|
|
Server Advice?
|
|
|
|
Dedicated MacNNer
Join Date: May 2002
Location: Brooklyn, NY
Status:
Offline
|
|
Hi,
I'll be running a server (OS 10.2.6) and it's my first time. It's a Web/File/FTP/Music server for myself and friends at school. I was wondering if anybody here had any advice for good server maintance ideas or anything like that?
I've split the drive into an OS X partition and a files partition. I've enabled journaling on both partitions. Does anyone have any advice for not too hard to understand security apps? Any, things in the system I should enable? Scripts I should know to run? Logs to check?
Thanks for any advice!
gabe
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Aug 2003
Location: Basle, Switzerland
Status:
Offline
|
|
Originally posted by Zimwy:
Hi,
I'll be running a server (OS 10.2.6) and it's my first time. It's a Web/File/FTP/Music server for myself and friends at school. I was wondering if anybody here had any advice for good server maintance ideas or anything like that?
I've split the drive into an OS X partition and a files partition. I've enabled journaling on both partitions. Does anyone have any advice for not too hard to understand security apps? Any, things in the system I should enable? Scripts I should know to run? Logs to check?
These are my views as a Solaris Admin (I am still waiting for my first Mac, the G5). Some hints may be overkill:
-On a server, I recommend a separate partition for /var (symolic link to /private/var)and a separate partition for /Users. It prevents a crash of the whole server in case that the log files under /var or the homedirectories get full.
-Separate partition for swap. As a rule, the size of the partition is 1-1.5 x the installed memory. This should prevent fragmentation.
-For security reasons you should replace ftp with sftp. It is sufficent to have SSH running, because sftp is tunneled over ssh.
-Always have firewall enable for ports not used.
-Keep up installing (security-)patches.
-Keep an eye on syslogs (under /var directory).
-Use strong password policy (possible in OS X).
You can't be too carefull when allowing access over the internet...
Good luck!
Regards
Burana
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2002
Location: Brooklyn, NY
Status:
Offline
|
|
Thanks for all that info. I have a few questions:
-By Strong Passwords, do you mean just ones that have both letters and numbers, and aren't dictionary words, or is this an option I can check somewhere?
-I've looked under /var/log/system.log and there's lots of stuff there. What sort of things would I be looking for? Intrusion attempts? Things like that? How would I find them?
Thanks again,
gabe
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Aug 2003
Location: Basle, Switzerland
Status:
Offline
|
|
Originally posted by Zimwy:
By Strong Passwords, do you mean just ones that have both letters and numbers, and aren't dictionary words, or is this an option I can check somewhere?
That's right. But because I don't have a mac yet I can't tell you how to set password policies and enable password aging. Maybe somebody else can help?
-I've looked under /var/log/system.log and there's lots of stuff there. What sort of things would I be looking for? Intrusion attempts? Things like that? How would I find them?
Mainly you should look for error messages and warnings. A good administrator always keeps an eye on system logs. Sometimes you can prevent some problems, before they occure.
Beside that, failed logins will be logged as well.
Regards
Burana
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|