iCompaas Support

Profile Applicability:
 • Level 2

Description:
 The /var directory contains variable data files such as logs, spool files, and caches. Mounting /var on a separate partition isolates these frequently changing files from the root filesystem, enhancing system stability and security.

Rationale:
 Having /var on a separate partition limits the impact of disk space exhaustion or filesystem corruption to variable data only, preventing system crashes or denial of service. It also facilitates applying specific mount options and simplifies backup and recovery.

Impact:
 Pros:

• Isolates variable data from system files.
  

• Prevents /var from filling the root filesystem.
  

• Simplifies backup and recovery of variable data.
  

Cons:

• Requires additional partitioning and disk space.
  

• Misconfiguration could cause system or application failures.
  

Default Value:
 By default, /var is often part of the root filesystem and not a separate partition.

Pre-requisites:

• Root or sudo privileges to modify disk partitions and /etc/fstab.
  

• Backup of critical data before repartitioning.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check current mount points:
   

    mount | grep /var

2. Verify /var is mounted on a separate partition:
   

    findmnt /var

3. Check /etc/fstab for /var entry:
   

    grep /var /etc/fstab

   Expected output: /var should be listed as a separate mount point with appropriate options.

Implementation Plan:

Using Linux command line:

1. Create a separate partition or logical volume for /var (using tools like fdisk, lvcreate).
   

2. Format the new partition:
   

    mkfs.ext4 /dev/<partition>

3. Backup current /var contents:
   

    cp -a /var /var_backup

4. Mount the new partition temporarily:
   

    mount /dev/<partition> /mnt

5. Copy back the contents:
   

    cp -a /var_backup/* /mnt/

6. Modify /etc/fstab to mount the new partition at /var with secure options, for example:

7. /dev/<partition>  /var  ext4  defaults,nodev,nosuid,noexec  0  0

8. Unmount temporary mount:
   

    umount /mnt

   
   

9. Mount /var:
   

    mount /var

   
   

10. Verify mount and permissions.
    

Backout Plan:

Using Linux command line:

1. Remove or comment out the /var entry in /etc/fstab.
   

2. Unmount /var:
   

    umount /var

3. Restore original /var contents if needed:
   

    cp -a /var_backup/* /var/

4. Reboot system or remount root filesystem.
   

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• NIST SP 800-53 Revision 5 - SC-7