Forum OpenACS Q&A: Response to How much time does it takes to set up bboard from scratch

Collapse
17: Response to How much time does it takes to set up bboard from scratch (response to 1)
Posted by Louis Gabriel on 12/11/01 08:51 PM
Hi Talli,

Your point about desktop .vs open to the world servers is a great point.  As you point out, Mandrake is quite popular.  Therefor, there should be a lot of help out there for newbies in addition to here at Open/ACS.  Maybe some cross pollination could help the community grow, too.

My post concerns newbies learning OpenACS and new to Linux too.  I was not thinking about a newbie having their newly installed Mandrake/OpenACS box available as a public website right after installation.  Instead, as a desktop/server learning environment.  However, as one installed securely enough not to get cracked without a lot of effort if at all; most likely behind an internet connection sharing device like a low cost router/gateway running a firewall and NAT -- not perfect, but better than nothing.

I hate to hear of your unfortunate experiences getting cracked.  You do touch on another issue.  With an up to date distro one often has the benefit of having most or all of the software one needs to get at least Linux installed and hardened before even connecting to the internet.  I think Mandrake 8.1 might offer this or come close thru options available during installation.  But I don't know enough about security to say so -- thus my request for community replies.  Maybe we need an OpenBSD install/Quickstart guide :)

Contrast this to the distro mentioned in lots of Open/ACS documentation -- Redhat 6.2.  Maybe great in it's day, but old and thus needing a lot of updates/patches for security.

I suspect not many newbies will download all patches for 6.2, burn them to CD so they have them on hand prior to beginning installation AND make sure they're not connected to the internet UNTIL they both complete the install and work thru hardening their system.

I wonder how many Open/ACS newbies following community documentation have unwittingly exposed themselves to just the type of fast acting crackers that compromised your boxes.

I think helping newbies get up and running securely will help our community flourish -- and not doing so will be detrimental.

I was thinking by the time someone new to OpenACS/*nix was ready to host a site, that they likely won't be newbies any more -- and would have a better idea how to set up a server box securely for "public consumption" using whatever version of whatever OS they thought best for security and other reasons.

Your point of how fast an unsecured box can be compromised is one of the main reasons I mentioned Mandrake since, I suspect, their install procedure, regarded as easy for newbies, allows newbies to easily set a lot of what they need to have a higher level of security than other distros provide "out of the box" without the newbie having to know in advance what to do to harden their system.

I suspect they have too many services enabled by default -- that's why I mentioned what I did about "suggestion A, B, C and whatever of the community for installation options/instructions".

Maybe the members of our community most knowledgeable about security could either advise what distro and hardening procedure to use or come up with either an OpenACS distro for newbies or a Bastille like script to use for what the community recommends.

Again, a lot of community documentation mentions RH 6.2, and since RH 6.2 is quite lacking in security out of the box, I think our community needs some up to date recommendation or resources for newbies wanting to get started safely without worries of people cracking their boxes.

Since getting everything installed just gets folks to the starting gate, debating OS versions is not the most important thing of course -- but solid community advice on what options are good for a newbie to learn safely without worrying about being cracked IS imperative, IMO.  If our community has it's own version of "Install this/these versions and follow this/these step by step hardening guide(s) to have a hardened install for learning OpenACS", we should state so prominently; if not I feel we should create such.  This question does keep coming up.

In summary, I'm not saying Mandrake is "the distro for newbies to get up and running securely if you choose/do A, B, C...N during installation"; I'm asking if it is.  And if so, what installation options are best for a new install for someone wanting adequate security?

Thanks one and all for your input and help,

Louis