I ran FreeBSD as workstation several years ago but never tried Slackware before. I heard Slackware being a stable and rigid OS. I would like to try it. Are tutorials re building servers, such as web, mysql, email, etc. on Slackware available
You may start with Slack Book. http://www.slackbook.org/
Go learn fdisk partitioning and it would greatly help. Just google for a howto since I've learned through a Red Hat specific book that I don't have now the copy. Though you can use the menu driven cfdisk. But I'm still comfortable with fdisk and it is not trivial using it - straight forward. Even the partitioning style in OpenBSD is quick and simply straight forward.
You will have no issue compiling any program with Slack because it has all the required librararies stored in the Unix way. Libraries are usually found in /usr/lib; /usr/local/lib and depending on how you compiled a program and that by default it will placed in /usr/local/appname/lib. Everytime you compiled a program, don't forget to add its shared library to the cache using ldconfig:
1. If the libraries are installed in /usr/lib or /usr/local/lib, simply run as root "ldconfig".
2. If it was installed using the default --prefix=/usr/local that would append after the appname's directory, do it this way:
# echo /usr/local/appname/lib >> /etc/ld.so.conf
# ldconfig -p |grep libname.so
The URL that I gave will work on Slackware with no show stopper, except maybe with the Postfix mysql queries on *.cf files that failed delevering the mails to respcetive mailboxes. The author modified the *.cf files and the previous one is the one that works. I have still that copy here in my server and in case you would need that, CONTACT ME
. This the reason why I'm presently reading on about this topic since I don't yet fully understand everything.
Here my apache build options.
The document root is as the usual /var/www/htdocs. You will need to first compile OpenSSL or just used the included package. But if you to stay fresh always, this how to to it after unpacking the source.
$ cd openssl-0.9.xa
$ ./config shared --prefix=/usr/local --openssldir=/usr/local/ssl
$ make test
# make install
# echo /usr/local/ssl/lib >> /etc/ld.so.conf
# mv /usr/bin/openssl /usr/bin/openssl.old
# ln -s /usr/local/bin/openssl /usr/bin
Try it now.
Then after the prompt just quit.
Note: Even using the feshest version of OpenSSL, you will still need to install the included package because that will prevent OpenSSH to work.
MySQL build options that were just adpapted and don't me about this since like you I'm still that expert.
CFLAGS="-O3 -mcpu=pentium4" CXX=gcc CXXFLAGS="-O3 -mcpu=pentium4 \
-felide-constructors -fno-exceptions -fno-rtti" \
But before compiling the above, create first your mysql user and here I'm following the OpenBSD pattern when it comes to daemon users names - that is with "_" characted at the start so I can easily tell that user as a daemon.
# groupadd _mysql
# useradd -c "MySQL Database Server" -d /var/lib/mysql -s /bin/bash -g _mysql _mysql
Then all the rest are on the HOWTO. Also upon completing everything, I'm replacing the login shell with /bin/false to disable it for security. I'm not seeing any related operational issue.
My ClamAV build options:
./configure --sysconfdir=/etc \
Then follow the howto how to configure ClamAV.
All the above is to help you start quickly as possible.
Slack rc configs and scripts are in /etc/rc.d/ and it has rc.modules to load hardware modules, rc.M to start apps in multi-user mode, rc.6 to shutdown processes on run level 6. These are just shell scripts and we you will not be lost. To enable a program to run on boot-up, simply add an execute bit like "chmod +x /etc/rc.d/rc.httpd". All network config file is in /etc/rc.d/rc.inet1.conf.
Then if you want a simple and highly secure gateway, just use OpenBSD for number of reasons that among others are:
1. easy and english-like syntax
2. stateful inspection
3. Protecting OS clients that poorly choses Initial Sequence Number (ISN) during intial TCP handshakes to prevent session hijacking.
5. spoofed TCP Syn flooding proxying to protect an internal internet server
6. packet normalization to protect internal intrusion detection devices against attacks
7. sessions & connections states tracking to prevent DoS and ssh dictionary attacks. No need for external programs or scripts to tho this.
8. internet load balancing and link redundancy or firewall clustering
7. Path-MTU discovery and windows traceroute facilitation by simply specifying unreach and echoreq as the only ICMP options and you won't be afraid to have ICMP in your box.
9. easy to configure IPSec site-to-site or for road warriors