|
Reasons for choosing Devil-Linux as my server distribution
At work I recently replaced some other Linux servers with Devil-Linux.
One of my reasons for this choice is because security is a primary focus
in the creation of Devil-Linux. The entire distribution is compiled with
the GCC stack smashing protector for buffer overflow protection
(except for a very few packages that prevent use of the option).
grsecurity is
run by default to further enhance security, and many of the server packages
are configured to run in a chroot environment by default.
Running a BIND DNS server on Devil-Linux
My first attempt at running Devil-Linux as a server is when I decided to
replace my employer's two DNS servers with Devil-Linux. This turned out to
be a surprisingly simple task. I found two old Pentium class PC's with 4X
CD drives in our bone-yard, I ripped out the old hard drives, and booted
up Devil-Linux. These PC's were so old they would not boot from CDROM,
so I created a DOS boot floppy which runs "loadlin" from the Devil-Linux
CD to boot (I used freedos to be
completely legal and free of commercial software). After I got the
new Devil-Linux system configured, I copied my old zone files and the
named.conf file for BIND, tweaked the directory location in named.conf,
told "setup" to start BIND on boot, saved my config, and rebooted.
I was very pleased to see the BIND startup script created a chroot jail
to run BIND, without me having to do anything special. The master DNS
server copied all my zone files to the jail, and BIND ran the first
time. The slave DNS server started BIND in the jail, did a zone
transfer from the master, and also ran fine. Since you're reading this
article, you used my Devil-Linux DNS servers to find this web server!
Running a Squid proxy server on Devil-Linux
My next task was to replace an old squid proxyserver with Devil-Linux.
This involved adding a SCSI hard drive to Devil-Linux to store the
cache and squid log files. Adding a hard drive was also surprisingly
easy. First I added the kernel module for my SCSI controller in
"setup". Then I followed the documentation on the Devil-Linux web site
to add a hard drive. This basically involves running some commands
to create logical-volumes (using LVM), formatting them, and then
Devil-Linux automatically mounts them in predefined locations.
I didn't even have to add them to /etc/fstab. I did find one bug
in the documentation where it said to use device names like
"/dev/sda", but the LVM commands complained that I needed to use
the full device file name for systems running "devfs". So I looked
at the real file that "/dev/sda" was linked to, used that name instead,
and everything worked. I reported this bug to the Devil-Linux
web site maintainer, so hopefully it's fixed when you read this.
After adding the hard drive, I copied my the squid.conf (config)
file from my old proxy server, tweaked the directory location of
where to store the cache, set squid to run on boot in "setup",
and squid runs fine.
One problem I did find is squid on Devil-Linux 1.0 doesn't include
any of the basic authorization modules. I reported this to the
developers, but not in time to be included in version 1.0. If you
need the basic authorization modules, you'll have to compile them
yourself, or run a Devil-Linux beta release (the modules have been
added to version 1.1-beta).
Future Devil-Linux server projects
My next task is to evaluate Devil-Linux as an email server as a
replacement/upgrade to my current Linux mail server at work.
Devil-Linux looks like a promising solution because it comes with:
- Postfix configured to run in a chroot environment.
- Postfix SSL/TLS extension.
- SpamAssassin
- Clam Antivirus (Opensource Scanner)
- Sagator (Email Antivirus Gateway)
- Fetchmail
- My choice of the Cyrus POP3/IMAP Server or the Dovecot Secure IMAP Server.
This change will be more difficult than my previous Devil-Linux servers
because of my learning curve. I'm currently running a sendmail
system, and I've never run Postfix before. However, because of my
previous positive experiences with Devil-Linux servers, I'm very willing
to give it a try.
After that, maybe a Samba server or a web server (software also included) ...
| 
