Howto's, experiences and more

OpenSSH is the default means of accessing a unix based server nowadays, and so it should be, because OpenSSH is safe, fast and stable.

However, as always, the weak end of a secure system is always at the user end. Therefore we are going to need to tighten up OpenSSH even more than it already is, which is quite easy to do.

First thing you need to look at is if you are using an up to date version of OpenSSH. At the time of this writing, version 5.3 is the most recent one so when reading this post, it needs to be at least that.

To determine the version, type $ ssh -V

It will produce some output with a version number, most likely with added information about the distribution of linux that you are using.

When you ensured that your version is up to date, it’s time to get to work and tighten the thing down :

Read more

This is a small list of how to harden your TCP/IP stack on your linux server.

Most modern server distributions already have a more hardened stack, but most of the time, you can even tighten it up further, which is generally a good idea in my humble opinion.

This list is by no means complete and I welcome more suggestions for further tightening down.

Read more

This is the first part of a complete series on how to build virtual server platform that will run virtualised  High Availability servers. For the complete index of this series, please click here.

The base OS of this solution will be the Ubuntu distributions, which can be found here.

First thing you need to do, is of course, set up the platform that will run the virtual servers we are going to build.

My choice for that was the 64bit desktop version of Ubuntu Lucid Lynx, which is the 10.4 LTS distribution. LTS simply means Long Term Support. Which will ensure that the coming few years your distribution will still be supported.

Why did I choose for a desktop version to run my virtual servers ? Well, basicly, linux is linux, and the type of distribution doesn’t really matter if you build a server out of it or a desktop. I chose for the desktop version because it comes with a fully pre-configured X/Gnome installation, and doesn’t contain anything I don’t need on the base platform. The only thing i needed to do was install OpenSSH to ensure that I have remote access to the machine.

However if you want to go hardcore and install a non-gui distribution like Ubuntu Server on it, that’s a perfectly valid choice as well. Although administrating the thing might be slightly harder to do, especially when it comes to installing the virtual servers. So i highly recommend the desktop version to get it all running, and then later you can just switch runlevel to 3 instead of 5 to get rid of the GUI overhead. Although I have to add that the GUI doesn’t give you much overhead apart from like 100MB extra memory load to run X/Gnome and like a half % cpu load in the worst case for X/Gnome just sitting idle.

For the virtual servers I chose Ubuntu Lucid Lynx 10.4 LTS Server. This can be either 32bit or 64bit, depending on your hardware and what VirtualBox will support on your platform. I will get back to VirtualBox later.

So now that we sorted out what OS’es we are going to use, let’s look at what we need to get the server base platform running and ready to accommodate virtual servers :

Read more

Well, I have been away for quite a while and a lot has happened since then. But it is time to start this blog up again to share knowledge and experience with you people out there.

The first thing i need to share my thoughts about is actually the crash of one of my servers.

The machine was running a native installation of RedHat, but it was a bit old already and it desperately needed replacement. So, up to a point, the raid controller decided to go bonkers and crash my server several times until i figured out that it was actually the controller at fault instead of the disks. And that is when you are actually facing a complete reinstall of your system.

Now to make lemonade from the lemons i got, I decided to go fancy and actually make it a virtual server implementation.

Read more

If you started reading from this page, you might want to visit the introduction article first.

Now that we have built a PC from our components and closed it so that we can power it up, we are ready to install an OS on it. Well… Almost ready. Since we do not have a CDROM installed into the NAS, we need to figure out a way how to get the OS onto our PC so that we can create a NAS out of it. Of course you need a temporary monitor, keyboard and mouse for it to get Linux installed so hook those up too. If you do have a CDROM in it you can of course skip the whole USB key process.

The way I did it was take a USB memory stick of at least 1GB, and turn that into a bootable drive containing a linux server edition. As I stated in the previous article, I chose for Ubuntu 8.10 Intrepid Ibex Server Edition. Some may argue that for stability i better choose the 8.04-2 LTS Hardy Heron Server Edition and in my defense I can say that I actually tried that, but it would not install from the stick, so I had to choose for 8.10 since that one worked flawlessly. The reason why 8.04 wouldn’t install will be explained later on.

First we need to build ourselves a bootable USB stick with Ubuntu 8.10 installation media on it. The way I did it was just use the Create Bootable USB Stick on my laptop with Ubuntu 8.10 on it and using the Server Edition ISO. It all went by itself. However, i will assume you will not have linux or not the 8.10 version of Ubuntu, and thus do not have access to this neato tool. We will tackle that with unetbootin ! Read more