I would like to thank Till Brehm and Falko Timme for Howtoforge.com. It has been very helpful in bringing me up to speed in utilizing Linux and the many useful programs available for it. My background is Zope, Windows, and Intranet sites, but I have recently been asked to help out building an Internet web site. Without your site I would most likely stuck with what I knew best or would have stuck with a MS solution. I have installed ispconfig and currently running a couple of web sites out of my home. My question for you two is - how do I build up my system admin skills using the tools that you provided. Starting with Ispconfig - what would you guys recommend for a non-Linux admin to study that would allow me to fully use the Ispconfig suite (postfix, ipchains??, proftp, etc..). I have been reading the forums and discovered how useful and how much you two give of your free time to answer questions. I also found that doing is so much better than just reading. I never had to worry about security before, I worked on Intranets not Internet sites. Now I am reading the security logs and looking out for the ever present attacks on my sites. I use IPCop and yes I followed your suggestions on how to make it work with Ispconfig. To narrow down the long list of things to learn I am using - CentOS for now RedHat for later PHP web sites - Joomla sites for now. Drupal for later on. Non PHP web sites - Zope for later on. Can I use Liferay with Ispconfig? I am about to get a cheap ssl cert. Found this subject confusing to say the least. Firewall details using Ispconfig - what extra things can I do to protect my ispconfig servers. PHP Security - either use suPHP or look at apache2-mpm-ithk for php web sites. Again thanks for a wonderful web site and for your time in answering all of our questions in the forums. Best regards, Steve
If I am allowed to answer (as you just asked for till and falko ), here are my suggestions: 1) CentOS is pretty much the same as Redhat Enterprise Linux (EL). Mainly only licensing issues differ, the structure is pretty much the same -- that is why most (if not all) of Redhat's packages work fine under CentOS. There are plenty of online guides on the net for both of them however if you want to study in thorough. 2) Modern linux distros nowadays (like Redhat, Debian and its clones -CentOS, Ubuntu, etc) use powerful updating systems so as to keep your box updated and worry less about security (pretty much like Windows Update). Redhat and CentOS use 'yum', Debian and Ubuntu use 'apt-get'. Find info online about these and you 'll see how easy it is to keep your server updated. The bottom line is that the more popular your distro is, the most you will get (as far as updates, help, documentation, security, etc are concerned). Redhat, CentOS, Debian and Ubuntu are very popular and good distros, personally I prefer CentOS. 3) In my days (back to 1998) compiling binaries from the source code was pretty much the only way to go. Although it was considered (and maybe for some still is) the best way so as to have ultimate control upon compiling, selecting exactly the options you need and knowing in detail what was going on on your system, the main problem was the (security) updates. If you use custom compiles and not use each distro's way to install software (like yum and apt-get I described above), you have to manually download, compile and install software from time to time to keep your system updated -- which can be a real pain for software with frequent releases. That is why everything is easier these days. 4) For every project you want to install, you have to learn it independently from the distro you use. I.e. Joomla, Drupal, ISPConfig and many other popular projects, provide good documentation and support communities where you can always seek for help. So you don't have to worry much about this. Just learn one at a time, until you believe you know much so as to go to the next one. 5) Security is a big chapter and everybody has different approaches on this. Some general notes: - Run only services you really need. This requires some experience, however 'netstat -tap' is a good friend to check exactly what you are running and which ports are open. - Bind your services to localhost only if you don't really need to have them exposed to the internet (MySQL is a good example if you don't need remote connections). - Firewalls actually do their job for users that do not know what to close and how to properly configure their services (so actually the firewall denies access to services, instead of you). They do not do miracles, unless you use a very very very advanced setup. For basic usage, you can achieve pretty much the same result without them. - suPHP is a good idea, I am thinking of enabling too on my server. Also php's safe mode (that ISPConfig supports) is good too. - Keep your system always updated (i.e. in CentOS using 'yum upgrade'). Last but not least: Google is really your friend. When you have questions, when you get a weird error message, when you see something that you don't have ANY clue of what it is, use Google. You 'll be really surprised of how many others had the same problem as you.