In our series about building Linux servers, we will cover all the needs of an organization and emphasize how Linux will be able to assist the organization’s requirements. We begin the series with the basics of a networked organization: network, file and printer sharing, and a proxy server.
Before you choose your server, it is important to note your requirements and the anticipated growth of your network. If you have a small office with a couple of employees and you think you may have 100 in 2 years, then one of today’s fast computers will do it. If you already have an office with some hundred employees and think that number will climb to some thousand, then go with a professional solution.
For many items in the series, I will assume a wired network and command line usage. The X server (or the graphical user interface) is not recommended for server computers to avoid additional security risks. Wireless interfaces are not difficult really; they just need a little different configuration.
As noted by almost everyone, Linux was born to be networked. In fact, it was born on the network. In today’s business life, everybody is networked, be it through a corporate local area network or the Internet. Linux has all the necessary foundations to act as a network server, even with the default desktop installation.
Before we go on, you must remember that you have to configure each computer’s hostname as a unique value. No two computers can have the same hostname on a network.
The file that you will use is /etc/network/interfaces, which includes IP Address (address), Network Mast (netmask), Broadcast IP Address (broadcast), Class C Network Address (network) and Gateway IP Address (gateway). The words in the parentheses are the ones that you will see in the /etc/network/interfaces file. When you set them to your network’s IP addresses and restart your network with the /etc/init.d networking restart command (as root), there is nothing left to do – your Linux computer will start to work as a network server.
If you want to give your server a test and see the computers connected to it, issue the nmap -sP 192.168.1.1-255 command (as root). The output should be Host tbalci (192.168.1.2) appears to be up for all the computers that are connected. If you have one which is not on the output, check the network cables and the network settings of that computer first.
For corporate file sharing, we need to do a little configuration to our Linux server. The file sharing we choose is to allow the users to access folders on the server with read/write or read only modes, as if the shared folder on the server is part of their local folders ’nfs-kernel-server’ to the server and ’nfs-common’ to the clients. Installing the server package will give a ‘Not starting NFS Kernel daemon: No exports’ error. Ignore this for the time being. The installation will create an /etc/exports file where you map users’ folders to the shared folders on the server (the error is due to the fact that the /etc/exports file is empty upon installation). Assume that there is a computer with the hostname tbalci and you want him to connect to /home/shared_folder with read and write rights. For this, you have to make the following entry in the /etc/exports file:
/home/shared_folder tbalci(rw, sync)
After making the entries in the /etc/exports file, you have to issue /etc/init.d/nfs-common and /etc/init.d/nfs-kernel-server commands (as root) to restart the Network File Server (NFS). When done, go to the Linux computer that will connect to the file server and mount the shared_folder to /home/tbalci/some_folder. If your server name is linserver, then the command will be mount linserver:/home/shared_folder /home/tbalci/some_folder.
The ‘rw’ abbreviation in the parentheses is ‘read write’. It can also be ‘ro’, which is ‘read only’. The ‘sync’ flushes disk writes more and, therefore, is the recommended option. If you omit the sync argument, you will get ‘defaulting to sync operation’ when you are starting the NFS server. The argument can also be ‘async’ – you can read about the sync/async difference here.
You can take this implementation even further. You can map users’ /home folders to the File Server, and this way you will not have to bother yourself with the individual computers’ backups. A complete server backup will save all the users’ documents.
Nowadays the number of printers that can be networked, i.e. the ones that have wired/wireless connections, are increasing with decreasing prices. If you already have a printer which you want connected to the print server, there are a few small configuration steps.
First, you have to have CUPS (Common Unix Printing System) installed on your server. You have two options to configure your printers: you can either go with the command-line interface, or you connect to the CUPS web interface with a web browser by typing https://192.168.1.1:631/admin to the address (replace 192.168.1.1 with your server’s IP address). I recommend the latter, which is to connect to the CUPS with a web browser, to save time from going through which device URI and PPD to use.
The web interface works with a wizard concept. When you open the web configuration, click on the “Add Printer” to add your printer to CUPS. Then follow the wizard to complete your printer registration to the system.
If you have not purchased a printer, decide on a couple of models and check the printer list in the Linux Printing Website and try to go with a supported printer. If you have a printer at hand, you can search for compatibility or go with a print server for a small investment. These print servers are small gadgets that have one USB or parallel port and one Ethernet port, enabling you to connect your USB/Parallel Port printer to the network. In this case you do not need to mess with the compatibility issues. But my recommendation is to be careful with multi-purpose printers. You will be able to use only the print function with the print server, not the other functions.
In case of a network, you need to have a proxy server installed. The reason to use a proxy server is simple: you want your closed, or protected, network open to the Internet. The benefit of this is, again, simple. Your networked computers send and receive data from the proxy server, and the proxy server itself talks to the Internet. So, instead of the computers in your network, only the firewall server will be vulnerable to attacks.
Proxy Server - continued
There is an additional benefit of a proxy server. The users’ web history will be cached on the proxy server. So, the requests will be first processed by the proxy server and then passed on to the Internet. Consider a situation where User A accesses www.internet.com. The proxy server will retrieve items from the website, such as images, text, etc. and will store them. When User B wants to access the website, the cached elements will be checked and if they are the same, will be delivered to User B’s web browser from the proxy server. This will save you from high bandwidth usage.
The best proxy server software you can find is Squid. The program has been developed for years, is open source, and has been running on hundreds of Internet Service Providers (ISPs) for a very long time. There’s no need to say that the software is incredibly flexible. You can use it to have parental controls on your kids’ Internet usage (time/viewable website limitation) or run an ISP.
I would very much like to give you an overview with the commands, but there are so many possibilities that this is not possible: you can go for authentication (LDAP, MySQL, Radius, NTLM, Active Directory etc.), interception (AtSource, IPTables Policy Route, Linux Redirect etc.), reverse proxy (multiple webservers, Outlook Web Access, Virtual Hosting etc.), Instant Messaging/Chat Program filtering (AOL, ICQ, MSN etc.), and many others. With this flexibility, you can, for example, allow MSN instant messaging but block all other protocols.
You do not need to have separate physical servers to do all of this. What you need is a modern computer, a Linux installation, and a little configuration. All of these servers will run as a regular program on the server with very small resource usage. Plus, you will save lots of resources from license fees, downtime, and the like. If you can not handle all of the configuration yourself, hiring a consultant or outsourcing will also be better than the proprietary competitor software.
This post is part of the series: Building a Linux Server
In this series we look at building and configuring a Linux server from scratch. We will look at configuration in detail and we will determine ways to keep our server as secure as possible.