|
[Original]
[Print]
[Top]
|
What would be a good starting point for turning a sub-GHz PC into an
internet appliance? I'd like to host a couple of low-traffic websites,
distribute incoming mail, and provide router, firewall, proxy, and
shared storage for Win/Mac/linux clients.
First priority would be security, then stability, followed closely by
ease of configuration and maintenance. I'd rate my own skill level as
extremely HW-savvy but a *ix-newbie.
--
Gordon S. Hlavenka http://www.crashelectronics.com
If your teacher tells you to Question Authority
Should you do it?
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
On Sun, 18 Sep 2005 05:27:32 GMT, Gordon S. Hlavenka wrote:
What would be a good starting point for turning a sub-GHz PC into an
internet appliance? I'd like to host a couple of low-traffic websites,
distribute incoming mail, and provide router, firewall, proxy, and
shared storage for Win/Mac/linux clients.
First priority would be security, then stability, followed closely by
ease of configuration and maintenance. I'd rate my own skill level as
extremely HW-savvy but a *ix-newbie.
Any of the major distributions have all the above as far as services go.
http://distrowatch.com/ has links to distro's vendor's webpage.
You need to put 256 meg or more of memory to make the box perform well
for what you indicated.
For easy setup/install, I suggest Mandriva. You can install webmin and
manage just about everyting. Example package selection screen seen at
http://doc.mandrivalinux.com/MandrivaLinux...sePackages.html
As an *oh, by the way*, your firewall _appliance_ should only have
minumin services, not websites, incoming mail, proxy, and
shared storage. :(
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Gordon S. Hlavenka wrote:
What would be a good starting point for turning a sub-GHz PC into an
internet appliance? I'd like to host a couple of low-traffic websites,
distribute incoming mail, and provide router, firewall, proxy, and
shared storage for Win/Mac/linux clients.
First priority would be security, then stability, followed closely by
ease of configuration and maintenance. I'd rate my own skill level as
extremely HW-savvy but a *ix-newbie.
FYI/FWIW: I have been running an old-ish P3-500 w/ 256MB RAM as L-AMP
web (Apache 1.33, PHP5) ftp (vsftp), file server (samba) without
problems. Maybe the fact I use SCSI disks helps its performance as such,
but I was surprised to find how little resources are used. So your [1GHz
box should do just fine.
I chose Apache 1.33 and not 2.x as there *MAY* be issues wrt threaded
operation in combination with some PHP5 extensions. (Of course you could
always run 2.x in prefork mode as well). I also installed modsecurity
(www.modsecurity.org) as part of the Apache setup.
Personally I'm happy with SuSE (9.2 Pro) but there are several flavours
available. I suggest you start off with the firewalling before making it
available to the public.
http://iptables-tutorial.frozentux.net/ipt...s-tutorial.html has an
extensive tut on using iptables.
BTW, I did not use ANY of the above packages like they were installed by
the SuSE setup. I compiled/built all of them manually
Chrooting the different services may also be a good idea. The
www.securityfocus.com site has some good documents on setting up Apache,
PHP and MySql in a chroot environment.
I may be a bit overworried, but I think something like Tripwire or AIDE
may come in handy in case you need to check if your box has been
compromised. Tripwire isn't as simple to use as AIDE, but has a more
secure way of storing its information. If you stick with AIDE, writing
its information to a write-only media (CD?) may be a good thing.
To check your machine for rootkit attacks you may like to install
rootkithunter (www.rootkit.nl) and/or chkrootkit (www.chkrootkit.org)
The latter, "they say", seems to return false positives occasionally.
I bet different people will have as many different takes on this matter,
don't be afraid to form your own opinion based on all 'advice' you get.
Just my 2 cents.
Goodluck!
SH
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
In [8V6Xe.1869$D42.201@newssvr19.news.prodigy.com], Gordon S. Hlavenka wrote:
What would be a good starting point for turning a sub-GHz PC into an
internet appliance? I'd like to host a couple of low-traffic websites,
distribute incoming mail, and provide router, firewall, proxy, and
shared storage for Win/Mac/linux clients.
First priority would be security, then stability, followed closely by
ease of configuration and maintenance. I'd rate my own skill level as
extremely HW-savvy but a *ix-newbie.
My "starting point" wouldn't be Linux for that,
but FreeBSD.
Stability: Look at the longest uptimes on netcraft.com
By far, the majority are BSD's. Not a single Linux in
the top 50 (at 2005-09-18-19:00 EDT anyway).
http://uptime.netcraft.com/up/today/top.avg.html
Security: Your machine e-mails you every day with
system status, which includes several security data.
If you want to, you can update whatever is out of date
every night with a cron job that does cvsup and
portupgrade. In that case, your system is never more
than 24 hours from "current."
Maintenance: Uh... I guess I covered that in
security. In addition to the ports, there are
also pkg commands: pkg_fetch, pkg_add, pkg_delete,
etc.
Ease of Configuration: Well, FreeBSD may not have
some of the GUI tools that some of the Linux distros
have, so initially may not seem so newbie friendly as
far as setup and configuration goes, but mostly stuff
"just works."
For those things that don't "just work" there's the
HANDBOOK, which is something no Linux Distro has.
99% of your questions will be answered there...
http://www.freebsd.org/doc/en_US.ISO8859-1...book/index.html
(or /usr/share/doc/en/books/handbook/) if they're not
already answered in
http://www.freebsd.org/doc/en_US.ISO8859-1.../faq/index.html
(or /usr/share/doc/en/books/faq/)
BTW, as far as Linux goes, I also have a Xandros
3.01 machine for my wife, a Red Hat 6.2 machine for
some backward compatibility on an outdated camera,
and a Debian 3.1 machine for just messin' around.
The FreeBSD box is the slowest (750Mhz), yet is the
one I prefer to spend almost all my time on... It runs
servers and desktop.
|
|
|
[Original]
[Print]
[Top]
|
|
The content of this page is collected from Linux Forum, All copyrights and other associated rights are reserved by the original authors of the articles.