|
||||||||||
|
||||||||||
This is an unofficial archive site only. It is no longer maintained.
You can not post comments. You can not make an account. Your email
will not be read. Please read this
page or the footnote if you have questions. |
||||||||||
So, couple months back, I decided I am fed up with coding over FTP and shell account. After all, it's 2001, not 70's.
After deciding for a while, I took what was the best available. Installation CDs of Red Hat 7.1, and a half-discarded 486 from my home LAN, that served as a backup machine. Equipped with user-level experiences with shell accounts, I boldly entered the realm of System Administration. And the rodeo began... |
|||
The 486 was a sorry piece of machinery. Case from PP-06, an old East-European XT clone, housing an ancient ISA/PCI motherboard. Missing PwrGood signal from the power supply simulated by a resistor and capacitor. No CDROM, no floppy, controller card's floppy chip burned out. Before the machine served as a file backup system, sharing files over Netware Lite, running DOS; with the coming of CD writers she lost most of her reasons to run, so she got reassigned to the duty of the Linux pioneer of my LAN.
Of course, technicians are lazy. (Who isn't.) So, naturally, I supposed that I will do it the way I installed DOS earlier - install it all on different machine, then just move the disk. However, the technology developed a bit from when I done it last time... I took the disk, backed up all the remaining potentially worthy data on a CD, and plugged it to a Pentium-2 machine. Booted from a RedHat CD, selected what I wanted, formatted disk, ran install. Everything went pretty straightforward. I restarted the machine, it booted up to login. Everything just perfect. I moved the disk back to the 486. Power on, LILO caught up, loaded and uncompressed the kernel, and - froze. After a while of testing (and reading documentation) it was clear that the kernel is optimized for Pentium. So I uttered a dark curse, and moved the disk back to P2. Installed kernel sources, recompiled kernel and set it for a 486. Story for itself - the very first time I ever compiled a kernel - but at the end it was successful (and could've been much faster if I wouldn't have that damned tendency to tinker with everything). So I reinstalled kernel binaries and modules, and moved the disk back to the 486. LILO caught up, kernel loaded and uncompressed, initialized all the kernel things - gosh I was happy - and... froze. So I learned about the existence of "init". Which, in Red Hat installation, was Pentium-specific as well. I wasn't too eager to learn how to compile other software at the moment, experiences from arguing with the kernel way too fresh. So I gave up and done what I should've done at the very beginning. Borrowed a CDROM and a floppy drive from another machine, created a boot floppy from the image on the CD, wired the drives to the 486, after a boot-up attempt remembered that the floppy controller is bad, exchanged the controller board for another one from another decommissioned machine, selected what I want to install, reformatted the disk, and then spent something over a hour babysitting the machine and doing other work on another machine. (Note for Red Hat, Inc: You should offer choice of CPU optimizations in the installation software instead of just autodetecting it.) The installation went straightforward. More problems followed couple days later when I attempted to install a better network card. However, asking the Net for some keywords about Linux kernel modules and Realtek-based cards (the chip type number on the card is pretty good keyword in such cases) and reading the relevant documentation pointed me the right way. Now the machine has a pair of network cards in her. (I was too cheap to get a switch, so I made her a router.) After solving few rather simple problems (mostly related to understanding netmasks and routing), the machine finally done what I asked her for. In summary, even if I include the kernel module problem (which was caused only by me not knowing about it), it was easier to set up a Linux router than making Windows 98 doing the same. (Until then, I had a W98 machine acting as network router. Ewwww. Involved hacking undocumented registers according to recipes found on obscure websites, and never was really reliable.) Then the issue of Internet connection came up. I had a Windows 98 SE machine serving as a both dialout and Web proxy. It was a rather weak machine, rather inadequate for such task; despite of being a Pentium 150, Windows were too much on her and when she ran just a few Explorer windows, together with the proxies she choked under the load. In addition, she crashed couple times, requiring me to do lengthy reinstall and painful setting up of everything. So moving the modem to Linux was natural choice. We were solving PPP dialout earlier in one of our offices, so I had preliminary experiences. The problem thus got reduced to just "borrowing" the configuration files from the office machine, installing them on the local machine, editing the phone numbers and login and password for the ISP, and connecting the modem to the serial port. After solving three blunders (a typo in configfile, too short modem cable, and a misset jumper on the serial port card), I was online from Linux machine. And I am online from that machine from then. Much better than