Re: Which distro is best for me?

From: Davorin Vlahovic (A-Burn_at_fly.srk.fer.hr)
Date: 09/20/03 

Date: Sat, 20 Sep 2003 21:17:45 +0000 (UTC)

In article <Xns93FC9A9276D5Bboogie350NOSPAMyahoo@216.168.3.44>,
Jay "Boogieman" Edwards wrote:
> Hello all...

Hello ;)
 
> I am presently standing where most of you have inevitably stood before...
> I run 4 systems on a Home LAN and I'm sick of coming home from my 50
> hour/week job to discover scenarios like:
>
> "the computer's got another virus!"
> "the fileserver down again!"
> "The gameserver's down!"

Kewl ;)

<cut>

Here's how I'd do it. Get a PC, load it with...let's say debian or
slackware (they're not bloated, fairly techical, debian has a very
good package system which enables it to be updated easily). Keep those
poor windows machines for gaming ;)

Use that machine as your gateway, firewall, SMTP and APOP (or POP3)
server.

To the outside, open only SMTP, and redirect inbound traffic for the
game server just to ports required, and close everything else (of
course, use ESTABLISHED and RELATED states in netfilter). Of course,
you'll be using masquerading. This will keep you safe from worms.

For SMTP (mail server) use postfix (easily managed) + amavis (antivirus
for incoming mail) + spamassassin (guess what this does).
This will keep you safe from all those nasty mail viruses.
Oh, yes, learn how to use procmail. I guarantee nothing will pass
through this if correctly set (and updated regularly).
Fetch your mail with fetchmail, and have an account for everyone@home,
so they can collect the virus-and-spam-free mail off your Linux server.

To set up such a system, you have to learn how to adminster Linux. The
first thing you'll have to learn is how to use a text editor and know
the following files (you're a newbie, use jed, but I prefer vim):

Configuration file Where to get help

/etc/inetd.conf well, there's enough help in it
/etc/hosts man hosts
/etc/hosts.allow help included in the file
/etc/hosts.deny -||-
/etc/postfix/main.cf you'll get the instructions with source package

For POP2/POP3/APOP servers, you'll have to find the right directory and
the right file to set it up.

For iptables (this is user-space utility to manage netfilter system in
the Linux kernel), you'll have to write your own script, so I'll advise you
to learn how to write your own shell scripts.

To check for open ports, use nmap (www.insecure.org), and to check the
net from outside, go to http://www.grc.com and find the shields up or
something like it to see if and which of your ports are open...

Of course, read sites that scream "HOLE FOUND!" ;))

For instance, the latest is in openssh, so a new one has to be installed
(3.7p1 is the latest).

BTW, *do* *not* *use* *sendmail* ! It is weird and buggy ;)

Don't install XFree86, you don't need it. The less systems you've got
up, the less is the chance something's gonna get wrong.

After you boot up, close everything you don't need in /etc/inetd.conf
(like time, echo, etc, leave smtp if it isn't a daemon started from a
script), place "ALL:ALL" in /etc/hosts.deny, "127.0.0.1: ALL" and
your local net IP, ie "192.168.1. : ALL" in /etc/hosts.allow (no, I'm
not missing a number after the dot).

When finished, get into /etc/sshd_config, and change it so it looks
something like this (ie, remove hashes, change "yes" to "no" and
vice-versa where I tell you to):

Port 22
Protocol 2
PermitRootLogin no
PasswordAuthentication yes
PermitEmptyPasswords no
X11Forwarding=no
Compression=yes

There. What doesn't look like this, change it to look like this ;)

I've probably missed a lot of this, but hey, it's 23.30 here ;)

**********************************************************************
*** *Welcome to Linux world!* ***
**********************************************************************
*** ***
*** If you've got questions, just ask here ;) ***
*** But first, check if the question was already answered. You ***
*** can do this on http://groups.google.com. ***
*** ***
********************************************************************** 

-- 
"The Justice Department has started investigations into the virus
monopoly by Microsoft."

Relevant Pages

  • Re: which linux? (not flame bait, thank you)
    ... > Portupgrade really helps with maintaining ports. ... I would like to have a little exposure to linux ... > keep my server and desktop running with the same versions, ... 'full' RH or SuSE install, but slightly behind the times, as is Debian, ...
    (freebsd-questions)
  • Re: Which distro is best for me?
    ... > slackware (they're not bloated, fairly techical, debian has a very ... > game server just to ports required, ... > To set up such a system, you have to learn how to adminster Linux. ... > something like it to see if and which of your ports are open... ...
    (alt.os.linux)
  • Re: sub-net issue with exchange
    ... subnet can not access share folder and his mailbox on the SBS server. ... 1.Please let me know what's the function about the two linux machine. ... Service overview and network port requirements for the Windows Server systemhttp://support.microsoft.com/kb/832017/en-us ... Application protocol Protocol Ports ...
    (microsoft.public.windows.server.sbs)
  • Re: How to ftp data from linux machine
    ... this is a linux question after the windows ... > lock down some ports and accidentally closed ALL the ports. ... > longer gain access to my server. ...
    (comp.os.linux.misc)
  • Selling LinuxCBT Redhat edition training cource .It is 75 hours/375 Videos on 10Cds training solut
    ... LinuxCBT is a unique and revolutionary approach to teaching the Linux ... outlets and other CBTs do not; real RedHat Linux skills! ... LinuxCBT includes both Client Management and Server Management ... Planning the installation - identify software, ...
    (linux.redhat)