Originally posted here by IKnowNot
(snipped to save bandwidth)

Although many things can now be done in a GUI on Linux, the question is do you really want to?

I have heard that running anything other than the command line in linux chews up resources, and I've found this first hand. My hope is to get everything setup, and then disable the GUI, take away the keyboard and mouse, and just access the box via ssh.

You said a client wants a proxy server to “speed things up”.
What types of “things”?

Well, the internet, in vague terms. I report to one of the owners that can spare about 4 hours a month to interact with me, so I'm kind of on a long leash here. I am mainly hoping to use squid to speed up web browsing (a lot of http traffic here, and it's actually business traffic). I'm fairly sure the data T is maxed out, so I wanted to reduce bandwidth usage by cacheing frequently used images.

More important, what type of client?

Not sure exactly what you want here. My client is a mortgage company that doesn't have an IT budget. The clients are win95/98/ME/2000/XP (plus this 'new' redhat box).

What are their security needs ?

Sadly, I'm still trying to sell management on the idea of all users having their own passwords and enforcing a screen saver password policy. Any user control is difficult here, so I try to do a best effort in other areas. All the boxes are patched with SUS, I monitor firewall and switch syslogs, have a strong firewall policy in place, and try to fight people who insist on needing to run p2p stuff inside the network.

Another thing bothered me about your post. Why would you be installing the RPM and then doing “the make and whatevers” ? Did you uninstall the original first? Did you install any updates from RedHat ? Do you know what an RPM is or how it works ?

To clarify, I first tried to install the RPM, which failed at the half way point with no results. So, I downloaded the newest STABLE from the squid server and compiled, etc. Redhat comes with a nifty 'linux updater' much like microsoft, and it's as patched as it can be via that. I'm not sure how to be notified of any bugs/problems beyond that. I am subscribed to thier list, but it only notifies me of new downloads that are available (or seems to anyway).

I THOUGHT I knew what an RPM was and what it did, but since it didnt seem to work...

If it is going to be a production machine you should learn to use the command line, and NOT install a GUI unless it is necessary. The more services you have running ( including X and Gnome ), the more holes that are possible. ( remember, this is a security site )

True dat. As I said, the long term goal is to lockdown the box after I figure out how everything works. Like I don't leave services running on my servers that aren't used, I plan on removing/uninstalling/neutering anything not necessary to the function of a caching proxy server. I MAY, if time allows, frag the box and rebuild from scratch after I've climbed the learning curve.

You should NEVER, NEVER, NEVER just slap together a machine with default settings out of the box ( not Linux, not BSD, and not Windows as you should already know ) and place it in a production environment just because it works.

Yeah. Right now I'm testing squid with my machine. I won't move it into production without doing a lock down on it.

In the environment envisioned, will it be necessary to CHROOT Squid ? ( I would regardless )

I fear my ignorance will show through here, but here goes... What's CHROOT mean? If squid is invoked from/as root it starts up and changes itself to the nobody/nogroup setting or whatever. I actually created a user/group for squid that only has permissions where needed (according to the squid faq anyway).


Yes, you are going to have to read. Yes, it is going to be work on your part. Although RedHat 9 is much better then say RedHat 5 at default settings for security, for a production machine you still may have to tweak things, and you are definitely going to have to know what to install and what not to install.
Well, so far I've gotten redhat up, patched, and squid actually installed and working. I even went in and got redhat to autorun it at system boot. I am finding that a lot of the meat and potatoes of sys admining a linux box seem to only be accessible at the command prompt. I guess this makes sense considering it's roots. I was just hoping someone somewhere might have made a 'server manager' gui by now is all.

If you are as good at M$ products as you think you are, then what I have said should be no surprise. Otherwise I think maybe you should go back and read more then just 2 paragraphs of the white papers you perused. And definitely read more about Linux before offering it to a client.
Gees, that kind of stings. I've plenty of experience with running/building production environments. I've worked for several .coms and other more serious companies, I'm at the point where I can pimp myself out to people through my own company and do well at it. I wish every client had the resources available to do things the 'right way', but not everyone cares about security sadly. I watch Antionline and a few others to stay current, but most small and medium businesses have to have an incident for them to see the light where security is concerned.

My current client dictates my available resources (time to spend on X project, resources available to me, etc). While I'd prefer to do this in a much different fashion, sometimes you have to make some compromises based on the reality of the situation at hand.


phishphreek80 had some great starting links.

Thanks for that link, and I appreciate the feedback as well. This thread has helped quite a bit. I've found several good linux starter resources that I think would have taken me a bit of time to locate. It's always easy to find info on the net, just not easy to find GOOD info all the time.

Originally posted here by disc0rd
I know Linux junkies will hate me for this....But KDE has a nice Windows knockoff of ADD/REMOVE programs, try installing the Squid package through there. I had that problem with VNC not installing correctly, and ran it through the ADD/REMOVE, and it worked perfectly.
GNOME might have this option to, however I'm not too sure.
Oh wow, awesome. I haven't had time to play with KDE yet. I guess gnome is the default in redhat, and choice isn't as, uh, important to me as most linux people, I guess. I'll poke around KDE and see whats different.

Thanks!