My question is: How do I create the custom partitions required for a ‘secure’ setup?
I have an automatic setup server up and running 
The 24 hour startup / burn-in period will complete in 3 hours. HOWEVER I did notice that more specific partitioning is required for secure servers.
Thanks
swanlan
As far as ‘I’ recall, ‘custom’ partitioning during ‘manual’ installation has been going down the toilet, or disappearing altogether, for some time now (10+ years).
Using Kickstart and it’s partition/filesystem definition sections has been the only method that ‘I’ know of, to create whatever layout you’d want…
Thanks Lothar. I guess I have to learn Kickstart if I want to enable those security requirements as listed in the security program. The lack of a manual partitioning system feels like an oversight as I can’t be the only person who wants to create a more robust, more secure server.
swanlan
It also gives you complete control of what packages (or package ‘groups’) you want (or don’t want) installed…
The advantage of having a Kickstart environment (which is harder to setup the first time, than just periodically upgrading it with each new release) is that its ‘self-documenting’, and once you have the process configured, you can just rebuild a system ‘over and over’ without having to go thru that manual process of ‘selection’ each time…
If you get a Kickstart environment setup, or build from an Anaconda (host-config) file, here’s a snippet from my ‘standard’ O/S drive layout:
# EL 7.x (and greater) 'default' LVM software RAID disk layout
#
# Disk to install to. On SmartArray systems, this will be 'cciss/c0d0'. On
# IDE systems, it will be 'hda'. On SCSI/SATA systems, it will be 'sda'.
ignoredisk --only-use=sda
## <OSDISK_LAYOUT>
# System bootloader installation. The first disk in the driveorder should
# be the same disk as '--only-use' above
bootloader --location=mbr --driveorder=sda
# Clear the Master Boot Record
zerombr
# Clear all partitions and re-initialize for Linux (MSDOS) style partitions
clearpart --all --initlabel
##
## 'Fixed' partitioning for first 'primary'
## partitions. Extended partitons and LVM area dynamically created to
## fit size of physical drive device.
part /boot --fstype=ext4 --ondisk=sda --label=/boot --size=512
#
# These partitions will reside in an LVM area, using the rest of the
# drive space (regardless of size):
part pv.1 --fstype="lvmpv" --ondisk=sda --size=16384 --grow
volgroup osdisk_vg --pesize=32768 pv.1
logvol / --fstype=ext4 --name=root_lv --vgname=osdisk_vg --size=8196
logvol swap --fstype=swap --name=swap_lv --vgname=osdisk_vg --size=16384
logvol /var --fstype=ext4 --name=var_lv --vgname=osdisk_vg --size=8192
logvol /tmp --fstype=ext4 --name=tmp_lv --vgname=osdisk_vg --size=2048
logvol /export/home --fstype=ext4 --name=home_lv --vgname=osdisk_vg --size=2048
logvol /opt --fstype=ext4 --name=opt_lv --vgname=osdisk_vg --size=4096
##
I am confused by this post. Are you talking about the GUI installer doing a manual install? Separate var home and tmp partitions is easy using the GUI installer. Instead of automatic partitioning just choose manual. You must be talking about something else?
I am trying to partition for a ‘secure’ setup. I need to have many more separate partitions - something I have not yet managed to accomplish. This is an answer to my request for information.