Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Alibaba Cloud Linux 3
System Settings
Installing and Maintaining Software
Disk Partitioning
Disk Partitioning
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Disk Partitioning
2 Rules
To ensure separation and protection of data, there are top-level system directories which should be placed on their own physical partition or logical volume. The installer's default partitioning scheme creates separate logical volumes for
/
,
/boot
, and
swap
.
If starting with any of the default layouts, check the box to \"Review and modify partitioning.\" This allows for the easy creation of additional logical volumes inside the volume group already created, though it may require making
/
's logical volume smaller to create space. In general, using logical volumes is preferable to using partitions because they can be more easily adjusted later.
If creating a custom layout, create the partitions mentioned in the previous paragraph (which the installer will require anyway), as well as separate ones described in the following sections.
If a system has already been installed, and the default partitioning scheme was used, it is possible but nontrivial to modify it to create separate logical volumes for the directories listed above. The Logical Volume Manager (LVM) makes this possible. See the LVM HOWTO at
http://tldp.org/HOWTO/LVM-HOWTO/
for more detailed information on LVM.
Ensure /dev/shm is configured
Low Severity
The
/dev/shm
is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted) can access. If
/dev/shm
is not configured, tmpfs will be mounted to /dev/shm by systemd.
Ensure /srv Located On Separate Partition
Unknown Severity
If a file server (FTP, TFTP...) is hosted locally, create a separate partition for
/srv
at installation time (or migrate it later using LVM). If
/srv
will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at installation time, and the mountpoint can instead be configured later.