Differences

This shows you the differences between two versions of the page.

--- ubuntu:ram_disk:mount_logs_and_temporary_directories_in_ram [2025/05/21 08:26] – created peter
+++ ubuntu:ram_disk:mount_logs_and_temporary_directories_in_ram [2025/05/21 08:39] (current) – peter
@@ Line 9: / Line 9: @@
 To keep the system functional, the needed log directory structure is automatically created at startup, ensuring that applications expecting these directories will not fail and critical system services can still operate normally.
-The directories we’ll focus on include:
+The directories being focused on include:
   * **/tmp** – Used by applications for temporary files that often contain sensitive information.
   * **/var/tmp** – Similar to /tmp but usually preserved between reboots (this behavior will be changed).
   * **/var/log** – Contains system and application logs that can reveal user activity patterns and behavior.
+The Security and Privacy Benefits, include:
+  * **No Persistent Logs**: All activity records vanish completely after shutdown, leaving no forensic trail.
+  * **Reduced Disk Wear**: Fewer writes to SSD or HDD improve drive longevity, especially for SSDs with limited write cycles.
+  * **Performance Boost**: RAM is significantly faster than disk storage, improving system performance for temporary file operations.
+  * **Protection Against Data Recovery**: Even advanced forensic tools cannot recover data that was never written to disk.
 ----
@@ Line 48: / Line 56: @@
   * **size=512M** or **size=50M** – Limits the maximum amount of RAM each directory can use to prevent memory exhaustion.
   * **0 0** – Disables filesystem checking and backup operations as they’re unnecessary for tmpfs.
+The amount of RAM for /var/log can be increased as needed.
+  * Just ensure there is enough memory available.
+  * For systems with heavy logging, perhaps increase this from 50M to 100M or more.
+  * To see how much space is being used, monitor the RAM usage with: <code bash>df -h /var/log</code>
+  * if the system has limited RAM, allocating too much to tmpfs could lead to memory pressure.
+    * Start with conservative sizes and adjust based on the system resources and needs.
 </WRAP>
@@ Line 156: / Line 172: @@
 </code>
-<WRAP center round info 60%>
+<WRAP info>
 **NOTE:**  A system reboot is necessary to fully apply the tmpfs mounts defined in fstab.
@@ Line 166: / Line 182: @@
 ----
+===== Test the new configuration =====
+Verify that everything is working correctly.
+<code bash>
+mount | grep tmpfs
+ls -la /var/log
+df -h | grep tmpfs
+</code>
+<WRAP info>
+**NOTE:**  After rebooting, these commands will help to verify that this configuration is working properly.
+  * The first command confirms that the directories are indeed mounted as tmpfs filesystems.
+  * The second command shows that the log directory structure has been properly recreated by the new log-tmpfs-init service.
+  * The third command displays the size and usage of the tmpfs mounts, which allows the monitoring of memory usage and ensures the allocated sizes are appropriate for the system.
+</WRAP>
+----
+===== How to troubleshooting issues if all logs are cleared at reboot =====
+For troubleshooting specific issues, temporarily set up selective log persistence by creating a small script that copies important logs to a secure location before shutdown.
+  * Alternatively, temporarily disable the tmpfs mounts by commenting out the relevant lines in /etc/fstab and rebooting.
+----
+===== TAGS =====
+  * TAG: Administration
+  * TAG: Filesystem
+  * TAG: Privacy
+  * TAG: Scripting
+  * TAG: Security
+----