Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I know for Windows servers, there are scanner programs that will scan a server to see if things are enabled that shouldn't be, if things are possibly misconfigured, etc based on what role you tell it the server will be.
For instance, if it's going to be a web server, it checks certain things, but if it's just supposed to be a file server, it checks for different things and reports back it's findings of what you may have configured wrong, didn't configure, or have running that you probably don't want/need (usually stuff enabled by default you didn't disable).
Are there any such tools like that for Linux? Still being a newbie as far as setting up servers from scratch, something like that could be a life saver for me.
Comparing deployment of windows and Linux in server mode roles is going to be difficult. Linux itself doesn't have restrictive licensing schemes: a machine can have multiple roles and none of them are tied to you having bought a particular per-connection, per-seat or per-CPU license. That also makes it harder to make distinctions. Linux also doesn't come with an overarching, unified API or framework to query or base rules for role-based checks on. So while on a lower level I doubt you will find distro-agnostic local system check tools that start by classifying server by its role Tiger may be of use (SARA is kind of old) or LSAT (usat on Sourceforge, kind of old too nowadays) and you might want to add Lynis to that. On top of that there's CVE checking with OpenSCAP and obviously distro-specific tools that say Debian or SuSE would provide. And while Nmap shouldn't be underestimated (not wrt scanning but because of its scripting capabilities) IMO network-based checks are easier to do using say OpenVAS (or Nessus) as you would select the services you would want to check anyway. Sure it still isn't the Holy "one click classify server by role" Grail starting point you're looking for but using saved profiles may make it manageable.
I guess my two main things would be for an ftp server and for just a straight up samba file server. Just looking for something to help aide me in my knowledge of what is enabled by default and what isn't. For instance, like I configured ntp on a server, then didn't realize for weeks that it wasn't set to run by default when a system is restarted, so that kinda scared me into thinking well what else is or isn't running on a server by default.
Cool, thanks Chris, I didn't realize you could do that to have it list everything. Now I just need to figure out what the ones I don't know are (which is most of them) and if they are truly needed, or if i turn them off what it will break.
Here's the output from that command from the server I just loaded, that will just be a samba file share server. If you guys notice anything that I obviously won't need that i could turn off, could you let me know, and also let me know why? Sadly I'm still way better at keeping existing servers running rather than loading new ones from scratch
1. you can use awk to cut that down to just the relevant runlevel info; I just wanted you to be aware of what info is available.
2.
Quote:
just be a samba file share server
You need to be very sure what you mean by that eg how are you going to maintain it ie remotely means you'll need ssh ...
I definitely recommend you check each service through google/man pages eg http://linux.die.net/man/
That being said, here are a few likely options you probably won't need
cups - printer
ip6tables - if you only use ipv4, stop this one
kdump - kernel core dump analysis; are you really going to use this?
multipathd - multiple paths to disks
nfs, nfslock - a different kind of unix disk share
webmin - are you using this or adminning from cli
ypbind - NIS centralised auth system
Its really is up to you though; only you know (or should ) what this system needs.
Thanks Chris. Yeah, the only ones that stuck out of me in that list that I probably wouldn't need are cups and ip6tables, but from your descriptions sounds like I wouldn't need the nfs and ypbind stuff either. and I hope I'd never have to use kdump haha
I know for Windows servers, there are scanner programs that will scan a server to see if things are enabled that shouldn't be, if things are possibly misconfigured, etc based on what role you tell it the server will be.
Qualys Quad -->FreeScan will perform a comprehensive scan your server and gives you the vulnerability of your server with retification remedy to be perform to overcome risk.
Last edited by jsaravana87; 02-20-2013 at 01:13 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.