[Soekris] Best way to install openbsd

Stuart Henderson stu at spacehopper.org
Tue Nov 7 20:14:32 UTC 2006 

On 2006/11/07 20:31, Bill Maas wrote:
> On Tue, 2006-11-07 at 12:33 +0000, Stuart Henderson wrote:
> 
> > You probably don't _need_ to worry about ramdisks unless you're writing
> > large files on a regular basis. Things like bind/openvpn/pf aren't really 
> > a problem (you might like to investigate syslogc if you want to have
> > openvpn logging turned up high enough for useful debugging but that's
> > not really likely to be a problem either).
> 
> I don't think file size is an issue here. The problem seems to be the

It is where you're rewriting a large file (see recent posts here
where RRD databases may have been part of the problem).

> max. no. of R/W cycles supported CF card, or the number of times that
> the same disk area can be written to. But I'm no technician, so correct
> me if I'm wrong. Anyway, I can imagein that a log rotating program does
> an excellent job at causing the same disk area to be written to over and
> over again, if the same disk blocks are allocated each time a log file
> is rotated and truncated. I don't know how OpenBSD handles free blocks
> lists.

This is os-independent, the controller on the CF does wear-levelling.
It doesn't matter which filesystem blocks are allocated they are spread
amongst the physical blocks on the card.

> Without a syslog server mounting an MFS onto /var has a fundamental flaw
> anyway: if the system crashes I would be interested in the logs from the
> last few seconds, not from two hours before the crash. And it's these
> final logs that will probably be taken down together with the machine.

In many cases that happens even with a syslog server (e.g. if the    
network goes down before the box). Of course the other possibility is
the network going down but the box staying alive in which case memory
buffer or MFS /var logging does help.

> Many documents refer to running a remote syslog server in combination
> with a read-only root fs, or mailing out the logs at regular intervals.

Another alternative is of course a printer - it would be significantly
more difficult for an attacker to erase his tracks :-)

More information about the Soekris-tech mailing list