Profile Applicability:
• Level 2
Description:
The /var/log directory stores system and application log files. Mounting /var/log on a separate partition isolates log data from other filesystems, enhancing system stability and simplifying log management.
Rationale:
Having /var/log on a separate partition prevents log files from consuming all available space on the root filesystem, which can cause system failures. It also facilitates applying specific mount options and improves log data security and integrity.
Impact:
Pros:
Prevents disk space exhaustion in the root filesystem due to log file growth.
Simplifies backup and restoration of log files.
Enables applying secure mount options specific to logs.
Cons:
Requires additional partitioning and disk space allocation.
Incorrect configuration could disrupt logging services.
Default Value:
By default, /var/log is usually part of the root filesystem and not a separate partition.
Pre-requisites:
Root or sudo privileges to modify disk partitions and /etc/fstab.
Backup of existing log data before repartitioning.
Remediation:
Test Plan:
Using Linux command line:
Check current mount points for /var/log:
mount | grep /var/log
Verify if /var/log is mounted on a separate partition:
findmnt /var/log
Check /etc/fstab for /var/log entry:
grep /var/log /etc/fstab
Expected output: /var/log should be listed as a separate mount point with appropriate options.
Implementation Plan:
Using Linux command line:
Create a separate partition or logical volume for /var/log.
Format the new partition:
mkfs.ext4 /dev/<partition>
Backup current /var/log contents:
cp -a /var/log /var/log_backup
Mount the new partition temporarily:
mount /dev/<partition> /mnt
Copy backup data back:
cp -a /var/log_backup/* /mnt/
Backout Plan:
Using Linux command line:
Remove or comment out /var/log entry from /etc/fstab.
Unmount /var/log:
umount /var/log
Restore backup if necessary:
cp -a /var/log_backup/* /var/log/
Reboot or remount root filesystem.
References:
CIS Amazon Linux 2 Benchmark v3.0.0