[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Cobalt Questions (newbie)

Subject: RE: [cobalt-users] Cobalt Questions (newbie)
From: <rpaiz@xxxxxxxxxxxxxx>
Date: Sun Mar 25 01:45:05 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Can't help with everything but let me offer some comments.

> First off, I'm looking at a Raq4 or a Qube3. The main dilemma
> here is that I wish to have the features of the Qube, but also
> would like the virtual hosting and ASP features of the Raq4.
>
> 1) Can Virtual hosting and ASP be added to a qube server ? I
> realize these probably will not be managed with a nice GUI,
> but is it do-able?

Anything is do-able, if you want it badly enough. Cobalt's GUI is
tightly integrated with the configuration files on the server, and the
GUI will in fact overwrite actual config files with its saved copies
when making changes. This appears to be in order to ensure that
blithering idiots who get into their server and break something can just
go to the GUI and have it make everything OK again.

While nice for total newbies, this creates a problem for anyone who
wants to play with the guts of the system "by hand," since any changes
you make to most system file will be overwritten by the GUI anyway.
However, there are some ways to get around the system.

Bottom line, though, I'd assume the worst case: you *can* do virtual
hosting and ASP on your Qube3 as long as you're willing to forgo the GUI
for anything that has to do with the webserver. Although it seems more
reasonable to add NAT and a packet filter to a RaQ... you'll lose some
features but it seems like a better way to get what you want.

> 2) Is anyone aware of any size limitations on the second IDE
> drive? I'm looking at adding a 75-80GB unit.

Not a clue; this you should get from someone on the tech side of Cobalt,
is my guess.

> 4) I'm currently using a Linksys router to host a temporary
> test site, and have noticed that all apache logs list incoming
> traffic from my router address. Would using a qube as the
> router/firewall resolve this ?

Simple: the Linksys receives requests and forwards them. Thus the
traffic *is* coming from it. Using a Qube will not change that; the
traffic will still come from the Linksys. Unless you eliminate the
Linksys when installing the Qube, and have the Qube NAT for the internal
users.

But if you have the Linksys, then really are the rest of the Qube's
features so valuable? It sounds like you want a RaQ, more like. (Then
again, I'm biased. However much I try, my users don't use the discussion
boards, or their personal pages, or damn near anything else; so while I
love all those features, they aren't worth much actual money to me
anymore...)

> Also, I have looked thru some of the threads and seem to get
> the impression that the cobalt servers are out of the box,
> un-secure. Would this be a valid statement, and how difficult
> is it to secure them ?

They are, out of the box, un-secure.

All servers are, out of the box, un-secure.

Only servers still *in* the box are secure.

Cobalt hardware is no more un-secure than others.

-----

Having said that, most Cobalt gear *is* more likely to be cracked than
some other servers, since it tends to be run by people with less
knowledge and information. You can make your box fairly secure (more
secure than most other servers on the Internet), but it's going to take
time and effort from you. Not once; keeping a server secure is a
process.

As an example, about a month ago a new exploit was discovered for BIND
which is used on a huge number of Unix/Linux servers (including Cobalt)
to provide DNS services. I received a warning about it from the CERT
Advisory mailing list about it with a recommendation to update to the
newest release of BIND which was not subject to that vulnerability. I
upgraded immediately, and always spend about two hours/week working
strictly on ensuring system security and maintaining up-to-date packages
on it.

Running your own server takes time and energy, regardless of brand or
operating system. And security is going to *always* need a little time
and energy. But it can be done and is not horribly hard. Just don't
think that you can check off a few boxes and prevent your box from being
hacked, and don't think that Cobalt will do all the work for you either.
Neither is true.

If you decide to run your own server, you should definitely subscribe to
some lists, this being one of them. There is also an Unofficial Official
Qube-Users list, to which you should subscribe as well since it
basically has no traffic anyway. :)

--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>

Follow-Ups:
- RE: [cobalt-users] Cobalt Questions (newbie)
  - From: Edward M Youskevich

References:
- [cobalt-users] Cobalt Questions (newbie)
  - From: Edward M Youskevich

Prev by Date: [cobalt-users] multiple mysql access
Next by Date: RE: [cobalt-users] Anyone used Bastille Linux on Cobalt Raq 3?
Previous by thread: [cobalt-users] Cobalt Questions (newbie)
Next by thread: RE: [cobalt-users] Cobalt Questions (newbie)

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index