Which Linux Distro?

dim

Enlightened
Joined
Nov 26, 2004
Messages
345
I recently acquired a Gateway PC in a tower configuration with an Intel Pentium III 450Mhz processor, 128MB Ram, 30Gig HD and an 8MB ATI Rage 128VR video card along with a Samsung 15" 1024x768 LCD monitor. The hammered version of Windoze98 installed has got to go.

I'd like to install a lite but full version of Linux without unnecessary bloat on the box with the intention of using it, primarily, as a server running Apache, PHP, Perl, MySQL, etc. and provide additional storage space for my personal network as well as, secondarily, a second desktop with Firefox and Opera browsers and OpenOffice that will best suit the machine.

I've taken a look on the web at the usual cast of characters found on distrowatch.com, Ubuntu, Mandriva, Fedora, MEPIS, Damn Small, PCLinuxOS etc... So far, MEPISLite and PCLOS seem to be the standouts that, perhaps, best suit my needs.

Which Linux distro would you suggest?

73
dim
 

raggie33

*the raggedier*
Joined
Aug 11, 2003
Messages
11,698
id say something with a light window manager such as fluxbox or something along that lines
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,143
Location
Near Silicon Valley (too near)
I've been doing the Slackware distros for the last 10 years. Yup, I have a slackware 95 cd-rom sitting on a shelf. The full distro (using KDE or Gnome but not both) is still under 2 gig.

It takes a while to walk through the options, but you can install just the software that you want. That's nice for a server such as the one you are going to build. I installed a fairly complete copy on a 2 gig laptop last week just for fun. With 24 meg of ram it was not quite able to keep up with mozilla and the other demands. It is able to act as a router, firewall or web server.
 

shaman

Newly Enlightened
Joined
Jun 12, 2005
Messages
160
Location
Under God.
dim,

Since it seems you are familiar with Linux and the software that runs on it, the choice is really up to you. I am under the impression that this will not be your first linux box, so you are coming into the discussion with knowledge and experience. Many of the distros you named are based off the big ones, (Slackware, Debian, RedHat...) so the choice is indeed based on need.

CentOS - A good fork of the RedHat Enterprise Edition. My understanding is that it got to be a fork because of a loophole in the EULA.

Ubuntu - A good distro that take a lot of the bloat out and also forces all user root privs to go through 'sudo'. Good distro based off of Debian, geared toward workstation and desktop environments (but servers can be configured as well)

Mandriva - Good desktop distro but not primarily for servers.

Slackware & Debian - Good distros for the system admins. Very control and module oriented. Also takes more time to configure in comparison to other distros. Product == Time Invested.

Linspire, Lycoris, Lindows - Desktop os distros to aid those who are trying to walk across the bridge from other like OSes.

Gentoo, Fedora - Workstation & Server distros.

In any event you can make any of these do what you are requesting, time and energy is all that is required. BSD variants also provide much of the same functionality as well as other options that linux may not. It really comes down as to how much time do you want to spend setting it up, and how much time you want to spend maintaining it?

Sincerely,

Shaman
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,143
Location
Near Silicon Valley (too near)
Good post Shaman.

I have found that, for a server, the maintanence can be minimalized if you also minimize the packages installed on the system. For instance, my mail server does nothing but mail, and I don't have to patch a dozen other packages to keep it current. It is a little 100mhz pentium laptop with a small drive, but that's all it needs to be. The same goes for my web server. It does not do much and so it's easy to keep an eye open for security related patches.

Add a few scripts to monitor your logs and they almost run themselves. :)

I found the redhat distro used their own patching system, so I had to keep everything up to date even if I was not using the other packages. It took more time to administer than the Solaris systems I maintained.
 

shaman

Newly Enlightened
Joined
Jun 12, 2005
Messages
160
Location
Under God.
Yep, I agree 100%. As much as some people would love to tell you... "You can have an email, web, database, ftp, and everything else server" your best bet (if you can afford it) is to seperate your servers. Tis better to seperate all of your servers now then to isolate all of your servers in the event of a breach (or have all your servers go down just because the system crashed).

