I want to manually install Rocky Linux Server with the: DISA STIG for Rocky Linux 8.
It will be installed on a virtual machine (Virtual Box) with the bellow specifications:
- Disk space: 65GB total (fixed)
- RAM Memory: 2GB total
What types, sizes etc of disk partitions should i create?
Thanks in advance.
You can use the installer to “view” the partition sizes, and then you can always cancel if you don’t like what you see. The server will be somewhat constrained with your spec, and you won’t have much room to expand.
Once you start the installer select “Installation Destination”, select “Custom” and then “Done”, and then select “create them automatically”, which will show you a list of partitions and sizes (with reasonable defaults). /boot/efi, /boot, /, swap, /home.
Be careful with /home, as it will stretch the end of the disk, and you can’t shrink it later. If you had bigger disks you could make /home smaller, and then create a new physical volume, volume group, logical volume in the free space called something like /data. That way you can keep things like databases and web content outside of /var or /home.
The default filesystem is XFS. One can’t shrink XFS. However, on you can change the filesystem type in the installer. I still use primarily ext4, which can shrink.
Hey thanks for the reply,
my question/request is a guide about manual partitioning, like what type of format, size, directories should i create etc… with the DISA STIG for Rocky Linux 8 in mind. ( One example is that i found on the internet that some say to create /swap size with the exact amount of my RAM memory and some say with the half of it).
The purpose of this server is to create a basic web host for test purposes with the bellow installed:
I use the following for cpanel servers, which is basically a prebuilt LAMP server; which just users apache rather than nginx:
xfs on lvm
/boot 1024 MB
/TMP 1024 MB
I just use what was recommended for SWAP, for 7 (Chapter 15. Swap Space Red Hat Enterprise Linux 7 | Red Hat Customer Portal)
/ The rest.
The values provided by the installer are worth looking at, as they make an intelligent guess, and are what you’d expect to see on a RHEL enterprise server.
DISA STIG just mandates a separate /tmp partition. There are other security benchmarks which are more demanding in that regard. The CISecurity Benchmark for example wants
see CIS Red Hat Linux Benchmark
additional partitions for application data can make sense, e.g. separate partitions for application data or logs.
Appendix B. Partitioning reference Red Hat Enterprise Linux 8 | Red Hat Customer Portal notes that
/var are critical for boot and them being separate partitions makes things more complex. They also note that some security policies do require the separation.
Cloud provider that I have used has (OpenStack) image that creates only one partition,
/ for the system volume. No /boot, no swap. One can attach and mount additional (data) volumes and one can create swapfile, if necessary. Obviously, security policies are not in general use among their clients, i.e. such default image is ok.
Apart from security policy, there is matter of convenience. If you need to reinstall, then what do you need to rewrite and what should be kept? (User) data is what you definitely want to keep; it is unique and thus valuable. OS files are reproducible. Configuration depends on OS files, but is unique; should be deployable. On bare metal it makes sense to separate the data to partition that reinstall will not touch. On VM … perhaps it is “cheaper” to create new instance and “restore” data to it? (E.g. if OS is in “system volume” and data on attached volume, reattaching that data volume to new VM is “a restore” or “keep”?)
Hey thanks for your reply,
Does that mean that, when i create a new partition let’s say for example: /var/log/audit it will created with a predefined disk space?.
A ‘partition’ is a continuous set of sectors (LBAs) on disk. Partition table stores just indices of first and last sector. When you create a partition, you decide how many sectors, how much space, it will have.
A ‘filesystem’ is file data and metadata about those file objects. It is within sectors of a partition. (Technically, filesystem could be smaller than the partition, but then you have unallocated sectors.)
You mount a filesystem to some path.
The installer asks you for mount point (the path), size, and filesystem type (default is XFS). Then it creates partition of desired size, initializes a filesystem in it, and adds the mount instructions to