Hi Mohammad & everyone,
After watching this thread for a while, I notice everyone suggests
solutions for discrete issues, with an evident bias towards a more
familiar software platform, hardware infrastructure or way of thinking
according to the responders' experience and level of knowledge. As
someone famous said earlier, security is not a ready-made solution, but
a continuous process. Same can be said about "high availability"
whatever that means in your context. If you seek security, consider the
people who will access and modify your secure system - do you trust
them? of course you don't, look into cvs/svn/unionfs. The target
visitors - are all of them simply browsers? Look into round-robin DNS
(bind) and balancing proxies (squid), configure all web contents to be
static and maybe generate new pages periodically. Do you require some
form of feedback from the visitors? Ensure proper input validation (this
depends on the programming language used, as a hint magic_quotes is BAD,
$sql->prepare is GOOD) and - for filesystem access, look into Linux 2.6
and find out about ACLs and inheritance, configure rsync to replicate
the data among several hosts. If you need a database, MySQL (has several
interfaces for a dozen of platforms/languages) offers easy replication,
also from my experience you can use Microsoft's SQL (libtds in Linux).
Should the worst happen - try to limit the impact by using any of the
following: chroot(1), vserver(linux-vserver.org), Xen(xensource.com),
VMWare(vmware.com)
..this checklist could go on for many pages, if you need a specific
answer please try to limit the scope of your question.
Kind regards
Razvan
Corey A. Johnson wrote:
Glad you mentioned Solaris Mario. I was holding back since this is a
linux list.
But i agree.. if Linux is not a must.. i would strongly recommend
solaris 10 on a nice AMD opteron box.
And if you went that direction.. go with a multi-cpu and/or multi-core
and configure Solaris zones to isolate the different applications
running on the server. Or at least two zones.. your main global zone..
and a zone for all applications..
Mario A. Spinthiras wrote:
If linux was a must then I would personally use Debian. It comes ready
with some HA support from the linux-ha project.
If you can have a flexible choice id say solaris without second thought.
Mario. A. Spinthiras
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Ronald MacDonald
Sent: Monday, December 04, 2006 11:08 PM
To: Mohammad Halawah
Cc: focus-linux@securityfocus.com
Subject: Re: Selecting OS for High-availability/mission-critical web
portal
Hi Mohammad,
Not meaning to turn this into a "my distro's better than yours"
thread, but for stability and security, I'd recommend having a serious
look at Debian. It's easily stripped down to its most essential
components for a nice small footprint and is easy to keep up to date
with the apt system. As for performance, I suppose every
implementation of a distro varies, but I'd it's is pretty adequate.
In terms of hardening the OS, there's obviously a few ways to go about
it. The most foolproof way is just "don't do anything stupid" - don't
run any services you don't need, don't bother with gimmicky
applications, just leave it all at the bare minimum. Also, there's a
lot of good reading out there (more so with linux) as regards to
hardening the OS. Incidentally, Bastille springs to mind - it's a good
starting point to hardening your system.
Regards,
Ronald.
