>I'm about to start to set up a simple smtp,dns and pop access system for
>our office, any points to think about before I start ?
Read the TrinityOS doc for security, SMTP tweaks for MASQ setups, DNS
configs, etc.
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri
(I'll repost this since I made some serious upgrades in the last few weeks)
--
Current
Features:
+ A Search & Replace Key to re-write this doc for YOUR environment
+ Full LAN masquerading (IP MASQ) using a private class B
+ Masq port forwarding support (IPportfw)
+ Advanced packet filter firewall ruleset for MASQ and non-MASQing servers
+ PPP connectivity to your ISP (for analog/ISDN modem users)
+ Setting up, compiling, installing, and booting a 2.0.35 kernel
+ Dial-on-Demand Internet connections (modem users)
+ Automatic Internet connections every 15 minutes (modem users)
+ Dual 10Mb/s Ethernet network support (3c509b) NICs
(modem and cablemodem users) and network optimization
+ Full Bind v8 (and v4) authoritative domain DNS and DNS caching
service
+ Full Sendmail mail system support w/ domain masquerading
+ WWW, TELNET, FTP, and POP3 services
+ Secured IP address telnet access
+ Full SVGA X-Windows support (Xfree only. Metrox-X sucks)
+ Advanced SYSLOG logging
+ Actively maintained Linux system security and patching
(Shadow passwords, etc)
+ DHCP server for other LAN machines (laptops, etc)
+ NTP time calibrated
+ SCSI-based TR4 tape backup via BRU
+ Full SSH telnet and X-windows encrypted tunnels
+ Sound Blaster 16 sound support
+ Software RAID 0 (striping) two SCSI HDs
+ 7-CD SCSI CD-ROM changer system
+ Samba : Full Microsoft Windows file & printing support
+ PCMCIA PC-Card Services
+ Full APC SmartUPS powerdown support
+ Tripwire Security Breech monitoring [not completed yet]
+ Backing up the server to a CD-R [not completed yet]
Future
Features:
- Setup a email list server (MajorDomo, Petidomo, dunno yet)
- Email sent dynamic IP address exception requests for access through
the TCP Wrappers and the IPFWADM rulesets
- Update the DNS setup to be a SPLIT-DNS setup for additional
internal security
- Impliment a new 2.1.x kernel
- Migrate IPFWADM to IPCHAINS (required by the 2.1.109+ kernels)
- DHCPc client setup for Cablemodems
- Build BRU recovery diskettes
- Impliment automatic weekly incremental tape backups to the
TR4 tape drive.
- Fold my existing Linux-PPP and Linux-Masq-PPP doc
into TrinityOS.
- Update the PPP docs to reflect the new PPPD 2.3.x+ configuration
method.
- 128-bit encrypted Apache WWW server
- BZip2 compression w/ tar patches
- Move over to xinetd for better DoS protection
- Iomega parallel ZIP drive support
- Add hdparm optimization for IDE HDs
- WWW Proxy services
- WWW banner add filtering
- SATAN / COPS / ISS / NMAP tested
- Move this doc over to SGML format!!!!!!
.----------------------------------------------------------------------------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
