[clug] Distro advice for server

Daniel Black daniel.subs at internode.on.net
Tue Jun 6 08:06:20 GMT 2006


> Here are some details that might affect the distro choice:

I'm going to do a shameless plug for Gentoo. Disclosure of interest I am a 
package maintainer because I just liked the way they did things.

> 1) It is a dual opteron machine with 8GB ram etc, h/w raid 6 controller
> (areca 1220 pci express) and lots of hdd space.. I want to run vserver on
> it, so that I can give virtual servers to various people. It has a tyan
> "lights out" card, but I think this is non-distro specific.

I'd assume so too.

>
> 2) I want to run in 64bit, but be able execute 32bit if needed.
>
64 bit it is. http://www.gentoo.org/proj/en/base/amd64/index.xml
(with 32 bit userland if really needed)

> 3) It will be mail /
http://www.gentoo.org/doc/en/virt-mail-howto.xml
http://www.gentoo.org/doc/en/mailfilter-guide.xml
http://www.gentoo.org/doc/en/qmail-howto.xml

> web / 

Has some nice features for installing webapps without maintaining numerous 
copies.

http://gentoo-wiki.com/Apache2_Install

http://www.gentoo.org/proj/en/webapps/index.xml

> CMS /
http://gentoo-wiki.com/HOWTO_Dragonfly_CMS_(Content_Management_System)

From http://packages.gentoo.org/search/?sstring=CMS
http://packages.gentoo.org/packages/?category=net-zope;name=silva
http://packages.gentoo.org/packages/?category=www-apps;name=mambo
http://packages.gentoo.org/packages/?category=www-apps;name=wordpress

(amd64 not tested yet)
http://packages.gentoo.org/packages/?category=www-apps;name=dragonflycms 
http://packages.gentoo.org/packages/?category=www-apps;name=metadot

> DNS / 

http://gentoo-wiki.com/HOWTO_Setup_a_DNS_Server_with_DJBDNS

> rsync /

Gentoo is distributed via Rsync. 
http://devmanual.gentoo.org/general-concepts/cvs-to-rsync/index.html

> vserver     
http://www.gentoo.org/doc/en/vserver-howto.xml
http://gentoo-wiki.com/HOWTO_Linux_Virtual_Hosting_Server

> / subversion etc  

http://gentoo-wiki.com/HOWTO_Subversion
> type server.



>
> 4) I guess I want some sort of "hardened" type security on it, not sure if
> SELinux is the way to go

http://www.gentoo.org/proj/en/hardened/selinux/
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml
policies exist for most server packages.

> (or perhaps RSBAC, 
http://www.gentoo.org/proj/en/hardened/rsbac/index.xml

> grsecurity and PaX etc), nor  

This bit is very actively maintained.
http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
http://pax.grsecurity.net/. Gentoo I think still is the primary integration 
platform for PaX.

http://www.gentoo.org/proj/en/hardened/grsecurity.xml

I think there are vserver conflicts with Grsec so watchout there. There are at 
least different kernels.

> how "easy" it is to configure on the various distros. (Do people bother
> with this sort of thing?)

Grsec/PAX is the great protection against zeroday buffer overflows and heap 
overflow. It also hides a lot of info (addresses) so it makes exploitation 
that much harder. Watch out for the vserver conflicts though

>
> I have been playing with Ubuntu but confess I'm an Ubuntu noob.
> The distros that cross my mind are:
> RedHat EL
> CentOS
> Fedora Core
> Debian Unstable (no AMD64 on Sarge)
> Ubuntu Server
> Gentoo (custom built and managed)
>
> Any suggestions?
>
> Thanks a bunch!
> Chris

Other things to consider are support lists, irc help, forums.

Further questions welcome.

-- 

Daniel Black
--
Proudly a Gentoo Linux User.
Gnu-PG/PGP signed and encrypted email preferred
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9E0C7E3B
GPG Signature 15AB 91B4 9896 A81A 4976 8C51 6E0A 9607 9E0C 7E3B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20060606/571ad307/attachment.bin


More information about the linux mailing list