Re: Your favorite server apps (firewall, DHCP, etc.)
On Mon, Feb 28, 2011 at 09:48:49AM -0600, Jason Hsu wrote: Since I'm looking for a job as a Linux IT consultant, I need a portfolio of favorite server applications - firewall, DHCP server, mail server, print server, etc. Just as I have favorite distros for the desktop (Puppy Linux, Linux Mint, antiX/Swift Linux) and favorite desktop applications (like OpenOffice and Sylpheed), I should have favorite server applications. Firewall: I've used Shorewall in the past and found it pretty good. Now I use fwbuilder. With fwbuilder, I have a better understanding of iptables rules and syntax. If I did firewalls regularly enough, I'd probably just use iptables directly, with no helper program. Learn isc-dhcp-server (used to be dhcp3-server on Debian). Also learn Bind. Learn how to work with/around Microsoft technologies. For instance, MS Exchange. A couple hints for compatibility w/ Linux clients: turn on IMAP support in Exchange. Establish an alternative calendar program -- maybe webcalendar. Another for instance: learn to set up samba for file and printer sharing with MS clients. Learn some money savers that you can use to impress potential clients. Two that come to mind are BackupPC and LTSP. One thing I never did that I maybe should have: learn Excel and Access well enough that you can convert existing macros, complicated spreadsheets, and databases to free alternatives. For databases, I'd suggest something web based like PHP/MySQL (not sure if MySQL is still the recommended database these days, due to the Oracle buyout). For small business that want to administer systems themselves with minimal intervention from you, there are some decent small business server distros. SME Server comes to mind. There are others. The top 2 distros to learn for consulting, in my opinion, would be Debian and CentOS/RHEL. -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110305185118.ga16...@aurora.owens.net
Your favorite server apps (firewall, DHCP, etc.)
Since I'm looking for a job as a Linux IT consultant, I need a portfolio of favorite server applications - firewall, DHCP server, mail server, print server, etc. Just as I have favorite distros for the desktop (Puppy Linux, Linux Mint, antiX/Swift Linux) and favorite desktop applications (like OpenOffice and Sylpheed), I should have favorite server applications. I can tell you about one application I don't like: the Firehol firewall program. It's pre-installed in antiX Linux. Every time I boot up or start this program, I get an error message about get-iana.sh. I did a Google search and tried some of the suggestions I found but still couldn't get Firehol working properly. I'd rather use something that doesn't require so much tweaking. I'm looking for an alternative for Swift Linux (www.swiftlinux.org, the distro I started). I'd like to hear what you use and why. Some of the criteria I'm looking for are: 1. Security: Any client I work for will need a very secure system, ESPECIALLY one that does financial work, does business over the Internet, or has intellectual property. 2. Stability and reliability: Since a downed server affects the whole company and not just one employee, I understand this is of paramount importance as well. 3. Popular: If an application is widely used, then there's more help available, and the more likely the Debian developers are to support it. 4. Consistent from one version to the next: Since I'm obligated to keep everything up-to-date for clients, I want an application that doesn't change that radically from one version to the next. I know better than to expect a smooth upgrade process for even Debian Stable, much less other distros. 5. Well-supported by the Debian developers: I don't want to use a particular application, only to find when I upgrade that it's no longer supported. 6. Easy to use: This criteria is the reason I don't use minimal Debian on the desktop. Of course, I may have to make some sacrifices on this criterion in favor of more of the above. 7. Lightweight operation: I want something reasonably lightweight, but I'm willing to compromise on this criterion in favor of more of the above. -- Jason Hsu jhsu802...@jasonhsu.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110228094849.77f30f45.jhsu802...@jasonhsu.com
Re: Your favorite server apps (firewall, DHCP, etc.)
