Stefan Goessling wrote:
Hello List! I would very much appreciate any advice concerning the set-up of a Debian based file server. I have some experience in Debian desktops and laptops, but none so far with servers. My list of questions is long, I know, but any answer would help. Thank you! Best regards, Stefan (debian @ goessling . de) Questions: Which Debian version?
As others have said: Woody.
Which packages should I use?
firewall -> shorewall mailer -> postfix lockdown -> bastille intrusion detect -> integrit, tripwire, or aide log monitoring -> logcheck
Which security measures to take?
Read this FIRST: http://www.debian.org/doc/manuals/securing-debian-howto/ If you are building the machine from scratch (it sounds like you are) then it is much easier to install/configure everything initially with security in mind. Trying to rearrange stuff later is a pain. Make sure to setup your partition scheme on paper ahead of time. Give yourself double the room you think you will need. You may also want to look into LVM for a more flexible alternative.
Which backup procedure is recommended?
If the backup host has sufficient disk space, then systemimager. Assuming a harddrive failure (probably the most common type of hardware failure) you can restore the machine in the time it takes to replace the defective drive, boot the machine and transfer the image back over the network. Systemimager also uses rsync (can be limited to rsync tunelled over ssh, in the case of your unprotected network) which makes the backup procedure very bandwidth efficient after you have created the initial image.
Any experiences/success stories in this field?
If your users will have lots of large files, use XFS. If they will lots of small files, ReiserFS. A mix is handled well by ext3. Don't use NIS for user authentication. Take the time and set up LDAP. I made the mistake of using NIS in my lab (thankfully behind the university firewall) before realizing that NIS sends everything in the clear. Also, if at all possible, choose something other than NFS for the network shares. I am not sure what the alternatives are in this case (anyone else care to comment). All I know is that NFS is a total bandwidth whore. Even with only a few users, network traffic slows down significantly. One of my buddies also used NFS in another lab on campus, and the network traffic is so bad (he has many more users than I) that he is desperately seeking alternatives. We are both fortunate in that our labs (mine and his) are on their own private subnets, but if your traffic will be traversing the bigger campus network, you may want to look at alternatives as well.
Are there pre-packaged distros (Debian based)?
Not for general purpose (like it sounds you need). If you were doing only a firewall/router or webserver, then there are a few out there.
Here are the requirements/conditions: * Server must serve Windows clients (e.g. via samba) *and* Linux clients
This is easy to setup with SWAT (Samba Web Admin Tool).
* Access also via secure channels (scp, sftp) from outside the local net
Again, no problem as long your university does not block ports, which you said they don't.
* 10+ users (2-6 concurrent) with around 2 GB file space each
What kind of hardware are you using?
* Server runs 24h in an unprotected network (i.e. our university does not have any firewall or port blocking)
With good firewall/IDE this should not be a problem.
* System will probably have 2 HDs (80 GB)
RAID or just two drives with stuff on them?
* Second (rather old) machine available for backup service
Definitely a good call. Make sure it has sufficient disk space.
-Roberto Sanchez
Attachment:
signature.asc
Description: OpenPGP digital signature