RE: [gentoo-server] Server Packages for Gentoo

["Spahn, Daniel" <DSpahn@cuh2a.com>]

----Original Message-----
From: BRM [mailto:bm_witness@yahoo.com]
Sent: Tuesday, September 30, 2008 1:36 PM
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] Server Packages for Gentoo

How's this one?

Sorry about that - ( I tried something different this time, but for the most part...) unfortunately I can't do anything about it since it's Yahoo's webmail interface...Also why I'm not replying in-line, but at the top.

Ben



----- Original Message ----
From: Robert Bridge <robert@robbieab.com>
To: gentoo-server@lists.gentoo.org
Sent: Tuesday, September 30, 2008 1:28:46 PM
Subject: Re: [gentoo-server] Server Packages for Gentoo

On Tue, 30 Sep 2008 09:17:42 -0700 (PDT)
BRM <bm_witness@yahoo.com> wrote:

> That's a matter of choosing what you install; but that's not specific
> to Gentoo.
>
> MySQL on Gentoo is not going to be any different than MySQL on RHEL
> or SLES. However, stability - due to differences in versions,
> patches, etc. - might be different; but should be close to the same.

Except the Gentoo version will move a lot faster, potentially causing
problems...

BRM: Can you please fix you mail client so it includes the in-reply-to
and/or references headers so that it stops spawning a new thread
every time you reply.


Now that I've seen some ideas, here is what I was thinking by enterprise-level software:

Software that is secure within its domain, dedicated to a function, runs lean and without bloat, stable, as isolated from the OS as possible, and scalable. Software in this class must be part of some kind of security monitoring/advisory system (i.e. GLSA). Here's what I mean by all this:

Secure within its domain means that it only get those privileges absolutely necessary to its function- it should not have to run as root, for example. It should be possible to isolate the security level of any given software package, and should not run as a user account with an easy-to-crack password.

Dedicated to a function means it should not try to do it all- a DHCP server should manage IP addresses, not try to be a DNS, database, firewall, and desktop widget all at once.

Running lean and without bloat means it should only use necessary resources- no memory holes to speak of, no extra features or gui's, if possible.

Stable obviously means not prone to crashing.

Isolated from the OS meaning that, when it does crash, it doesn't take the whole server with it- if it must crash, it should only affect its own domain, which should be easy to sanitize without requiring a server reboot (Linux does this very well natively anyway).

Scalable is just what it means- deployable to a group of users as easily as to just one user.

As a Linux server, the basic type is LAMP, which are packages that have a strong reputation. How about additional functions that a LAMP cannot handle? How about network-level authentication? I have read about the Linux version of AD, but I am more curious abobut experiences with the associated packages, as well as security and functionality weaknesses, as well as potential security oversights. Any thoughts?

Thanks!