[TriLUG] Server Maintenance

Hite, Danny Danny.Hite at per-se.com
Fri Aug 1 13:34:02 EDT 2003 

> You could read several good books on the subject.  This is far too 
> broad a subject to get a quick answer to on a mailing list.

Agreed. There is no way to get all of the info from a mailing list. I merely
wanted to get some quick tips and a starting point. I have used many
different flavors of Linux in the past. It has always been a install,
tinker, break it, reinstall it type scenario. Now it counts and I want to do
it right. So logically I would first consult with...ummm...let me
think...TRiLUG!

> For free software, check out AMANDA.  For commercially supported 
> software, check out BRU.

This will fall in line with NetBackup below I hope. My reason for asking
this was due to the fact that Server 1 is in a DMZ/SSN. I don't want to open
anything (ports) from DMZ to internal if I can avoid it.

Also John mentions:
 
> > > You mention you already have NetBackup in house, NBU clients work well

> > > on linux, and as long as you are running version 4.5 FP3, have very
> > > few limitations that I know of. If you have already worked with NBU, 
> > > you should have no problem installing and getting it running in no 
> > > time.

No dice here as I am stuck with 3.4.1 of NBU.

> Simply patching your system is a good start, and for that I recommend 
> that you install apt-get or yum on your machine and use those tools to 
> update your system regularly.  Both of these tools are fairly automatic.

This is sound advice that I have been doing on a somewhat regular basis.
Automation + reporting can be a good thing though(sometimes).

> Security is a process, though, and patching alone is not enough.  
> Again, entire books have been written on this subject and it is too 
> broad a subject to address quickly on a mailing list.

My initial thought was that the DMZ/SSN would isolate it enough, but Jon
mentions:

> > > You should be running a firewall on the box, and blocking all 
> > > in/outbound ports that are not currently used by the server.  Also, if
> > > you are extra paranoid, you should look at running Tripwire 
> > > (an intrusion detection tool).

How far should I take this in a DMZ/SSN part of my network with only 1 port
being forwarded inbound?

> There are some programs that claim to do this, but in the end I've 
> found I prefer to just page through my logs once or twice per day, 
> skimming through and looking for things that stand out.  Doing that in 
> combination with one of the automated log analysis tools would be a 
> good idea to consider.

> What you're asking for is a book on Linux administration.  There are 
> many good ones out there between $35 to $60 in price.  Or you could 
> take a few weeks of training for 100x that price.  Of course going the 
> other direction there are many good documents out there for free (see 
> the Linux Documentation Project, as well as the great docs that came 
> with those Red Hat CD's).

A book purchase is in my near future for sure.

> You'll save yourself a lot of reading time if you switch your MTA from 
> Sendmail to Postfix.  Did you happen to catch the Postfix classes that 
> TriLUG hosted recently?

Interesting, so Postfix is much more...what? Faster, Reliable, Ease of
Setup, etc...???

> Wow you have some deep pockets.  You'll have no problems affording 
> those books.  Or a consultant to handhold you through this transition 
> (*wink*)

Yes, we had deep pockets about 2 years ago, but now I am having to
(Thankfully *grin*) consider open source solutions for future projects due
to budget restrictions.

More information about the TriLUG mailing list