Re: defining server roles
From: Joe (joe_at_jretrading.com)
Date: 11/29/05
- Next message: Michael Zawrotny: "Re: "bulk" create of 400 users"
- Previous message: Lew Pitcher: "Re: "bulk" create of 400 users"
- In reply to: Greg Metcalfe: "defining server roles"
- Next in thread: Greg Metcalfe: "Re: defining server roles"
- Reply: Greg Metcalfe: "Re: defining server roles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Nov 2005 13:50:22 +0000
Greg Metcalfe wrote:
> I'm writing some system management software, and need to check for a
> system's role. It has to run within a lab environment, where a machine
> might be primarily a workstation (of several possible sorts--development,
> graphics, GIS, whatever), but also a backup server (again, of several
> possible sorts), etc. Or it could be part of a compile farm, a basic office
> machine, etc.
>
> This is mostly about a) separating system update package repositories, b)
> maintaining a central systems audit report that is never more than 12-24
> hours old, and c) keeping systems stripped as much as possible.
>
> Ideally, there would be some sort of standard for system role definitions,
> for interoperability between different Linux distros, and the BSDs. I've
> been unable to locate anything. Is anyone aware of any standard? If not, do
> you know of anything that's widely used in any proprietary software, such
> as OpenView?
>
> This would seem an important first step on the road toward solving harder
> problems. For instance, a backup Web server in a departmental network with
> strict security requirements, facing departments with less strict
> requirements, and maintained entirely via binary packages, is better off
> without a compiler. Depending on your PPF (Precise Paranoia Factor), that
> might mean that that backup Web server should never be provisioned as a
> development workstation.
>
I'm not aware of anything built-in, but then there's not a well-defined
line separating workstation from server as there is in the MS world
(mostly involving thousands of pounds/dollars and Client Access
Licences). A workstation may well run a web server, DNS cache and/or
other types of server software. A server might have a number of user
applications installed to be run remotely. You say yourself that your
machines run many different combinations of software. Surely the only
reliable guide to the package update requirement is the set of packages
which actually exist on the machine?
I think that keeping development tools off an at-risk machine is one of
those things that doesn't do any harm, but doesn't really achieve much
either. If the Bad Guys are in a position to use your machine to flood
the world with spam, the need to upload gcc etc. is not going to prove
much of an obstacle to them.
I'd say this is one of those times when Open Source hasn't yet seen a
need, and you are free to be the one who meets it. I have a feeling that
few Debian admins will see the end of the road for apt-get, though.
- Next message: Michael Zawrotny: "Re: "bulk" create of 400 users"
- Previous message: Lew Pitcher: "Re: "bulk" create of 400 users"
- In reply to: Greg Metcalfe: "defining server roles"
- Next in thread: Greg Metcalfe: "Re: defining server roles"
- Reply: Greg Metcalfe: "Re: defining server roles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
