I've installed redhat 6.2, and I really want /var on a totally different hard drive, inaccessible to pretty much anyone but root.. but /var is already on hda1.. how do I "move" it over to say.. hdc1? what steps do I do? http://www.linuxnewbie.org/ubb/smile.gif

I guess you move all the stuff in /var to where you want it to bee and then mount it as /var add a line in fstab to mount it automatic. This is just a guess...

Why not change permissions on it instead?

make a dir on the other partition of /var and then mount it in fstab and move all of your stuff. that should do it.

hmm okay.. i guess i knew how to do that.. let me try to explain what i'm trying to do, and maybe you can direct me in the right direction:

i'm trying to make it so if a 'cracker' gets into my box, i'll still have unmanipulated logfiles *somewhere*

someone had told me to just 'create a /var on another partition' - but it didn't really make sense to me..

what is the best way to do this? should i write a program that will ftp them to somewhere else? well a cracker could just look at that program to get the passwords (especially ftp).. i just can't think of a way to do this.. if i made it transfer the files to a whole diff. network segment, well, couldn't the cracker just figure this other segment out and track it down that way? any insights would be great http://www.linuxnewbie.org/ubb/smile.gif

~kyle

If you have another box (on a trusted network with the box in question), you can setup remote syslog logging. So that all logs are sent to the remote machine (which is very secure - and all it does is rotate the logs every day or so, compress them, and store them somewhere, like on a CD or a tape drive - read-only media is ideal for this). Make sure the hacker can't break into the log server though - I'd suggest running something like OpenBSD, with only 2 remote services: ssh (optional) and syslogd.

If you use syslog-ng, I think it supports encrypted connections (so you can send the logs over an insecure network, like the Internet, if you like).

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the BBB (http://bbb.sourceforge.net)

I don't think it's a good idea to put /var on another partition....

First of all, if a cracker hit your box and rooted it (somehow) then he would have access to /var no matter what you do. The only thing you could really do to increase the security of THAT would be like (klamath?) just suggested above: Remote logging. If its on your same computer, it wouldn't matter what hard drive it's on or the permissions; the only way to make it a real chore to get in there would be remote logging.

Besides, IIRC, /var is used as a container for some of the init scripts, so if you moved it to a different partition, you oould break your system or some parts of it- remember, LILO only mounts the / partition when it loads linux. I strongly recommend you keep /var on your / partition. There are other directories you shouldn't move for this reason, as well; directories like /dev, /bin, /sbin, and a few others (I believe /etc is one of them, but not sure).

------------------
grab my gnupg key (http://jove.prohosting.com/~msibn/sibn-p.asc) if you feel so inclined.


cAPS lOCK? wHAT cAPS lOCK?
I cna ytpe 300 wrods pre mniuet!!!