Re: Advice for setting up a file server

• Previous message: duterium_at_blueyonder.co.uk: "Protecting my data"
• In reply to: Stefan Goessling: "Advice for setting up a file server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 31 Mar 2004 09:28:08 -0500
To: Stefan Goessling <debian-user@lists.debian.org>

Stefan Goessling wrote:
> Hello List!
>
> I would very much appreciate any advice concerning the set-up of a Debian
> based file server. I have some experience in Debian desktops and laptops,
> but none so far with servers. My list of questions is long, I know, but
> any answer would help. Thank you!
>
> Best regards, Stefan (debian @ goessling . de)
>
> Questions:
>
> Which Debian version?

As others have said: Woody.

> Which packages should I use?

firewall -> shorewall
mailer -> postfix
lockdown -> bastille
intrusion detect -> integrit, tripwire, or aide
log monitoring -> logcheck

> Which security measures to take?

Read this FIRST:

http://www.debian.org/doc/manuals/securing-debian-howto/

If you are building the machine from scratch (it sounds
like you are) then it is much easier to install/configure
everything initially with security in mind. Trying to
rearrange stuff later is a pain.

Make sure to setup your partition scheme on paper ahead
of time. Give yourself double the room you think you will
need. You may also want to look into LVM for a more
flexible alternative.

> Which backup procedure is recommended?

If the backup host has sufficient disk space, then
systemimager. Assuming a harddrive failure (probably
the most common type of hardware failure) you can
restore the machine in the time it takes to replace
the defective drive, boot the machine and transfer the
image back over the network.

Systemimager also uses rsync (can be limited to rsync
tunelled over ssh, in the case of your unprotected
network) which makes the backup procedure very bandwidth
efficient after you have created the initial image.

> Any experiences/success stories in this field?

If your users will have lots of large files, use XFS.
If they will lots of small files, ReiserFS. A mix is
handled well by ext3.

Don't use NIS for user authentication. Take the time
and set up LDAP. I made the mistake of using NIS in my
lab (thankfully behind the university firewall) before
realizing that NIS sends everything in the clear.

Also, if at all possible, choose something other than
NFS for the network shares. I am not sure what the
alternatives are in this case (anyone else care to
comment). All I know is that NFS is a total bandwidth
whore. Even with only a few users, network traffic
slows down significantly. One of my buddies also used
NFS in another lab on campus, and the network traffic
is so bad (he has many more users than I) that he is
desperately seeking alternatives. We are both fortunate
in that our labs (mine and his) are on their own private
subnets, but if your traffic will be traversing the
bigger campus network, you may want to look at alternatives
as well.

> Are there pre-packaged distros (Debian based)?

Not for general purpose (like it sounds you need). If
you were doing only a firewall/router or webserver, then
there are a few out there.

>
> Here are the requirements/conditions:
>
> * Server must serve Windows clients (e.g. via samba) *and* Linux clients

This is easy to setup with SWAT (Samba Web Admin Tool).

> * Access also via secure channels (scp, sftp) from outside the local net

Again, no problem as long your university does not block
ports, which you said they don't.

> * 10+ users (2-6 concurrent) with around 2 GB file space each

What kind of hardware are you using?

> * Server runs 24h in an unprotected network (i.e. our university does not
> have any firewall or port blocking)

With good firewall/IDE this should not be a problem.

> * System will probably have 2 HDs (80 GB)

RAID or just two drives with stuff on them?

> * Second (rather old) machine available for backup service

Definitely a good call. Make sure it has sufficient disk space.
>
>

-Roberto Sanchez

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• application/pgp-signature attachment: OpenPGP digital signature

• Previous message: duterium_at_blueyonder.co.uk: "Protecting my data"
• In reply to: Stefan Goessling: "Advice for setting up a file server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Networking shares problem!! ... There is a network with about 5 PC's on it connected to a router. ... Most of the PC's are set to workgroup MSHOME, and one PC which acts as ... All the PC's can access the share on the file server called \ ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ... (microsoft.public.windowsxp.general) refusing connection ???? ... i have a small network at home and my file server ... services such as samba and webmin HTTP it refuses it yet i can ping my ... server on 192.168.0.7 is it the firewall? ... (Fedora) Re: securing single debian box against internet attacks ... > but as a firewall it is limited ... I need to protect my desktop debian box against attacks. ... What is the easiest way to harden it against network ... (comp.os.linux.security) RE: HOWTO make a server ... My Debian box provides DNS, Firewall, and NAT for my home network like I ... (Debian-User) newbie problems with mcafee firewall 3.0 ... i am running a small peer to peer network and just installed mcafee ... firewall 3.0 on the "file server." ... when the firewall is up on that computer ... (comp.security.firewalls)