project: d.r.e.a.m

This documentation is no longer maintained. It may be out of date, or simply wrong. I will leave it online, as long as it think it may still be useful.

How to setup a small, fast, and secure server

Well, this is my so called HOWTO setup a server. It expresses my views in how to do things. Iam pretty sure that your mileage varies from mine, but i hope you may see some interesting applications, which increase both security and flexibility.

This document is aimed at people that already have a bit knowledge with unix-ish systems, and want to get an idea how other people solved their problems they had with computers. This document is NOT thought for people that want to setup an 31337 ``firewall'' using Linux 8.1 ;)

Choose your OS

Well, if we want to setup a server, we have to choose a Kernel and a preliminary Userland that will run on this server. Any unix-ish Kernel will do it, but i have choosen Linux. Linux is available in multiple flavors. There are some very nice distributions out there, that are usuable on server machines. Iam currently working with both CRUX and Debian. Please note that this document will contain some linux-specific hints. Just ignore them if youre not using linux.

Decide on a file hierarchy

On each Server, you need a hierarchy. I have the following one:

/etcconfig files
/homehomedirs
/varvariable files, spools and such
/usr$os packages
/usr/localnon-packaged software, bloat
/packagedjb's slash-package
/servicedjb's supervise dir

As you see, i did not specify where exactly pid files should go, temporary sockets, etc. pp. most of these details are covered by man hier of your os. You may even choose do it exactly as the man hier of your describes the hierarchy. I have decided to use a central /etc, containing all configuration files. The ports system of the free BSD Operating tend to do this differently, but i dislike that approach. It is just important that you like it, as it adds the necessary amount of overview to your system.

Do clean administration

Document everything you do. In general, i have used versioning systems to document configuration files. I have been using CVS for a long time, but felt limited with its disadvantages. After switching to subversion, most of my problems with versioning systems were gone. You may consider subversion to be bloat. And let me assure you, it is bloat. But it works fine.

Decide which software you need

On a server, you need software. Well, there some basic things which come with every os, like fsck, gettys and such. I wont talk about them here. If you have additions to this list, drop me a line.

Linux specific tweaks

On Linux, most of the above software links against the dietlibc. This will increase speed, and lessen memory usage. I can only recommend you to link all software against the dietlibc.

For filesystems, i stick to ext3. It is built upon ext2, and is thus pretty stable, something i cannot say about xfs, reiserfs or jfs. Linux's software raid is also a feature that cant be missed on any server, its fast and simple, and enhances the reliability of your disk subsystem.

You may want to use iproute2's ip instead of the old and deprecated ifconfig and route commands.

Package the software

Get a chrooted shell on your workstation, install your OS there, and package all the software you are going by yourself. Dont use premade packages, because usually they do not fit your needs. However, you should look at other packages, and learn from them.

For each software above, theres lots of documentation in the web. Learn how to use the software most efficiently, how to install it, and generally how it 'feels'. This may need a lot of time, but will help you greatly to fully understand what your system is actually doing.

You will surely run into many problems where something does not do what you want. Rewrite the program, put a wrapper around, whatever your way is to fix it, make it publicily available on the web, so that other people can use it

Examples

I have created a packaging system that i can use with both Debian and CRUX, called sw-utils. It's designed to be extensible, so i could easily use it on a BSD System, Solaris, or a commercial Linux Distribution. You can find it here.

Thanklist

I want to thank the following People (without any order):

If you have any questions or suggestions don't hesitate to contact me.

This document is public domain.