This is a discussion on Re: [squid-users] My Squid Hardware -- Any Tips/Advice Before It's Commissioned - squid ; --- Chris Wilcox wrote: > > > If this box will run Squid and Squid only... yes, this box will run squid and squid only.. >...then I'd > be looking into one of > the more minimal distributions such as ...
--- Chris Wilcox
> If this box will run Squid and Squid only...
yes, this box will run squid and squid only..
> be looking into one of
> the more minimal distributions such as Debian. You
> don't need most of the
> 'junk' that distro's like Suse will install by
when u say 'junk', do u mean actively running
services, that have ports to which one can connect, or
do u mean the myriad of packages that SuSE will
install based on the type of setup u need (which
includes Minimal, Default, Default With Office or
>... as most of the
> services etc that will be running by default on
> distro's like Suse will only
> serve to slow things down.
i see u mean well, but i've been running SuSE since i
started in the industry, and over time one develops
ideas and tricks on one's favorite flavor of Linux..
regarding running services, i know SuSE don't have
INETD running by default post install..
although they do default to runlevel 5 which starts X
at boot, i counter this by defaulting to runlevel 3
(really don't need X running on production gear)...
i know the smtp port is open post install thanks to
postfix, which i delete before anything else (and if i
need a mailer, replace with exim)..
the portmapper is also open by default post install,
but i stop this and remove it from the runlevels so it
doesn't start on boot..
then there's openssh, which is started by default post
install.. this is good, of course, all i do is
updgrade it to the latest stable version and close it
off using iptables and the tcp wrapper..
once all that's done, i use a script that SuSE have
discontinued (but it still does its job) called
harden_suse.. it removes setuid and setgid bits from
binaries that could compromise your system.. the
script also hashes/comments all (uncommented) entries
after all that, i use a customised and hardened
iptables firewall to close off the only service
running on the box, SSH...
so, as u can see, adding squid to my system will only
open up port 3128, which the firewall will close off
and only redirect outbound http traffic to...
i hope this is minimal enough..
> Find a cheaper internet access deal - choose one to
> suit you.
How much free photo storage do you get? Store your holiday
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com