previous solution - Windows Internet connection sharing never worked well for me so I got stuck with WinProxy (later Proxy+). Firewall install was straightforward as well. I choosed to use a third-party firewall over the default one (I prefer to understand how the damned thing works, instead of relying on pretty graphical interface); downloaded Shorewall, read the documentation, installed, set up the zones and rules, worked. Works from then without a single hiccup. (I actually had previous experiences with Shorewall. About 2 weeks before, a friend asked me to secure his office network that was on a leased line. We guessed that continuing to rely on Windows, even if NT, will not be the right thing to do; so he took a decommissioned Pentium, a pair of network cards, and gave me them for a weekend. So I learned how to install firewalls. Later we installed FTP server there (proftpd - good performance, less security issues than with the default wu-ftpd, better configurability), and moved there the FTP services from Windows machine. After the holidays, the machine is scheduled to be equipped with bigger disk, and the webserver, now running on NT/IIS, will be moved there as well - at this moment, the friend is rewriting the databases from Active Server Pages to PHP, for both stability and performance gain. The machine had a single crash for all the time of her existence; maybe caused by power surge, maybe by hack attempt (we found traces of unsuccessful attempts in system log), maybe by a problem with smbfs module (smbfs is a filesystem for communicating with Windows network drives; I had one more weird crash on another machine, in circumstances involving smbfs). But after a reboot everything worked just fine. (There was one more problem with that machine, but it was just running out of disk space, caused by a human error, solved in 5 minutes from when I got the call, over remote login.)) Then I got new computer, for playing and testing and development and for fun in general. AMD on 1.2 GHz, lots of memory, lots of disk space. Installation of Linux was straightforward and done in about half-hour. Three crashes in its lifetime, all of them caused by my mistake when I was sticking hands where I wasn't supposed to and not knowing well what I am doing. (The root powers are immense.) The machine now runs caching web proxy (squid) for the family LAN, chained with advertisement-filtering proxy (Internet Enforcer, based on Junkbuster - hey, if you don't like users filtering the ads, consider text ads like Google.com does, or at least don't make them blink and dance and clogging the bandwidth for modem users, but it's different topic), all sorts of various services, plays MP3s and shares them to LAN (from where dad plays them on his computer - it's far more comfortable than handling the CDs and you can make playlist for all the evening so you don't have to leave the chair), and serves as database server and home intranet webserver. (Took some time to get PHP gd library to support GIF format - there are licencing issues of LZW algorithm with Unisys so it was disabled in later versions. Luckily there are "rogue" distributions that offer GIF compatibility - luckily not all the world conforms to American patent law.) There are no problems with the server; it's rock-stable and dependable; her Windows predecessor had issues all the time. Recently I got ahold of a security scanner (Nessus, for the record). Ran it against a couple of machines of me and friends. On a typical Windows server I typically found serious issues (usually linked to either exposed port 139, and/or to IIS vulnerabilities), on a typical Linux server I found usually only less-serious warnings. (For the owners of NT or W2000 machines, there is another scanner, less comprehensive but easier to use - LANguard. Run it on your LAN. Runs on W9x as well, but doesn't offer some advanced functions, like the password cracking.) I am administrator of several more machines. Some running Windows, some running Linux. Linux machines are generally cleaner and more administrator-friendly. Configuration is done typically by text files, which are easy to move from machine to machine and easy to back up before playing with them. Almost everything is documented. It's a bitch to read all the documentation, but it pays off. There are GUI helpers for configuring most of things; however I can't comment on them as I don't like them so I don't use them. I am from the old school, prefering to have hands right on what I am doing, without a "friendly" point-click layer (which more often than not done something I hadn't wanted to) between me and the problem. Now I am neck-deep in documentation and attempting to understand how to set up a domain name server. Why? Because I want to learn it. And because we will probably need it for our new company LAN, and guess who will be asked to set it up. No, common user doesn't need to know all this. I often take the more complicated way because I need to understand the system (for which I am, after all, paid). The common user can either to have a friend who will set up the machine for him (if there is a possibility for remote administration, most of problems are solvable without need of physically attend the machine), or sacrifice the time and learn, and occassionally to swallow the pride and ask for help. Hey - who never done a mistake? In short:
Opinions, comments?
|