These are suggestions. I have set up some of what you are looking at doing at my business and be assured that a) it is secure b) it is stable. This takes in the assumption that your have updated your packages after install.
"Topics include items like:
What to install, what not to install
Partition suggestions
How to lock down the server during install and after install
How to overall, harden the Linux server."
For serving, you install the packages you need and only those. Any services that are running that have nothing to do with server functionality should be disabled. But that goes for any OS.. except one that I don't need to mention.
Partitioning usually consists of /boot, / , and SWAP. The rest are optional and based on what functions your server performs. If it is a fileserver, you give /home/samba/MyFiles a separate partition to keep it from disturbing other processes.
Locking down a server during or after install depends on what OS you are installing and what server processes you are bringing up. But if you enable only what you need, that is the major part of a lockdown. Linux was built secure from day 1... again, unlike other OS's I don't need to mention.
"Anyone have any suggestions or recommendations?
I should mention that I will be putting up the following type of servers:
Mail Server
Web Server
DNS Server
Samba PDC Server
Samba File server "
Before you do any of this, I recommend that you add one more server. A multinetwork firewall with intrusion detection and proxy caching. Mandkrake has a free one called ironically enough, MultiNetwork Firewall(MNF). Netmax also makes a nice comparable one for 300 bucks. This will be the iron between the internet and your lan. And I will tell you from experience, that nothing gets through it. The 100 Mbit proxy cache bursting and user ip tracking, bandwidth tracking, cpu monitoring, hacking attempt tracking is invaluable. The users get a kick out of loading a webpage, or doing 45 MB MS updates in seconds. Yes, I have MS clients at my place
. And it saves money cause you don't need as fat a pipe due to the cacheing.. Anyway, beyond that-
Mail Server-
http://www.opengroupware.org/ just released a MS Exchange mail server replacement. Something more costly but stable is Suse's openexchange server:
http://www.suse.com/us/business/prod...nge/index.html
If you don't want all those heavy IMAP features, you can use postfix or for a nice web interface with calendering, you can use squirrelmail(SMTP/POP/HTTP).
Web server- apache and all the fixins. Nothing really complex here. Every distribution has it installed by default. Although adding WebMin to configure the server remotely and graphically is nice.
DNS server- BIND services are includes by default on all OS's, but serving as a DNS host is a bitch to set up if you need to go more than 2 deep. This one will take more time to configure than the rest. Have a network guy handy for this. Seriously, I'm not a pussy. But, BIND is still something that scares me(Although I have multiple ISP's dual-homed and 40 WAN sites across the wilderness doing critical care)
Samba PDC server- Easy as pie to set up. Samba wants to assume it's the PDC anyway. It dislikes being a BDC. You will want to enable LDAP for permissions since it is the PDC. Again Webmin is your friend here. Btw, it's faster than MS PDC's in authentication. Lots faster.
Samba Fileserver- Permissions to file would be granted via your PDC's ldap user/groups. Also a simple server to set up. And again, it's faster than MS's sharing fileservices. Don't ask me why. It just is. Water's wet. The sky's blue. Samba is faster. Who gives a shit.
And so, that's what little sophomoric wisdom I can bestow on you. May God bless you and keep you. And as the sun gently sets in the west, I bid you a fond farewall.
Thor
