Swappartition max size
Hi, sorry if this is not strictly security related, but it resulted from a (possible) security problem (server was trashed by an intruder or at least from the outside - that has to be investigated). The current max. swap partition can be 2GB. What is recommended to do when more ram is installed to hold the core dump? Enough partitions to meet the actual ram size? A link to where to search is enough. TIA mike
Hi,
sorry if this is not strictly security related, but it resulted from a (possible) security problem (server was trashed by an intruder or at least from the outside - that has to be investigated).
The current max. swap partition can be 2GB. What is recommended to do when more ram is installed to hold the core dump? Enough partitions to meet the actual ram size? A link to where to search is enough.
Uhhh. Well that depends on what you want to do. More swap never really hurts and disk space is literally dirt cheap now, so why not. Core dumps are typically dumped into the filesystem, not the swap partition, so I'm not sure I understand the exact question. One thing to keep in mind: less space makes forensics easier, but increases the chances something deleted will actually get overwritten (and be really gone) zero'ing free space once in a while will also make forensics easier, but also wipe anything deleted andmake it (basically) unrecoverable.
TIA
mike
-Kurt
Hi, sorry for wasting time and space. My work with other OS made me think I would find something in swap. I allready found something on "http://ldp.atnet.at/LDP/LG/issue67/tag/8.html" that I might find useful. I got interrupted by the crash call when installing SuSE, I will see the crashed machine in a couple of hours. Thank you, Kurt. Promising to first search and then ask mike On 27 Sep 2001, at 18:43, Kurt Seifried wrote:
Uhhh. Well that depends on what you want to do. More swap never really hurts and disk space is literally dirt cheap now, so why not. Core dumps are typically dumped into the filesystem, not the swap partition, so I'm not sure I understand the exact question. One thing to keep in mind:
less space makes forensics easier, but increases the chances something deleted will actually get overwritten (and be really gone) zero'ing free space once in a while will also make forensics easier, but also wipe anything deleted andmake it (basically) unrecoverable.
participants (2)
-
Kurt Seifried -
Thomas Michael Wanka