Server Rebuild


Recommended Posts

I run a Linux Debian Lenny server (even though it's in testing it was stable for me). Anyway i have decided i want to nuke it and redo the whole os install etc, as my servers full of usless crap that needs a cleanout etc.

Well anyway i was thinking of going right back to debian. unless someone can convince me otherwise.

The server is my home file server, home web testing server etc, and it's open to the web.

Things i do run on it are:

Apache, mysql5, php5, pureftp, samba, webmin, gnump3d, fireflymediaserver, ssh with no direct root login.

Anyway i am looking for something that will be secure and stable.

I am looking for a nice secure firewall maybe thats easy to understand, ability to support raid etc. I just need an overall secure kernel as well.

Link to comment
Share on other sites

whatever you do is never enough and its advisable to take security measures in steps. I would suggest you the following.

1) http://www.rfxnetworks.com/apf.php http://www.rfxnetworks.com/sim.php http://www.rfxnetworks.com/proj.php

2) recompile your kernel with http://www.grsecurity.net/ ( V .Advance)

3) remove all unwanted services,packages,tools, make sure your folders/files ownership are secure (cant really guide here, its vast)

4) feeling adventurous ,enable SE-Linux .

and I got guide here , old one when i was learning to be admin , its got nice tips too https://www.neowin.net/forum/index.php?showtopic=271716

Link to comment
Share on other sites

well as i could not edit my post im going to have to double post

I am going to try ubuntu 7.10 server edition.

Now is it worth using 64bit version? i only have 1gb ram.

Also does the server edition have GUI support

Link to comment
Share on other sites

You shouldn't be running a GUI of any sort on a server, it increases the attack vector and makes it less secure. If you want secure, you can always look at OpenBSD, which has only had 2 remote security holes in it's default install in 10 YEARS! PF is also a very nice firewall/queuing/forwarding/packet filtering system. You might also check out FreeBSD, that is a little easier to get used to than OpenBSD. Debain Etch is my distro that I use for my servers, it's pretty secure out of the box, and is also really easy to use.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.