Next
Previous
Contents
Master References and Recommended Guidelines
- An extensive URL library and current version list for all installed
and recommended Linux tools and applications
- Example guidelines on documenting the hardware and partition layout of
your specific hardware
Linux Distribution Thoughts:
- Thoughts and recommendations on picking a Linux distribution
- A common "Search & Replace" example template throughout the document for
both better clarity and the ability to use Search/Replace tools to customize
this doc to YOUR specific setup
Core OS setup:
- Configuring, compiling, installing, and booting both a 2.2.x & 2.0.x kernel
- Lilo configuration, security, and recovery
- PCMCIA / CARDBUS PC-Card Services
- Software RAID 0 (striping) hard drives
- 7-CD SCSI CD-ROM changer system
- Automated Patching via RPM notifiers
- EXT2 file system tuning
- IDE hard drive performance optimization
- Dual printing system support for both UNIX and Windows/Samba hosts
Network Connectivity:
- Strong, configurable, and well commented IPCHAINS and IPFWADM packet firewall
rule sets for SINGLE, DUAL, and THREE NIC environments. This section also
incluides a complete intro on how Packet and Stateful Inspected firewalls work
- Automated rollback script for the loading of rc.firewall rule sets so
that if you make an error in the firewall rule set and the rule set doesn't
complete execution, a backup rule set will be automatically loaded to restore
connectivity.
- Full LAN masquerading (NAT or Network Address Translation) using private IP
addressing
- Masq IP port forwarding support (PORTFW)
- Three Ethernet network card support setup and TCP/IP Performance optimization
(modem and cable modem users w/ DMZ support)
- DNS servers running both primary and secondary zones using Bind in a
CHROOTed and and SPLIT Zone configuration
- Full Sendmail-based SMTP and backup SMTP e-mail system support w/ domain
masquerading & Anti-SPAM measures with support for more than one Internet
domain on one EMAIL server
- IMAP4 / POP3 remote email service
- DHCPd server for other LAN machines (laptops, etc)
- DHCPc Linux client setup for getting TCP/IP addresses
- SAMBA: Full Microsoft Windows file & printing support
- NFS: Full Sun RPC-based Network File System support
- IPSEC (Swan) VPN [Almost Complete]
- PPTP VPN client and forwarding through IPMASQ
- HTTPd WWW server support
- PPP connectivity for primary PPP connectivity AND backup PPP connections
- Dial-on-Demand (Diald) Internet connections (modem users)
- Automatic Internet connections every 15 minutes (modem users)
- Direct dial-in terminal / PPP access via a modem
- NTP time calibration
- Full UNIX printing via LPR
Security:
- Complete physical and OS-level security recommendations and guidelines
- Full SSHd (encrypted TELNET) support
- Actively Updated Linux system security and patching (Shadow passwords, etc)
- Advanced SYSLOG logging and nightly filtered reports emailed to the root user
- Prioritized TrinityOS "CRITICALITY" rating system in the
CHANGELOG section to gauge the level of urgency of security vulnerabilities,
system mis-configurations, etc.
- NMAP port scanning to test your packet firewall
- Anonymized Sendmail Banners
System backup:
- Minimum backups to floppy
- Full backups via Hard drives or to tape using BRU with emergency restore diskette creation
- Full APC SmartUPS power down support (APCUPSd) with both paging support
and plotting power stats with GNU Plot to a graph which is emailed via "Sendlogs"
- Backing up the server to a CD-R [not completed yet]
More extensive guides:
- How to fix LILO, HD partitioning, and file system corruption
- How to obtain an Internet domain(s) via a domain registrar
- How to successfully move Internet domains across DNS servers and/or
TCP/IP addresses
- How to recover from your box being hacked and how to RE-secure it
- Full documentation on how understand and FIGHT all that SPAM email
- How to understand and fight SPAM email
- SSH encrypted PORTFW VPN tunnels for email, etc
(Won't be implemented in any particular order)
* TrinityOS TO-DOs:
- Add more "Configuration via GUI tools" sections
* Network stuff
- Give instructions on compiling Xntp
- Modularize the rc.firewall rulset so updates can be transparent and not
require additional tailoring for each update.
- Remove LPR and replace it with LPRng or CUPS
- IPv6: Configure and setup IPv6 and possibly setup a IPv6 tunnel via the 6Bone
- Dial Backup: Add automatic analog modem dial backup when the ADSL/Cable
modem goes down
- CODA: Replace NFS support with CODA
- Add a CACHING only setup for DNS
- Setup a email list server (MajorDomo, Petidomo, dunno yet)
- Email sent dynamic IP address exception requests for access through the
TCP Wrappers and the IPFWADM rule sets
- DHCPc client setup for Cablemodems
- 128-bit encrypted Apache SSL WWW server
- Move over to xinetd for better DoS protection
- WWW Proxy services
- WWW banner add filtering
- Give instructions on compiling Xntp
* Security Stuff
- Replace the Sendlogs script to use either Swatch or LogSentry
- Automate the firewall hits logging for trend analysis
- Install PGP / GPG for secure and/or verified communications to:
other users, Internic, binaries/source code verification, etc.
- Tripwire Security Breech monitoring [not completed yet]
- SATAN / SAINT / Nessus / COPS / ISS security testing
* Application stuff
- Get Sendmail to run in an SMRSH shell
- Implement Procmail to do local email filtering
- Setup fetchmail to get remote email vs. setting up a remote .forward
* Administration stuff
- Rotate the UPS logs
- Implement automatic weekly incremental tape backups to a tape drive.
* System Stuff
- Iomega parallel ZIP drive support
Next
Previous
Contents