[H-GEN] Fixes for excalibur's backup
russell-humbug at stuart.id.au
Mon Jul 13 19:42:10 EDT 2009
On Mon, 2009-07-13 at 18:40 -0400, Robert Brockway wrote:
> Do we want to remount the filesystem noatime? It offers a small
> performance advantage. A few apps dislike this however, but I don't think
> it should matter to us.
Nah. As I said, the backup should cope with this. There are other
issues besides - like directory modification times. These are things I
can fix easily enough now I am aware of it.
> This is standard for firewalls I setup so it got added by default when I
> loaded the ruleset. It's useful for diagnostics, tracking attacks, etc.
> It isn't essential but my preference is to retain it if we can.
We are writing 2.4M of log files per hour. Either it gets reduced, or
it isn't backed up. I am not sure how useful backing up syslog and
friends is. Anybody got some thoughts they would like to share?
My personal view is a small log file is a good log file. No one is
going to look at the 50M of log files we produce per day. That said, I
don't particularly care as I am not planning to look at them and the
machine seems to handle the load OK. The only issue is it too expensive
to back up.
> I'd rather not. There are better ways to deal with ssh attacks.
I am curious. How do these better ways make excalibur more secure?
> We can use fail2ban, which will raise a firewall in the face of an attack
> against ssh. In fact we _should_ use this anyway. I'll add it unless I
> hear howls of objection.
I don't particularly care one way or the other, although I am not a huge
fan of adding complexity for no good reason. These dictionary attacks
on ssh aren't a security issue as we don't allow password
More information about the General