Is there is a recommended way to increase the partition size?
Product Name
CIS Hardened Images® (AWS)
Product Version
All
Date
Sep 7, 2021
Problem
I would like to increase the partition size in my Linux Hardened Image, but I am worried it will compromise security recommendations in place. Do you have any guidance or best practices on how to increase partition size without compromising the controls in place (either technically or the spirit of the controls themselves)?
Solution
A part of CIS hardening is dedicating a separate partition for /var/log specifically the recommendation “Ensure separate partition exists for /var/log”. Keeping the default size for /var/log to 6gb helps keep costs low by ensuring the AMIs use as little Block Storage as possible. However, it can certainly be resized for the end user’s needs. Deleting/re-creating the partition is certainly a viable option, the main hardening in line is ensuring it is separate from the rest of the system to protect against resource exhaustion and to protect audit data. However, when the partition is created and mounted, the security context is also changed via SELinux with the chcon -t var_log_t /mnt command (Mounted the created partition at /mnt while building). Also, keep in mind being in accordance with the benchmark and also the noted impact of the recommendation.
Impact:
Resizing filesystems is a common activity in cloud-hosted servers. Separate filesystem partitions may prevent successful resizing, or may require the installation of additional tools solely for the purpose of resizing operations. The use of these additional tools may introduce their own security considerations.
Keywords; partition increase
Content by Label