Shell, perl, python, ruby, and php scripts are life savers! Convert a few cumbersome maintenance tasks to scripts, drop a crontab for them, and secure the logs. You can get as specific as automatically patching the system (a little bit risky :) or automatically resizing databases to as general as a simple FTP script or log rotation. Yep they can pretty much run themselves. I still love the t-shirt from ThinkGeek...

http://www.thinkgeek.com/tshirts/frustrations/374d/

All of it is relational to the amount of work you put into it. I have seen uptimes (time since last reboot for those unfamiliar) on servers into the years... unlike other OSes which may need a reboot once a month :) . There is so many great tools and software for linux it is almost funny. With that said the time it take to configure some of those tools and software is almost funny. You can replace the server, you can replace the OS, but you can't replace the time invested nor the knowledge acquired.

I personally love OpenBSD, but I also like Linux. Not saying this to start a flame war or anything, just merely to say Linux, Solaris, BSD, DOS, Windows, MacOS(X), etc... It's all a toolbox, just pick which one you need to get the job done right.

Sincerely,

Shaman
 

raggie33

*the raggedier*
Joined
Aug 11, 2003
Messages
11,698
i still never got to try gentoo.its to hard for me to figure how to install.even with there instructions!but id like to try it ive heard its fast.i like ubuntu but i didnt like that ya cant log in as root.i found a way to log in as root but forgot how now.fedora has trhe alpha 5 out now
 

shaman

Newly Enlightened
Joined
Jun 12, 2005
Messages
160
Location
Under God.
dim:

Also I'd like to second gadget_lover's statement regarding "minimize the packages installed on the system". This will be the case in your scenario. Since you have a 450 that will be serving (no pun intended :) several server roles as its primary function as well as providing enough desktop functionality to use openoffice, the stress is already building up. This is not to say that you can't do it, you CAN set a server up with your specs.

Typically when I set up linux/bsd based servers, I install them without the xwindows/x11/x.org system on it... so console/terminal/ssh access only. This way a good deal of overhead is lifted from the server in question, since it doesn't have to worry about managing windows. Now not all people can afford to do this, so just a word of caution. Due to the fact that OpenOffice take a decent amount of system resources to run, this shall also play a factor. Sorry if I am stating things you already know :)

Sincerely,

Shaman
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,143
Location
Near Silicon Valley (too near)
raggie33 said:
i still never got to try gentoo.its to hard for me to figure how to install.even with there instructions!but id like to try it ive heard its fast.i like ubuntu but i didnt like that ya cant log in as root.i found a way to log in as root but forgot how now.fedora has trhe alpha 5 out now

Sorry you had problems, Raggie. I'd suggest that you learn to use the system without being root. As the user raggie, you can mess up lots of things. As the user root, you can insatall viruses, trash the system, etc. Using sudo to become root avoids disaster when you make simple typing commands like "rm -fr / tmp/junk" instead of "rm -fr /tmp/junk"

To become root using sudo????

sudo ksh -o vi

Works rather well.
 

shaman

Newly Enlightened
Joined
Jun 12, 2005
Messages
160
Location
Under God.
Ah, what the hey, if anyone should desire... a good read, to learn more, or to wade in to the linux pool... visit this website.

http://www.tldp.org/

With all the linux distros sometimes it is easier to get an answer than it is to ask a question.

Sincerely,

Shaman
 

gregw

Flashlight Enthusiast
Joined
Jun 7, 2004
Messages
1,511
Location
Hong Kong
To ensure that you don't get hacked, I highly recommend that you install PortSentry to your Linux Server. This detect port scans and automatically block the IP from connecting to your server. There is absolutely no reason for doing a port scan unless you (the owner) are the one doing it, so it just make sense to block any that is detected.
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,143
Location
Near Silicon Valley (too near)
gregw said:
To ensure that you don't get hacked, I highly recommend that you install PortSentry to your Linux Server. This detect port scans and automatically block the IP from connecting to your server. There is absolutely no reason for doing a port scan unless you (the owner) are the one doing it, so it just make sense to block any that is detected.


While that's not a bad idea, I'd normally take a different track.

Security falls into different categories. Detection, Reaction and Prevention are a few.

The logcheck and tripwire utilities are for detection, but don't stop the bad guys.

The portsentry tools detect and react, but they do present an oportunity for an atatck since the ports must be open.

