On Wednesday 02 August 2006 03:26, Titan wrote:
I have quite a predicament. I have been tasked with setting up an FTP
server for the research group I'm involved with. The problem is once
I'm gone someone with no *NIX experience will be maintaining the
server.
Does the ftp have to run on a unix-like system? Leaving someone unfamiliar
with a system to maintain it is a pretty bad idea. It is much better to have
the FTP server setup on an OS that he or she knows best, so that it can be
patched and fixed quickly should problems occur. Even if that OS is said to
be insecure, it is still far better than having a server with an
administrator has no clue of how it works, let alone patching it when needed.
I still don't quite understand what your setup requirement is. Since you seem
worried about the system being compromised, I presume that you are setting up
a private ftp server. In that case, look into deploying SFTP rather than
plain old FTP. Any good FTP client should support it, and it is the cheapest
insurance you can get to keep the user information safe, which can only help
you to protect the machine.
I've been considering using OpenBSD because it looks like it
can go far longer without updates than Windows and Linux servers and
looks to be very secure.
It may be so, but don't bet on it. Any unpatched system, especially when
(critical) patches are available, is simply inviting trouble.
In your experience, would it be possible for someone with no *NIX
experience to maintain a simple FTP server?
If this person is willing to learn, OpenBSD is indeed one of the better
unix-like system out there to administrate. The man pages are very well
written, the FAQ on the project's website will answer a considerable number
of questions, and the file system layout is logical and consistent. These are
all benefits that makes administration easier.
If your setup is simple and small, the box could probably be left alone to run
for a while. In this case, it may not take your successor too much time to
pick up enough unix to keep the box running for a while.
How long would you trust an unpatched OpenBSD server to go unhacked?
That is like asking when do we expect the world to end :-) In other words, it
is very hard to say for sure. OpenBSD comes with sane and reasonable default
configuration, so it is likely that it will last much longer unpatched than
other system, if the default configuration is not changed much.
Patching an OpenBSD system is not exceedingly hard. The FAQ detailed how this
can be done. Also, there is http://www.openbsd101.com that your successor may
find useful if you did choose to deploy OpenBSD. There is also the mailing
lists and the #OpenBSD channel over at freenode.net if reading through the
documentations didn't help.