Thanks for the tips. So i'll stick to 2.2 for now.
Yes it will all be run on the one box & there will be a basic admin on site who i will slowly train up. I will be sticking with the packaged solutions as suggested. After looking at dansguardian i think this is overkill for what is needed. There is only 2 pc's that need to be locked down to just AV & MS update sites & with the ability to login to get full net access. The rest of the pc's will be fully open so squid ACL's will be fine. Though having AV on squid might be of benefit. OpenVPN looks a lot easier than ipsec... would have saved me a lot of pain with other clients if i'd found it earlier :) Backup... well i have a nice script that i use that should be ok. Since the on site admin isn't fully useful in linux i want to try and automate as much as possible. ldap... might also be a little bit of overkill. As there will only be 1 maybe 2 users that need to login to unix, around 5 users for samba & 10 for email. With an overlap of users of around 5 with a low turn over. They aren't growing at a large rate either. So it might add a little bit of extra complexity. I haven't had much experience with LDAP either... is their much to it? As for ftp, yes it will be on the same box but its a LOT more secure than their current setup. Their internal data isn't anything super sensitive (like payroll etc is stored locally on a laptop & backed up). Just autocad pics of venue's, quotes etc are stored on the server. So by ensuring the server is patched regularly & the ftp server is setup correctly that should be ok. though i may show them how to start & stop the ftp service as it will only be needed on an ad hoc basis. hylafax... yes its a fun beast. I've used it in the past quite successfully and it runs quite well. The system i had it on had a 8 port modem card & sent/received a few thousand faxes a day. Once i get the install process down pat i'll be sure to add the doco to the wiki (like i did with adding sound :P ) Once again thanks for the info. ---------- Mark Chatterton On 21/10/2005, at 6:30 PM, Matthias Subik wrote: ignoring the 2.2 to 3 issue completely I pick up where christian has left: do you want to run all this on one box, and are happy to maintain all that? my opinion would be that if you don't want to spend lots of research time, I tend only to use packaged solutions (or package them myself, let swup-cron handle the updates). so having tsl serving postfix+amavis+sa+clamav+courier is fine, squid is fine, but having to install dansguardian for five seats is too much I think, a good LART in the office will suffice. webmail I could recommend the packaged (by another fine packager) squirrelmail (but my recommendation is to activate the alias only in the ssl part of the weberver, not the plain one). from the same source there is openvpn, which I can fully recommend. works way simpler then ipsec, don't even think about any other tunneling solution, recent articles on the matter support my position there. backup??? ahhhh, backup???? tar and a calendar on you desk? nothing from my side here. samba? when you are interested in samba, you might want to install samba+ldap, which would help you having one userbase, not three (unix, email addresses, samba). proftpd? if you really want to run another service on the same box (which holds internal data, right?) I rather recommend you read twice (on every occasion) the entire config of the box, to make sure there isn't any "known" security hole. hylafax? love to see your notes in the wiki on that one, haven't used it for ages, are people still faxing out there? if yes, please add to the wiki. I remember having a real hard time setting that one up. since there is much said which is not distro related, feel free to ask around, but don't expect much agreement, since everybody has another idea how to do that, I tried to outline what is simple with tsl and what is not. good luck. matthias _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