you're asking pretty broad questions, however... On Mon, Feb 28, 2011 at 10:48 AM, Jason Hsu jhsu802...@jasonhsu.com wrote: Since I'm looking for a job as a Linux IT consultant, I need a portfolio of favorite server applications - firewall, DHCP server, mail server, print server, etc. Just as I have favorite distros for the desktop (Puppy Linux, Linux Mint, antiX/Swift Linux) and favorite desktop applications (like OpenOffice and Sylpheed), I should have favorite server applications. I can tell you about one application I don't like: the Firehol firewall program. It's pre-installed in antiX Linux. Every time I boot up or start this program, I get an error message about get-iana.sh. I did a Google search and tried some of the suggestions I found but still couldn't get Firehol working properly. I'd rather use something that doesn't require so much tweaking. I'm looking for an alternative for Swift Linux ( www.swiftlinux.org, the distro I started). I'd like to hear what you use and why. Some of the criteria I'm looking for are: 1. Security: Any client I work for will need a very secure system, ESPECIALLY one that does financial work, does business over the Internet, or has intellectual property. snort, splunk (semi commercial log monitoring), selinux, (it should go without saying, but learn everything about) ssh, /etc/shaddow and pam, closing ports / turning off services, logrotate. 2. Stability and reliability: Since a downed server affects the whole company and not just one employee, I understand this is of paramount importance as well. i've already covered this pretty verbosely in another thread earlier today. 3. Popular: If an application is widely used, then there's more help available, and the more likely the Debian developers are to support it. ??? 4. Consistent from one version to the next: Since I'm obligated to keep everything up-to-date for clients, I want an application that doesn't change that radically from one version to the next. I know better than to expect a smooth upgrade process for even Debian Stable, much less other distros. most things should be pretty consistent (it's why i don't use python :) ) 5. Well-supported by the Debian developers: I don't want to use a particular application, only to find when I upgrade that it's no longer supported. all applications have a chance of going out of style - look at windows' fileman... no longer there since '95. however, bash, bind, vi, emacs, gcc, perl, and a few others may be on unix for a long long time. 6. Easy to use: This criteria is the reason I don't use minimal Debian on the desktop. Of course, I may have to make some sacrifices on this criterion in favor of more of the above. i don't know what you mean here. are you looking for strictly gui front-ends to server apps? 7. Lightweight operation: I want something reasonably lightweight, but I'm willing to compromise on this criterion in favor of more of the above. lightweight? depends on what you're doing. sqlite is lightweight until you try to process a million records. then it might bring a system to a crawl whereas mysql / postgresql should handle that million records without an issue. oh, and telnet is lightweight compared to ssh, but i won't be caught dead using telnet.
Re: Your favorite server apps (firewall, DHCP, etc.)
Jason Hsu wrote at 2011-02-28 09:48 -0600: Since I'm looking for a job as a Linux IT consultant, I need a portfolio of favorite server applications I had trouble finding a utility I liked for firewall. Scripts for iptables are slow and bulky, and with other frontends I don't really know what is happening with the actual firewall. The ferm packaged solved all this by allowing me to write normal iptables rules in a language that is easy to use. When applying the rules, ferm uses the iptables-restore method which is *much* faster than the iptables command and ferm has an interactive option for reverting in case a firewall change breaks your ssh connection. signature.asc Description: Digital signature
Re: Your favorite server apps (firewall, DHCP, etc.)
