Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: matprova on January 25, 2008, 05:03:46 PM
-
Hi everybody,
I’m using SME since 2005 as “server only”, now i’m going to use it as “server and gateway” for windows file sharing, print server, backup system and mail server.
I’m wondering if it’s secure to do everything on the same server, if I will need to spend a lot of time to prevent system crashes and if it’s firewall is strong enough to prevent hacking purposes.
Thank you in advance for your answer.
-
Hi,
I've been using SME for 6 or 7 years now (I think the first version I used was 5.5). I've always used it in server-gateway mode, and on a fixed, public ip address. In all the time I've never had any problems with hackers/crashes/etc. Our first machine ran for at least 4 years without problems.
We use SME for our own company web & mail, plus I host a couple of sites for friends - just local sports clubs. I'm not at all a computer 'techy', and SME has never given problems, so I guess that it will work fine for you.
Of course, we are just a small company based in Belgium, so we're not a big target for hackers etc. (I hope). But in the same time that we've been runing SME like this, I have a friend who did the same with a windows server - also only a small company - and he had problems with hackers. He switched over to SME this summer and is very happy.
-
matprova
A lot of continued effort has been put in by the developers to ensure sme server is secure.
Opinions will vary about the "all in the one box" approach, but it has been well proven over the last 7-8 years, and has ran reliably & securely in gateway server mode for many thousands of users.
The more likely area of security breakdown is in poorly written web applications (particularly php apps) that have inherent security flaws. This can be combined with occasional security flaws in for example php and hackers may find those combined exploits.
Note this is not a firewall or server isssue, it's a web application issue.
If you keep your sme server up to date with security releases, and do not make too many or unwise modifications, and only install well supported web applications (that you also keep up to date with bug fixes etc), then you will have a very secure server, despite what people may say about the supposed benefits of seperating the firewall & server functions.
-
Thanks for your answer.
Just another question: you said that I shouldn't make "too many modifications". What do you mean with "too many modification"? If I install some contribs like backuppc, fetchmail, login-script manager can cause some problems?
Is there a page on the wiki where I can find the "secure" contribs to install? Or at least a page to know what contribs I shouldn't install...
-
matprova
The more non standard (ie not default values as installed from CD) you make your server, the more chance of introducing security issues. The less changes you make and the less add ons you install, then the less risk you introduce. Only install the absolutely minimal amount of add ons that you really need.
Most of the contribs at
http://wiki.contribs.org/Category:Contrib
and
the howtos at
http://wiki.contribs.org/Category:Howto
are OK to use, wisely.
If a bug is discovered in any contrib or application you install, then of course they can cause some security issues, and over time bugs will be found with most applications, so therefore you still need to keep them updated as new versions (with bug & security fixes) are released.
-
That's ok, but on my server I played with some contribs to test them functionality...
Is there a way to find out what contribs I've installed?
Do you think that it's better to start a new installation and install only necessary contribs to have a clean install?
-
matprova
You can run a list of all rpms installed and compare that with a standard unmodified install.
Server manager - View log files - rpmpkgs
If you are clearly unsure of your servers history, then yes a fresh install would be the way to go.
That will also clean out custom templates modifications.
Create an ibay called say installedapps, and every time you install an rpm or app, copy the files to the ibay. That way every time you do a full backup you have a copy of everything that was installed.
If you need to do a fresh install and restore from backup, then you have all contribs all your finger tips waiting to be easily reinstalled.
-
Is there a way to find out what contribs I've installed?
Use the audittools on the command line as root user:
/sbin/e-smith/audittools/newrpms
-
Thanks for your reply.
Mat