This site is now 100% read-only, and retired.

Woody: Fully Loaded

Posted by Anonymous on Sat 25 Dec 2004 at 14:29

If you're new to Debian, wish to use stable/Woody for your server, want the server to run as many services as possible - it may seem like an impossible task for you. I was in the same position, and it took me quite a while to accomplish it.

So I took notes, and wrote it down, in hope that others may find it useful :
[ Debian : Fully Loaded ]

Note that it's not an ideal walkthrough for Woody - I had to resort to backports for a few services, etc; but anyway, I'm using that config for my live server on Internet, and I find it very pleasant.

Hope you'll find it useful as well.

 

 


Nice piece .. but some odd ways of doing things.
Posted by Steve (127.0.xx.xx) on Sat 25 Dec 2004 at 17:35
[ View Weblogs ]

Thanks for the link, it's an interesting piece. I like the collection of tips, but I did have a couple of comments;

  • You don't really define the kind of services that you'd like to use in advance, which would be a nice first step.
  • A lot of the work is done in a non-Debian fashion

For example when you build the mod-security module (something I hope to write about shortly) you would be betting running:

wget .. source.tar.bz
apt-get install apache-dev
/usr/bin/apxs ..

(The point is that apxs is already installed, getting the source to Apache isn't necessary. Nor is installing all the extra packages you include - if you need them then apt-get build-dep apache would be a better way of doing it)

Backing up is best done with:

apt-get install rsync

But choosing not to run a daemon. Install from the client you can run:

rsync -v -r -e ssh your.ip.address:/root/dir archive-dir/

This connects to the rsync daemon via SSH meaning you don't need to run the rsync server and expose yourself to security risks.

Other software you include such as webmin is already part of Woody, so you could install it with apt-get directly - unless you have a good reason to install from source.

Steve
-- Steve.org.uk

[ Parent ]

thanks for the feedback
Posted by Anonymous (127.0.xx.xx) on Tue 28 Dec 2004 at 15:00
Hi Steve, First apologies if some of the following doesn't make sense - I currently suffer from a bad headache. But I'll try to be as clear as possible. Thanks for the feedback - as you've found out, I'm no expert in Unix / Debian admin. So feedback on that article helps to make it better, which then hopefully be useful to other newbies as well. I didn't realise there's apache-dev package :"> (duh) Once you're done with your mod_security article, please let me know, then I'll link to it. The tip on running rsync via SSH is most interesting ! I agree that this eliminate another security risk, and closes another open port. I'll definitely give this a try. On webmin - I read the maintainer's post somewhere, and he said that he can't recommend his own webmin package on Woody; it's too buggy. It may be secure, but buggy. That's why I'm building from source. On defining the services in advance - basically, I'm trying to put as many things as possible in that guide. Therefore, it'll be most likely be useful to anyone - somebody may be interested in installing the mailserver, but not the webserver; etc. Currently I'm at great pain regarding PHP (and its applications) - I've installed mod_security and mod_suphp, but I'm still not sure whether my server is secure enough as it is now. I'll concentrate my work on this for the time being. Kids shouting already, gotta dash now. Thanks again for the feedback.

[ Parent ]