Usage of Gentoo as Server Project

macawgumbo · Apprentice Joined: 28 May 2004 Posts: 165

This is mainly a discussion about learning the ins and outs of using Gentoo in a server role along with the feasibility of full windows replacement for Gentoo as the sole networking/server authority.

How is Gentoo going to be used for authentication with Windows?
What about a domain controller?
How many servers would be needed to have a firewall, web server, mysql database, internal fileserver, internal authentication, mailserver, ftp, webmail, etc.? (on a superlow budget)

What kernel and security setups (kernel and software based) along with hardware should be discussed.

Headrush · Posted: Sat Oct 30, 2004 1:44 am Post subject:

Well I have a webserver, email server, ftp server, web email system, mysql all running on a lowly Xbox running gentoox == $200 Canadian

macawgumbo · Apprentice Joined: 28 May 2004 Posts: 165

Yes, but performance will be that of crap.

maztaim · Posted: Sat Oct 30, 2004 2:45 am Post subject: Theory of Relativity

cazort · Posted: Sat Oct 30, 2004 2:44 pm Post subject:

Simply put, assuming you have a large amount of time to put in, gentoo offers the best performance for your $$$.

---

Your security depends a lot on whether this server is going to be out there on the net or in your office. Either way, I would recommend, instead of compiling a firewall into it (ie. iptables/netfilter), buy a hardware firewall: this is a cheap way of speeding up the server.

Also, one question arises--why put external functions (mail server, webmail) on the same server as a file server? If you have a fileserver that is not connected to the net, it's easy to lock down. Webmail, on the other hand, is comparatively tough to lock down. Ftp, due to its unencrypted passwords, is a big security risk...so usually, unless you limit it to sftp, it's usually not good to run ftp on any server on which the same username/password combos can be used to log into any other service.

ALso, you may find that certain tasks are more demanding than others. Maybe there's a way to break this server setup into two boxes, one of which can have more powerful hardware and do the demanding tasks, and one which can be a junk box you have sitting around, and then, one of which can have access to the internet, and one which can be LAN only?

I dunno...maybe I am getting too hypothetical. It just seems that all the functions you are listing are unwise to put on a single box, because some of them are high-risk, insecure things, and others of them are things that you really don't want to have the risk of exposing to the net.

cazort · Posted: Sat Oct 30, 2004 2:48 pm Post subject:

Also, check out these links:

Here's a very basic site on gentoo security;

http://www.gentoo.org/doc/en/gentoo-security.xml

Here's a set of guidelines for gentoo infrastructure servers--these guidelines are often a good starting point, since they involve servers that are pretty much locked down:

http://www.gentoo.org/proj/en/infrastructure/server-standards.xml

This site gives a broad overview of a bunch of different (and mostly more advanced) security-related features supported in gentoo:

http://www.gentoo.org/proj/en/hardened/index.xml

-----------------------

I'd say, instead of asking how many servers do you need, ask, how many can you afford to have, or do you have sitting around? Usually you can get by with one or two expensive servers and maybe a junk box or two for a larger setup. Small setups, you can usually find some horribly jerry-rigged way of doing it with one box, but it might not be the most secure thing.

Headrush · Posted: Sat Oct 30, 2004 3:05 pm Post subject: