Re: Easy for a newbie to manage an OpenBSD server?
On Wednesday 02 August 2006 03:26, Titan wrote: I have quite a predicament. I have been tasked with setting up an FTP server for the research group I'm involved with. The problem is once I'm gone someone with no *NIX experience will be maintaining the server. Does the ftp have to run on a unix-like system? Leaving someone unfamiliar with a system to maintain it is a pretty bad idea. It is much better to have the FTP server setup on an OS that he or she knows best, so that it can be patched and fixed quickly should problems occur. Even if that OS is said to be insecure, it is still far better than having a server with an administrator has no clue of how it works, let alone patching it when needed. I still don't quite understand what your setup requirement is. Since you seem worried about the system being compromised, I presume that you are setting up a private ftp server. In that case, look into deploying SFTP rather than plain old FTP. Any good FTP client should support it, and it is the cheapest insurance you can get to keep the user information safe, which can only help you to protect the machine. I've been considering using OpenBSD because it looks like it can go far longer without updates than Windows and Linux servers and looks to be very secure. It may be so, but don't bet on it. Any unpatched system, especially when (critical) patches are available, is simply inviting trouble. In your experience, would it be possible for someone with no *NIX experience to maintain a simple FTP server? If this person is willing to learn, OpenBSD is indeed one of the better unix-like system out there to administrate. The man pages are very well written, the FAQ on the project's website will answer a considerable number of questions, and the file system layout is logical and consistent. These are all benefits that makes administration easier. If your setup is simple and small, the box could probably be left alone to run for a while. In this case, it may not take your successor too much time to pick up enough unix to keep the box running for a while. How long would you trust an unpatched OpenBSD server to go unhacked? That is like asking when do we expect the world to end :-) In other words, it is very hard to say for sure. OpenBSD comes with sane and reasonable default configuration, so it is likely that it will last much longer unpatched than other system, if the default configuration is not changed much. Patching an OpenBSD system is not exceedingly hard. The FAQ detailed how this can be done. Also, there is http://www.openbsd101.com that your successor may find useful if you did choose to deploy OpenBSD. There is also the mailing lists and the #OpenBSD channel over at freenode.net if reading through the documentations didn't help.
Easy for a newbie to manage an OpenBSD server?
I have quite a predicament. I have been tasked with setting up an FTP server for the research group I'm involved with. The problem is once I'm gone someone with no *NIX experience will be maintaining the server. I've been considering using OpenBSD because it looks like it can go far longer without updates than Windows and Linux servers and looks to be very secure. In your experience, would it be possible for someone with no *NIX experience to maintain a simple FTP server? How long would you trust an unpatched OpenBSD server to go unhacked? Thanks for your help.
Re: Easy for a newbie to manage an OpenBSD server?
Thee: In your experience, would it be possible for someone with no *NIX Thee: experience to maintain a simple FTP server? In my opinion, OpenBSD is the most logical and straight forward UNIX-like operating system around. There isn't much in the way of how-to's and tutorials, but it is straight forward to learn via the man pages, the documentation on the OpenBSD site and with a couple of books that I have. How long would you trust an unpatched OpenBSD server to go unhacked? That depends entirely on what the absent patches cover. It is impossible to say really. How long is a piece of string? Best regards, Craig http://slashboot.org/ Support OpenBSD http://www.openbsd.org/orders.html On 01/08/06, Titan [EMAIL PROTECTED] wrote: I have quite a predicament. I have been tasked with setting up an FTP server for the research group I'm involved with. The problem is once I'm gone someone with no *NIX experience will be maintaining the server. I've been considering using OpenBSD because it looks like it can go far longer without updates than Windows and Linux servers and looks to be very secure. In your experience, would it be possible for someone with no *NIX experience to maintain a simple FTP server? How long would you trust an unpatched OpenBSD server to go unhacked? Thanks for your help.
Re: Easy for a newbie to manage an OpenBSD server?
Titan wrote: I have quite a predicament. I have been tasked with setting up an FTP server for the research group I'm involved with. The problem is once I'm gone someone with no *NIX experience will be maintaining the server. I've been considering using OpenBSD because it looks like it can go far longer without updates than Windows and Linux servers and looks to be very secure. You are correct on the last part. In your experience, would it be possible for someone with no *NIX experience to maintain a simple FTP server? Yes, but there are no shiny PHD (Push Here Dummy) buttons built-into OpenBSD--standard system administration practices require editing files, downloading source updates and compiling them, but you could create wrappers for these tasks. In any event, a system that one knows well is likely to be better maintained than one that one does not. How long would you trust an unpatched OpenBSD server to go unhacked? A lot longer than most OSs.
Re: Easy for a newbie to manage an OpenBSD server?
On Tue, Aug 01, 2006 at 10:26:23AM -0500, Titan wrote: I have quite a predicament. I have been tasked with setting up an FTP server for the research group I'm involved with. The problem is once I'm gone someone with no *NIX experience will be maintaining the server. I've been considering using OpenBSD because it looks like it can go far longer without updates than Windows and Linux servers and looks to be very secure. In your experience, would it be possible for someone with no *NIX experience to maintain a simple FTP server? How long would you trust an unpatched OpenBSD server to go unhacked? Leaving *anything* unpatched on a public IP is asking for trouble. OpenBSD will fare better than most, but it's still a bad idea. A better idea would be to script various things, write some procedures down, and walk the other person through everything and have them perform them before you leave. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Easy for a newbie to manage an OpenBSD server?
On Tue, Aug 01, 2006 at 10:26:23AM -0500, Titan wrote:
I have quite a predicament. I have been tasked with setting up an
FTP server for the research group I'm involved with.
Do you need FTP? Can you use SFTP instead?
The problem is once I'm gone someone with no *NIX experience will
be maintaining the server.
Why? Can't you train them? I can understand if most research groups
can't afford to hire a full sysadmin, but hiring an up-and-coming
undergrad for seven peanuts an hour shouldn't be too bad.
I've been considering using OpenBSD because it looks like it can
go far longer without updates than Windows and Linux servers and
looks to be very secure.
/me sighs
OpenBSD, while very, very useful, isn't a magic bullet. System
security is as much the admin's job as it is the OS's. If you leave
your box unpatched, even if it's running IdealOS v20, you'll
eventually regret it. Period.
No matter what OS you put on your server, you'll need to make sure
that it's patched. Some OSes make that task easier; others have
strong security track records. But with a dumb or negligent admin at
the console, it doesn't matter what bonafides your OS has -- you're
screwed.
In your experience, would it be possible for someone with no *NIX
experience to maintain a simple FTP server?
Yes.
How long would you trust an unpatched OpenBSD server to go
unhacked?
This is silly. Patch your system. If you and your successor spend a
day or two reading the FAQ and afterboot(8) and keep your eye on
your system, you'll stand a good chance of not having too much
trouble.
--
o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*
Re: Easy for a newbie to manage an OpenBSD server?
On Aug 1, 2006, at 11:26 AM, Titan wrote: I have quite a predicament. I have been tasked with setting up an FTP server for the research group I'm involved with. The problem is once I'm gone someone with no *NIX experience will be maintaining the server. I've been considering using OpenBSD because it looks like it can go far longer without updates than Windows and Linux servers and looks to be very secure. In your experience, would it be possible for someone with no *NIX experience to maintain a simple FTP server? How long would you trust an unpatched OpenBSD server to go unhacked? Thanks for your help. If the person maintaining the server has no *nix experience then maybe you should consider using technology that they are familiar with. Of course using openbsd has advantages but there's no point using it if you know the server won't get proper care and feeding. If using something the future maintainer can handle is out of the question (maybe they only know windows Me? I'm not sure ;)) then maybe you can get paid a little or do some pro bono remote maintenance? If the server will never get taken care of then you really should consider paying for some remote ftp hosting. At least then the management of the server is off your hands. It may not be an option if you have sensitive data but it might be more secure than leaving a server to get old. Personally, I don't think it will be *too* bad if you leave it running... as long as it doesn't get popular and/or people don't start poking at it to see if it will break. Mike
Re: Easy for a newbie to manage an OpenBSD server?
* Titan ([EMAIL PROTECTED]) wrote: I have quite a predicament. I have been tasked with setting up an FTP server for the research group I'm involved with. The problem is once I'm gone someone with no *NIX experience will be maintaining the server. I've been considering using OpenBSD because it looks like it can go far longer without updates than Windows and Linux servers and looks to be very secure. In your experience, would it be possible for someone with no *NIX experience to maintain a simple FTP server? Why put someone with no *NIX experience maintaining a *NIX server? From my stand you're considering: - security - stability - is it easy to maintain? From my experience these all fit the OpenBSD profile. How long would you trust an unpatched OpenBSD server to go unhacked? No one seriously will give you an answer for this. If it's a unpatched whatever system and there's a known exploit then you shouldn't connect it to any network. If no exploit is known to exist in public you can pray but I don't know for how long I would trust it..
Re: Easy for a newbie to manage an OpenBSD server?
On Tue, Aug 01, 2006 at 10:26:23AM -0500, Titan wrote: I have quite a predicament. I have been tasked with setting up an FTP server for the research group I'm involved with. The problem is once I'm gone someone with no *NIX experience will be maintaining the server. I've been considering using OpenBSD because it looks like it can go far longer without updates than Windows and Linux servers and looks to be very secure. In your experience, would it be possible for someone with no *NIX experience to maintain a simple FTP server? No. In fact, most persons with UNIX experience would counsel you against using FTP other than anonymous FTP - as posted before, it's quite insecure[1]. As mentioned before, sftp is preferable. If you must do this, consider going with whatever the group knows. If this is nothing, tell them to get some help. How long would you trust an unpatched OpenBSD server to go unhacked? If it's only running ftpd (or sshd+sftp-server), system compromise is likely to take years, given a proper setup (i.e., no root access via ftp and such). However, user accounts may be compromised within minutes. Joachim [1] Using S/Key exclusively does go some way towards mitigating the problem, but adds a lot of complexity and raises the bar for a competent attacker from 'trivial' to 'easy'. (Hint: take over a session; if you have some time, write a program that does so as soon as QUIT is seen, leaving the user none the wiser. This does, however, require a host that can actually intercept the stream, instead of just seeing it. Or, for a quicker solution, proxy the authentication request from the server to the client and then deny authentication, and you have succesfully stolen a password. Less stealthy, though.)
Re: Easy for a newbie to manage an OpenBSD server?
Titan wrote: [snip] In your experience, would it be possible for someone with no *NIX experience to maintain a simple FTP server? That could work well if that person is willing to read documentation. OpenBSD comes with very good documentation in the form of manual pages and FAQ. Google is quite useful as well, of course. /Sigfred