A seperate firewall prevents the atatck from reaching the system, making detection even more important since you need to recognize when your firewall is breached. Lacking a seperate firewall I'd suggest properly configured host based firewall such as ipchains.

So to summarize; Block first, detection second and react third.

I could, of course, be wrong.
 

gregw

Flashlight Enthusiast
Joined
Jun 7, 2004
Messages
1,511
Location
Hong Kong
gadget_lover said:
While that's not a bad idea, I'd normally take a different track.

Security falls into different categories. Detection, Reaction and Prevention are a few.

The logcheck and tripwire utilities are for detection, but don't stop the bad guys.

The portsentry tools detect and react, but they do present an oportunity for an atatck since the ports must be open.

A seperate firewall prevents the atatck from reaching the system, making detection even more important since you need to recognize when your firewall is breached. Lacking a seperate firewall I'd suggest properly configured host based firewall such as ipchains.

So to summarize; Block first, detection second and react third.

I could, of course, be wrong.

My recommendation of Port Sentry is definitely in addition to a properly configured firewall such as ipchains/iptables, and of course, properly security updated system software ... :) It's just an additional reactive security such that you make it more difficult to hack your server. An example of how I use this is that I do not use telnet (port 23) and I use SSH on a high port number instead of the standard port 22. I have both of these standard ports bound to PortSentry which will automatically black hole your IP if you happen to connect to them on my server.. :laughing: Anyone having proper access to my server will know NOT to use these ports to connect to my server.. :naughty:
 
Last edited:

_mike_

Flashlight Enthusiast
Joined
Aug 14, 2003
Messages
1,198
Location
Wa. State
I agree, Mepis is a very good distro. Have you looked at MepisLite http://www.mepis.org/node/6836 Look through the mirrors to get it http://www.mepis.org/node/1462 (scroll to the bottom of the page for the list of mirrors). Here is a general information about Mepis page http://www.mepis.org/node/1272

I have used both regular Mepis and MepisLite and like them both. Though these are Live CD's, they provide and easy option for installing them onto your hard drive. But being Live CD's, you can try them out before doing the install to see if you like it.
 

shaman

Newly Enlightened
Joined
Jun 12, 2005
Messages
160
Location
Under God.
That's why I like OpenBSD so much. Proactive approach to security, jails (chroot) everything it can, kernel protection, code audits, and an absolutely awesome firewall. PF can do so much (High availablility, redundant firewalls, block IP based on type of OS, etc). So with all that said.

Don't forget Snort...

Snort2pf works wonders for the OpenBSD systems... Detect attack => configure automatic firewall rule => pf block ip.

Also if your really wanting to get bleading edge, might want to try port knocking and changing your TCP/IP packet OS fingerprint.

Default Deny Rule
Rules to block both incoming and outgoing packets

Those are two traits found in a good firewall configuration.

P.S. [JOKE]This is starting to sound like a security triad or cissp/cism/ditscap discussion :).[/JOKE]

Sincerely,

Shaman
 
Last edited:

dim

Enlightened
Joined
Nov 26, 2004
Messages
345
I installed Mepis LATE last night (Or was that EARLY this morning) and just this now installed Opera, what I'm using now to check into CPF and reply to this thread.

Mepis received some very strong and enthusiastic reviews mostly for its ease and robustness as a Debian (I think) system.

I got started on the "left foot" but once I got past my own stupidity (and installed an additional 128 MB of memory for a total of 256MB) the install was sweet and easy. Really, quite the upgrade from Win98. Or in CPF terms, from a MM to an E2E.

In my research I've discovered that different distro are often based on Debian, BSD, RedHat, etc..., I don't know the fundimental differences in these OSes and the different distros.

73
dim
 

shaman

Newly Enlightened
Joined
Jun 12, 2005
Messages
160
Location
Under God.
Dim:

Congrats! Glad to read you are up and running. I forgot to mention (didn't know if you were doing a media based install or a network install) that burn the iso at a low burn rate (4x). This is a quick "I gotta" that will hinder an install and will be a major bane.

Nonetheless...

Congrat on the linux box, with that additional 128M, it should run like a charm.

Sincerely,

Shaman
 
Top