[modular-debian] Re: Distros without full proper management
- From: Steve Litt <slitt@xxxxxxxxxxxxxxxxxxx>
- To: modular-debian@xxxxxxxxxxxxx
- Date: Sun, 23 Nov 2014 11:46:37 -0500
On Mon, 24 Nov 2014 03:28:52 +1100
Andrew McGlashan <andrew.mcglashan@xxxxxxxxxxxxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi Steve,
>
> On 24/11/2014 2:46 AM, Steve Litt wrote:
> > On Mon, 24 Nov 2014 00:48:40 +1100
> > Andrew McGlashan <andrew.mcglashan@xxxxxxxxxxxxxxxxxxxxx> wrote:
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA256
> >>
> >> On 24/11/2014 12:36 AM, Miles Fidelman wrote:
> >>> OpenBSD has a pretty amazing track record in terms of security.
> >>> Don't know if the same can be applied to their ports.
> >>
> >> So, that doesn't hold true for FreeBSD as well?
> >
> > Not to the same extent. Pertaining to security, OpenBSD makes Debian
> > look like Windows, from what I understand. Its top priority is
> > security.
> >
> >> I've relied on Debian-Security and as a rule try to not install
> >> software outside of apt packaging -- the main reason for that is to
> >> make sure that the package system has a chance of keeping my
> >> software more secure than I could manage by myself.
> >
> > Andrew, what's your use case? What are you doing with your
> > computer(s)?
>
> The /main/ basics at this time are as follows:
>
> bind9 DNS servers
> multiple zones [master and slave as well]
>
> exim4 mail servers
> [full TLS, dovecot, squirrelmail]
>
> mysql [server] for websites
>
> xen and kvm servers
> [moving to kvm over xen on some machines]
>
> apache2 web servers
> [including one Magento site, a bunch of WP sites and other sites]
>
> samba server
>
> backup servers
> [mostly, but not exclusively using rsnapshot]
> - currently with LUKS encrypted over RAID1 with lvm2
> - also with dropbear.
>
> own cloud [or similar] setup will be done at one stage.
>
> and normal ssh of course.....
> [with limited and restrictive access]
>
>
> The virtual server side of things are my greatest concerns for
> migration, the rest is pretty simple.
>
>
> Currently using *mostly* Windows for desktops / laptops.
>
> Also Windows Server products on some client machines.
> [AADS (formerly XPUnlimited product)
> - MYOB and other products that needs to use Windows at this time]
Hi Andrew,
My research tells me that OpenBSD would be an outstanding candidate for
most of the preceding, always assuming slow file creates and deletes
didn't bottleneck you. I'm pretty sure that bind, exim, mysql, apache,
samba server, and ssh server would be no-brainers for OpenBSD.
Because of the filesystem, I would *not* use OpenBSD for a backup
server: I'd use FreeBSD or one of the Linuxes, or maybe illumos or
OpenIndiana, neither of which I've tried yet.
It's funny. My personal backup server uses nothing but ssh and rsync
and Blu-Ray burning software (growisofs, udf software, LUKS). I could
probably implement it with one of those tiny linuxes like DSL or Peanut
or whatever, and I doubt those things have systemd. Or I could use
Porteous, which wouldn't be a good desktop (whacky package manager),
but good enough for a backup server.
I just read 10 minutes ago that illumos has KVM, so that's where I'd
start for that. As far as xen, I'd use whatever os the xen people
recommend (maybe Ubuntu). Yeah, it's systemd contaminated, but a xen
Dom0 or whatever you call it is such a single minded application
that I can't see the underlying Linux being much of a problem.
I found some documentation indicating that FreeBSD can be a xen Dom0:
https://wiki.freebsd.org/FreeBSD/Xen
The preceding document also lists some limitations. Here's a doc on
Dom0 kernels for xen:
http://wiki.xenproject.org/wiki/Dom0_Kernels_for_Xen
HTH,
SteveT
Steve Litt * http://www.troubleshooters.com/
Troubleshooting Training * Human Performance
Other related posts: