Server Rebuild

[tunafish]

I run a Linux Debian Lenny server (even though it's in testing it was stable for me). Anyway i have decided i want to nuke it and redo the whole os install etc, as my servers full of usless crap that needs a cleanout etc.

Well anyway i was thinking of going right back to debian. unless someone can convince me otherwise.

The server is my home file server, home web testing server etc, and it's open to the web.

Things i do run on it are:

Apache, mysql5, php5, pureftp, samba, webmin, gnump3d, fireflymediaserver, ssh with no direct root login.

Anyway i am looking for something that will be secure and stable.

I am looking for a nice secure firewall maybe thats easy to understand, ability to support raid etc. I just need an overall secure kernel as well.

[kyro]

well, why not go for Centos5 ? I would recommend that. and regarding raid, its software raid? or hardware raid? what card.

[tunafish]

i would presume its going to have to be software raid as i dont have a raid card in server

[kyro]

okay, software raid, wont be problem.

[tunafish]

whats a good security program and settings to use etc?

[kyro]

whatever you do is never enough and its advisable to take security measures in steps. I would suggest you the following.

1) http://www.rfxnetworks.com/apf.php http://www.rfxnetworks.com/sim.php http://www.rfxnetworks.com/proj.php

2) recompile your kernel with http://www.grsecurity.net/ ( V .Advance)

3) remove all unwanted services,packages,tools, make sure your folders/files ownership are secure (cant really guide here, its vast)

4) feeling adventurous ,enable SE-Linux .

and I got guide here , old one when i was learning to be admin , its got nice tips too https://www.neowin.net/forum/index.php?showtopic=271716

[tunafish]

Thanks for that

I may end up going back to debian lenny

However what about fedora or centos?

[tunafish]

well as i could not edit my post im going to have to double post

I am going to try ubuntu 7.10 server edition.

Now is it worth using 64bit version? i only have 1gb ram.

Also does the server edition have GUI support

[Vinno]

64bit version is fine, you shouldnt run into any problems.

[pdog]

You shouldn't be running a GUI of any sort on a server, it increases the attack vector and makes it less secure. If you want secure, you can always look at OpenBSD, which has only had 2 remote security holes in it's default install in 10 YEARS! PF is also a very nice firewall/queuing/forwarding/packet filtering system. You might also check out FreeBSD, that is a little easier to get used to than OpenBSD. Debain Etch is my distro that I use for my servers, it's pretty secure out of the box, and is also really easy to use.