## danbi (Dec 17, 2010)

Limit this thread to the slice/filesystem theme. There are way too many things about securing an system and it all depends on the specific goals you set, costs etc. The mission "I want a bulletproof system" is impossible. Do not waste time to dream about it.

There will always be bugs in any human developed software.


----------



## sdad (Dec 17, 2010)

Got it.  This thread should be closed.  I'll choose to ignore it.


----------



## DutchDaemon (Dec 17, 2010)

Maybe Thread 4108 can serve as additional inspiration.


----------

