[olug] to X or not to X (on a server)?
Brian Wiese
bwiese at cotse.com
Mon May 12 15:31:21 UTC 2003
I've thought of this as well, and "out of band" administration connection
not done over the same line as normal network traffic. The common
response to this is a serial line connection, but I wonder how much
overhead it would be to have 2 nics and a separate network for
'administration' and if it justifies the security enhancements.
On Mon, 12 May 2003 10:07:39 -0500
"Jason Mollner" <jjmollner at hotmail.com> wrote:
|Disclaimer: I only use Linux as a programming environment. I've never
|built or worked on a large corporate network before.
|
|...but why not have 2 network cards on all your servers? One that routes
|to the internet and another that routes to a administration/log machine
|that has X and your favorite KVM combination but is not connected to the
|internet. All of your logs could be forwarded to this machine and your
|servers could only allow administration and x-forwarding through the
|local ethX and not the internet ethX connection.
|
|Just a thought...well...more like a guess...
|
|
|----- Original Message -----
|From: "David Walker" <linux_user at grax.com>
|To: "Omaha Linux User Group" <olug at olug.org>
|Sent: Monday, May 12, 2003 7:35 AM
|Subject: Re: [olug] to X or not to X (on a server)?
|
|
|> Since I don't like recompiling a kernel without "make xconfig",
|> I like to put just enough X on the server to redirect a display to
|> another machine, either through ssh or just setting
|> "DISPLAY=192.168.217.4:0"
|>
|> On Monday 12 May 2003 01:49 am, Brian Wiese wrote:
|> > On Fri, 9 May 2003 05:15:41 -0500
|> >
|> > Kenton Brede <xyf at nixnotes.org> wrote:
|> > |On Fri, May 09, 2003 at 06:05:37AM -0500, Brian Wiese wrote:
|> > |> So, my friend and I where having this little discussion about
|> > |> setting up a debian stable server for basically samba file and
|> > |> print serving. He says X should not ever be installed and I say it
|> > |> should. What do the fellow gnu/linux admins on the list recommend
|> > |> from experience... which has more benefit, to install X on a
|> > |> server or to not? hard drive
|> > |> space is not a concern.
|> > |>
|> > |> reasons for X:
|> > |> - provides productive usable environment for local system
|> > |> administration(I like to have a couple of terminal windows open
|> > |> and other GUI tools at hand (a webbrowser perhaps) when
|> > |> administrating a system versus straight CLI)- will not be
|> > |> used/running normally, standard runlevel = 2- could easily be
|> > |> uninstalled with 'apt-get remove
|> > |> --purge xserver-common...'- security updates go along with
|> > |> 'apt-get upgrade' so not much of a concern (and there are no
|> > |> remote shell logins, just IT staff)
|> > |>
|> > |> reasons against X:
|> > |> - another piece of software installed that could be a security
|> > |> vulnerability- added difficulty for system backups?
|> > |> - performance benefit by not being installed?
|> > |>
|> > |> so, to have the option of X or to not on a server, what's best?
|> > |
|> > |I can't say absolutely X should never be installed on a server but I
|> > |haven't seen a reason to do so yet. A few reasons why I wouldn't:
|> > |
|> > |* Possible security vulnerability that must be dealt with.
|> > |
|> > |* Don't have to track and install security updates for X and all the
|> > | stuff installed with it.
|> > |
|> > |* During your career you will more than likely find yourself in an
|> > | environment mostly without a graphical interface. Relying on X
|doesn't
|> > | prepare you for that.
|> > |
|> > |* Most of the crashes / freezes I have personally seen on linux
|> > |systems have happened while running X.
|> > |
|> > |* Running a graphical browser on a server isn't a good idea due to
|> > | the inevitable runaway processes that occur while surfing.
|> > |
|> > |kent
|> >
|> > Yeah, this is kind of the same mentality I've had all along. My own
|> > webserver has been up for more than 2 separate ocassions of 210+ days
|> > of uptime over the past 1 1/2 years (recently had to replace UPS for
|> > last downtime)... and since it's all remotely managed/old slow
|> > system, I've never installed X on it, just ssh. If I have a local
|> > server though, and therefore almost always hooked into a kvm
|> > somewhere, I go ahead and install X though and just run it when I
|> > need it. I personally find that the functionality benefit of admin'
|> > a box from an X environment far outways any other valid/potential
|> > concerns. (to copy and paste, have multiple xterms/konsoles/... of an
|> > extremely large/custom screen size and
|> > run a browser on localhost for testing etc, it's what graphic
|environments
|> > are for - do interact with the system more usefully...) It's another
|one
|> > of those personal admin choices I assume, but it is nice to not 'have
|to'
|> > run it all the time (like in Windoze) and have the option to unistall
|> > it or turn it off at will without loosing major functionality on the
|system.
|> >
|> > peace
|> >
|> > Brian Wiese | bwiese at cotse.com | aim: unolinuxguru
|> > ------------------------------------------------------
|> > GnuPG/PGP key 0x6BFF6681 | "FREEDOM!" - Braveheart
|> > ------------------------------------------------------
|> > This is not about Napster or DVDs. It's about your Freedom.
|> > I'll see your DMCA and raise you a First Amendment.
|> > http://www.anti-dmca.org
|> > _______________________________________________
|> > OLUG mailing list
|> > OLUG at olug.org
|> > http://lists.olug.org/mailman/listinfo/olug
|>
|> _______________________________________________
|> OLUG mailing list
|> OLUG at olug.org
|> http://lists.olug.org/mailman/listinfo/olug
|>
|_______________________________________________
|OLUG mailing list
|OLUG at olug.org
|http://lists.olug.org/mailman/listinfo/olug
|
Brian Wiese | bwiese at cotse.com | aim: unolinuxguru
------------------------------------------------------
GnuPG/PGP key 0x6BFF6681 | "FREEDOM!" - Braveheart
------------------------------------------------------
This is not about Napster or DVDs. It's about your Freedom.
I'll see your DMCA and raise you a First Amendment.
http://www.anti-dmca.org
More information about the OLUG
mailing list