Thoughts Electrique

I’ve often seen Ubuntu being chosen instead of Debian because the LTS version offers support and security-fixes for five years. This kind of SLA is often a critical argument. But while Ubuntu is happily claiming to be enterprise-ready they yet enable the universe and multiverse software repositories per default even in the LTS server edition. Since these two repositories are not included in the SLA you might end up with software that is not provided with patches and therefore the whole security guarantee get’s thrown out of the window. While I’m not saying community backed security is bad it basically sets Ubuntu into the same mode of operation as Debian and this even without a specific warning or even notice. To be on the safe side you should disable the universe and multiverse repositories after installation or at least be aware of this fact.

Since I’m currently setting up a new server for hosting purposes I want to share some of my favourite sysadmin tools and practices.

The first featured tool is the shoreline firewall or shorewall. You can find the project at: http://www.shorewall.net/

Shorewall basically is a set of nice configuration files for iptables. Another benefit of shorewall is that it has no runtime part. You just fire up the tool, it configures your iptables and quits. This reduces the load and increases security. Additionally to the technical features there is one thing that makes shorewall really stand out: It has extensive, well-written and understandable documentation. You rarely find a use-case which is not already described in the documentation.

Read on to find out how to set up shorewall in minutes.

(more…)