Setting up a new Server. Need Advice

[devostyle]

I just built a server. Specs are:

Dual 900mhz Pentium III's
1gig of Ram
90gigs over 4 disk using raid 0+1

This is my situation. I would like to install some version of Linux as the OS. I plan to run web, dns, ftp, and email as well as file serving for my home network. First, I need to know what would be the best distribution of Linux to install on the server. I was planning on using Redhat, in fact I would rather use Redhat because I am very familiar with that distribution. But I dont know if that is the most secure distribution. Also, I really need advice on the biggest security issues of having a server on the internet these days. I have been reading through the forums here about people's servers being hacked. Its freaking me out. Is it really that hard to keep a server secure or is just about knowing what you are doing? Your advice is welcome.

 

[chenn]

Keeping a server secure is a problem. Especially if you plan to run so many services... To keep a server secure you need a minimal setup, meaning only recommended packages, no X-Window, multimedia and other useless crap. RedHat is a good choice but any Linux will do (!).
Search for articles about "Armoring Linux" or think about firewalls. I, personally speaking, do not think firewalls are highly recommended, as they are definetely NOT easy to configure. Use tcpserver instead (

http://cr.yp.to)

and ban inetd from your startup scripts!!
My servers run Linux, no firewalls, just port 80 (www) and 22 (ssh) open and have not been hacked (daily attempts...) yet. I use scanlogd (for addressing complaints about abuse...) , tripwire and apache+mod_ssl.

Good luck! regards
chenn

 

[rycamor]

If you are really concerned about security, you should get a book called "Hacking Exposed", by Joel Scambray.

I personally prefer FreeBSD for a server. FreeBSD is a little more difficult to configure sometimes, since it forces you to deal directly with configuration files instead of using any GUIs, but I consider that a strength when it comes to really knowing your system and how to secure it. If you browse

http://www.insecure.org,

you will see less vulnerabilities for the *BSDs that for the Linuxes.

My recommendation for a Linux that similarly forces you to work directly with the system: Slackware (also maybe Debian, but I have no experience with it)

 

[devostyle]

Rycamor,
I know what you mean by not using the GUI. In my opinion, you're not a true admin unless you can get a server completely running from the shell alone. That is why I am not installing X. I am pretty savvy when it comes to setting up the server as far as DNS, Web, NFS, etc. But I know there are security issues that go well beyond just being good at getting them setup. What are the major cracks in linux security is what I'm asking? I dread the idea of being hacked after all my hard work. Thanks for the link. I will check that out. Any other advice would be welcome. Thanks Guys.....

 

[Tardigrade]

One security advantage that Red Hat seems to have is that whenever there's a Security Advisory issued on a package Red Hat is usually the first to release a patch, sometimes by weeks.

 

[warmongr]

I agree with Rycamor above. Hotmail is run on FreeBSD servers, apache and mysql. What's that say for MS confidence in NT w/IIS. Not MS bashing here but here is my suggestion for your home network.

A linksys dsl/cable modem hub for 160.00 bucks. It has a firewall, DHCP server etc and 4 ports. The firewall is easy to use and you can direct packets bound for certain ports to certain machines behind the firewall.

yes you can install a linux box, configure it as a firewall and then play with IPChains' ultimately configurable (difficult, cumbersome) interface. The difficulty in running a server these days is that there are a million 11 thru 17 year old kids that are more computer savvy than most IT staffs. They have been born and bread on the internet and are emotionally cutoff from the world unless they have mIRC running on one screen and a port scanner on the other...


... Am I babbling. Sorry,

war...