Home

Search Posts:

Archives

Login

February 2005

S M T W H F S
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28

I work at a small company. I support about 30-40 people, and keep the servers running.

This is also my first real job, where I've been given not only the freedom to work on my own, but also the respect of higher ups who will at times even follow my recommendations.

This company has some entrenched systems and procedures that can't be uprooted. But in my time here, I've learned of many open source tools that can be used to enhance the way people in a small businesses work.

So, what are the ingredients for having functional, easy-to-use systems that cost $0 in licensing fees? Well, here's a list.

1) Linux or *BSD operating systems. The more I've used both, the more I've come to love them. No CALs, no GUI to drag down your servers, no weird problems that aren't logged and no fighting with the registry to change things. I've come to truly enjoy working with CentOS (which is rebadged RHEL 3), and I fully recommend it for any system that has a static and unchanging role if the core distribution will fill your requirements. However, FreeBSD is quickly winning me over as well, and the cleanness of the system is truly admirable. Debian is also a good choice, if Sarge ever makes it to stable...

2) LDAP. If you have more than one server, you need LDAP. It enables single signon and a nice, single point of administration for all of your user accounts. It also plays nicely with...

3) Samba. Whether you're using Windows, Unix-like, or OS X for your workstations, Samba can provide every system with access to files. While you could use NFS with the latter two options (and even with Windows, if you're up for a little bit of work), Samba just works too well to pass up. You also need Samba if you want to get domain-controller-like options for unifying your Windows workstation logins - NT 4 style domain control can be had easily enough.

4) iptables or ipfw/natd. Your office probably only has a couple of IP addresses and a lot of workstations, so you'll need some sort of NAT router/firewall machine. Right now I use Debian for this because I knew iptables' syntax very well and it included...

5) OpenVPN and OpenVPN GUI. OpenVPN is a project that uses UDP SSL tunnels to send encrypted IP traffic across untrusted networks. Used along with tun/tap in Linux or BSD, you can 1) tunnel between seperate LANs and route traffic between them and 2) bridge individual machines (OS X, Windows, or Unix-like) so that they can appear to connect directly to the LAN. Using this from the start, you could even block all external access to things such as POP 3 or IMAP and instead only allow them from inside the firewall. Each user needs an SSL certificate, and on top of that you can require users to authenticate against PAM - so if you're using LDAP, that means you can get people to login using the same username and password they use for other systems.

6) Courier? Postfix? Sendmail? Exim? You need an MTA, and I'd say this is a matter of personal preference. Pick one. But be sure to use...

7) Clamav. Open source virus scanner, it works really well. It shouldn't be considered your only line of defense if you're using Windows (client machines will still want a commercial product), but it catches most viruses. It works with Samba nicely, as well as your MTA - of course, you also need something to deal with spam, so...

8) Spamassassin. The perl-based spam catcher with some bayesian learning capabilities. The default rules are pretty good, but if you use IMAP and teach your users what to do with spam, you can set cron jobs to feed the learning system to make it even better. Of course, you do need an IMAP server, maybe...

9) Cyrus? UW? Courier? You need an IMAP server. If at all possible, I avoid using POP - you really want to store your messages on the central server.

10) Apache, PHP, and MySQL. You probably want a web presense of some sort (though you could go with a hosting company, if needed). At the very least, you'll probably want some kind of web-enabled box on your network so you can write custom apps to handle tracking internal resources as needed.

11) SNMP/MRTG/ntop/ethereal. You probably want to keep an eye on your network. These tools should be good starting points.

6) Mozilla Firefox. It's open source, it's better than IE, and it doesn't have the same avenues for malware installation that IE does. Regardless of your OS choice, Firefox is a great option.

7) Mozilla Thunderbird. The premier open source email client. It works, and it does a great job.

I haven't been posting much lately. That much is probably clear, though the reason why may be missing.

To be honest, I've remained busy wasting my time on World of Warcraft. I thought I was out, and they pulled me back in - every time I think about cutting my playtime, something new catches my eye, and it's like becoming addicted for the first time all over again. Hmm.

The new PowerBook line was announced, and it's virtually identical to the previous one. I remain very happy with my purchase, though I do plan on replacing this system with a new model once the 'Books are equipped with G5 CPUs and/or OS X 10.4. Just how long I'll be waiting remains to be seen, but I need to start thinking about buying AppleCare before the stock warranty on my system expires this August.

I'm playing with FreeBSD again. Things have mostly remained slow at work lately (with fewer users come fewer chances for failure) and I've had the time to test and research many options to replace our existing systems. I think I'll make a full post on this later, so stay tuned...