On Mon, 28 Feb 2011 09:48:49 -0600 Jason Hsu jhsu802...@jasonhsu.com wrote: Since I'm looking for a job as a Linux IT consultant, I need a portfolio of favorite server applications - firewall, DHCP server, mail server, print server, etc. Just as I have favorite distros for the desktop (Puppy Linux, Linux Mint, antiX/Swift Linux) and favorite desktop applications (like OpenOffice and Sylpheed), I should have favorite server applications. I can tell you about one application I don't like: the Firehol firewall program. It's pre-installed in antiX Linux. Every time I boot up or start this program, I get an error message about get-iana.sh. I did a Google search and tried some of the suggestions I found but still couldn't get Firehol working properly. I'd rather use something that doesn't require so much tweaking. I'm looking for an alternative for Swift Linux (www.swiftlinux.org, the distro I started). In view of the first sentence above, throw away your firewall apps and learn to use iptables directly. It is of such importance as a network troubleshooting tool that you need to be fluent in reading an existing script and adding logging lines in appropriate places. Remember, if someone else is writing your firewall script, you don't know what it is doing. You only get away with 'not so much tweaking' if you're a user, not if you're an admin. I'd recommend mc as a file manager and text editor. A server won't usually have a GUI, that's a Windows thing, and I find mc more generally useful than ls and cd (while using them when appropriate). And I'm willing to court unpopularity by admitting I absolutely loathe vi and its children. Hey, Windows 7 still has Edlin... http://en.wikipedia.org/wiki/Edlin There are lightweight DNS servers and caches, but if you expect to deal with networks generally, get to know BIND. Learn to link it to dhcp3 (no, it's not done by default) as an exercise in remote updating and associated permissions. Learn at least one mail server well. I've used Postfix in the past, but I've used the Debian default of exim4 for some years now. As an exercise, find out how to drop SMTP connections from specified country codes in the HELO and/or sender address. Learn how to set up an OpenLDAP address book, and either MySQL or postgresql with PHP and Apache, then link the address book to web pages. Many email clients can use LDAP address books, but few can update them. I'll shock everyone by admitting I like phpmyadmin for dealing with MySQL. I can't remember the last time I drove MySQL from the command line. Learn Samba, from creating an anonymous-access file share up to integration with Windows domain controllers and clients. It's Samba that deals with printer sharing in a mixed network, while CUPS is the actual server. You are ambitious, perhaps? Try compiling FreeRADIUS with SSL support (Debian doesn't do that, due to OpenSSL licensing) and using it to secure a wireless network. Then you'll know why some people use Windows servers. Another reason is the Outlook-Exchange system, with an LDAP Global Address List that you don't have to build from scratch. As to size, my system is under 2GB, with bzipped backups not quite fitting on a CD. It's currently running on a five year old (new hard drive) HP workstation, with half a gig of RAM. That's lightweight enough for me. The current Windows Small Business Server wants a 60GB system partition and a minimum 8GB of RAM. Of course, it does much more than my Debian box, but not any more of what I actually want done. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110228220026.64f93...@jresid.jretrading.com
Re: Your favorite server apps (firewall, DHCP, etc.)
Joe, thanks so much for the advice. I remember vi from undergraduate school in the 1990s, and I HATED it and never learned to use it, as emacs was so much easier to work with. On my minimal command-line only Debian installations, I prefer nano. Wow, I thought I was the only one who hates vi and absolutely refuses to use it. On Mon, 28 Feb 2011 22:00:26 + Joe j...@jretrading.com wrote: And I'm willing to court unpopularity by admitting I absolutely loathe vi and its children. Hey, Windows 7 still has Edlin... -- Jason Hsu jhsu802...@jasonhsu.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110228173340.9b8a4707.jhsu802...@jasonhsu.com
Re: Your favorite server apps (firewall, DHCP, etc.)
Original Message From: jhsu802...@jasonhsu.com To: debian-user@lists.debian.org Subject: Re: Your favorite server apps (firewall, DHCP, etc.) Date: Mon, 28 Feb 2011 17:33:40 -0600 Joe, thanks so much for the advice. I remember vi from undergraduate school in the 1990s, and I HATED it and never learned to use it, as emacs was so much easier to work with. On my minimal command-line only Debian installations, I prefer nano. Wow, I thought I was the only one who hates vi and absolutely refuses to use it. On Mon, 28 Feb 2011 22:00:26 + Joe j...@jretrading.com wrote: And I'm willing to court unpopularity by admitting I absolutely loathe vi and its children. Hey, Windows 7 still has Edlin... -- Jason Hsu jhsu802...@jasonhsu.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110228173340.9b8a4707.jhsu802701@ jasonhsu.com Somewhere in the midwest Bill Joy is seething! Larry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/380-2201132111848...@netptc.net