March 6, 2008 by Paul Morgan-Roach
The Project
Having now got my head around working with Linux, I’ll be putting what I know to the test with a large(r) project.
I have a Dell Poweredge 1600SC server left over from a former enterprise at home – this currently runs Windows Server 2003, with Exchange 2003. It has a 73Gb RAID 5 array with SCSI disks and has dual NICS. It also hosts a couple of websites and has a Quantum DLT 80/160 drive I’ve been toying with the idea of selling it (all licences are legit, OEM and included), but I’m now leaning towards integrating it into this project. I also run a knackered old P75 with IPCop.
The scope of the project is to bring the server functionality and firewall under the same box. Yes this is less effective from a security perspective (particularly when you consider I’ve done nothing on this scale on Linux before, and therefore am likely to create a couple of vulnerabilities inadvertently), but it’s a learning curve and I’m keen to try my hand at something like this. I’m fully aware that there are some open source projects that include a lot of these features “out-of-the-box”, such as Ebox but I want to have a go at this as a project to test what I’ve learned over the last year or so…
The server will need to do the following:
a) Security -Firewalling
b) Mail Server supporting IMAP (and possibly Pop3)
c) File Server – Limited number of files, but will need to be accessible from Linux/Windows machines
d) Webmail – so mail can be collected from externally
in addition to this, I would like some extra functionality, but this is not a necessity.
e) IDS
f) Traffic Shaping/monitoring
g) Some fom of VPN server
h) Calendar server…..this might be useful for Linda managing her appointments
The Plan
Job number one of course is to back up data. This mainly constitutes Exchange Mailboxes so I’ll be exmerging data out into .pst files to start with. Migrating the mailboxes (as there aren’t many) can be done throughThunderbird or even in an Outlook client!
Next I’ll be grabbing a list of all hardware – i’ll need appropriate modules to manage my Raid 5 array, so controller details are essentialTo start with my base system will be Fedora Core 8 – I’ve been using Fedora as my work box, and I like the feel of it and have kind of got used to it. Plus Fedora seems very stable, the repositories contain most of the items i’ll need and the package management is really straightforward. As soon as the core system is on there and SSH is up and running, the box will be headless as well, so it’ll be shell acess only. I’ll be starting with an absolute minimal install to ensure reasonable security steps.
At this stage, additional packages will be:
Security/IDS – IPTables, Netfilter, TCPDump, libpcap, Snort
Mail Server – Dovecot(or Courier – not sure yet), Qmail, Squirrelmail web interface, ClamAV, Spamassasin
File Server – Samba, NFS
Calendar – Using WebDAV
Web server – Apache
Monitoring – ntop, logs for each package
VPN – Openswan, OpenVPN
Thats the list so far – if anyone has any comments or advice, I’m open to suggestion…..
Recent Comments