1 |
----Original Message----- |
2 |
From: BRM [mailto:bm_witness@×××××.com] |
3 |
Sent: Tuesday, September 30, 2008 1:36 PM |
4 |
To: gentoo-server@l.g.o |
5 |
Subject: Re: [gentoo-server] Server Packages for Gentoo |
6 |
|
7 |
How's this one? |
8 |
|
9 |
Sorry about that - ( I tried something different this time, but for the most part...) unfortunately I can't do anything about it since it's Yahoo's webmail interface...Also why I'm not replying in-line, but at the top. |
10 |
|
11 |
Ben |
12 |
|
13 |
|
14 |
|
15 |
----- Original Message ---- |
16 |
From: Robert Bridge <robert@××××××××.com> |
17 |
To: gentoo-server@l.g.o |
18 |
Sent: Tuesday, September 30, 2008 1:28:46 PM |
19 |
Subject: Re: [gentoo-server] Server Packages for Gentoo |
20 |
|
21 |
On Tue, 30 Sep 2008 09:17:42 -0700 (PDT) |
22 |
BRM <bm_witness@×××××.com> wrote: |
23 |
|
24 |
> That's a matter of choosing what you install; but that's not specific |
25 |
> to Gentoo. |
26 |
> |
27 |
> MySQL on Gentoo is not going to be any different than MySQL on RHEL |
28 |
> or SLES. However, stability - due to differences in versions, |
29 |
> patches, etc. - might be different; but should be close to the same. |
30 |
|
31 |
Except the Gentoo version will move a lot faster, potentially causing |
32 |
problems... |
33 |
|
34 |
BRM: Can you please fix you mail client so it includes the in-reply-to |
35 |
and/or references headers so that it stops spawning a new thread |
36 |
every time you reply. |
37 |
|
38 |
|
39 |
Now that I've seen some ideas, here is what I was thinking by enterprise-level software: |
40 |
|
41 |
Software that is secure within its domain, dedicated to a function, runs lean and without bloat, stable, as isolated from the OS as possible, and scalable. Software in this class must be part of some kind of security monitoring/advisory system (i.e. GLSA). Here's what I mean by all this: |
42 |
|
43 |
Secure within its domain means that it only get those privileges absolutely necessary to its function- it should not have to run as root, for example. It should be possible to isolate the security level of any given software package, and should not run as a user account with an easy-to-crack password. |
44 |
|
45 |
Dedicated to a function means it should not try to do it all- a DHCP server should manage IP addresses, not try to be a DNS, database, firewall, and desktop widget all at once. |
46 |
|
47 |
Running lean and without bloat means it should only use necessary resources- no memory holes to speak of, no extra features or gui's, if possible. |
48 |
|
49 |
Stable obviously means not prone to crashing. |
50 |
|
51 |
Isolated from the OS meaning that, when it does crash, it doesn't take the whole server with it- if it must crash, it should only affect its own domain, which should be easy to sanitize without requiring a server reboot (Linux does this very well natively anyway). |
52 |
|
53 |
Scalable is just what it means- deployable to a group of users as easily as to just one user. |
54 |
|
55 |
As a Linux server, the basic type is LAMP, which are packages that have a strong reputation. How about additional functions that a LAMP cannot handle? How about network-level authentication? I have read about the Linux version of AD, but I am more curious abobut experiences with the associated packages, as well as security and functionality weaknesses, as well as potential security oversights. Any thoughts? |
56 |
|
57 |
Thanks! |