SuSE Linux 7.2 Professional
If you're going to install your first Linux server or take on the task of deploying Linux on the desktop, you could do a lot worse than SuSE 7.2 Professional. Key features include a journaling filesystem, a crypto filesystem, an easy-to-use desktop environment and network updates.
The first thing you'll notice is that the new SuSE is a huge collection of software and documentation—more than 1,000 pages of manuals, boot and modules floppies, a folder of seven CDs and one DVD and the obligatory square sticker for the front of the case.
Because SuSE is the first distribution to be available on DVD, I decided to celebrate with a new DVD-ROM drive for one of my test systems. Not having to change CDs for a full install, as with previous SuSE installs, is worth it. As you might expect if you've installed Linux in the past few years, pop in the install disk and up comes a friendly GUI install program. SuSE's is called YaST2, and you'll be seeing it later on when you do system configuration changes. The little comic book “Quick Install Manual” helps guide you through the install process and focuses on resizing an existing Microsoft Windows partition, if you have one (if dual booting, don't forget to back up your existing files when you're converting from Windows, as no resizer is perfect in all situations).
The other test machine was an IBM ThinkPad with no CD-ROM. I put in a PCMCIA SCSI card, connected an external SCSI CD-ROM drive and booted from one of two provided floppies. The installer prompted for the floppy to load the driver for the SCSI card, and the install was underway quickly. I only did a “default” install on the ThinkPad, and it didn't require switching CDs.
A feature you'll probably want, but that is not covered in the “Quick Install Manual”, is ReiserFS. Select “custom partitioning - for experts” to get to the secret hidden chain saw, I mean, journaling filesystem. That's also where you'll find the option to make an encrypted partition, and I made /home encrypted on the ThinkPad.
A few screens later, the installer formats the disk(s) and installs packages in one unattended run—unattended if you don't have to change CDs, that is. You might want to invest in a DVD-ROM drive or, if you have a lot of installs to do, reserve some disk space on a server and install over the Net.
The quality of the documentation, which I only started reading when the first install was well on its way, is outstanding. The network manual thoughtfully covers a lot of first-time Linux projects, such as nameserver and Samba setup, and gives a quick introduction to OpenSSH. There's even a chapter on workplace ergonomics.
After installing packages and rebooting (SuSE prompts for the crypto filesystem password on boot if you have one), up comes a good XFree86 setup utility called SaX. There's a large list of monitors, so you probably won't need to find your monitor manual to type in what refresh rates it supports (save the monitor manual anyway). SaX also has a friendly tool to reposition the image on the monitor screen; I didn't need it for 1280 × 1024, but a couple clicks was all it took to get the 1024 × 768 image placed correctly on the desktop machine. For the laptop install, I picked “ThinkPad LCD”, and SaX got it right.
Then it's time to configure the printer, sound and network, and you're done. Don't forget to do an on-line update to get security and other updates, and visit SuSE's mailing lists page and subscribe to suse-security-announce, just in case.
There's also a text-mode install program, YaST1, which is scriptable. You can put a partition scheme, a list of packages to be installed, and almost any system configuration parameters on a floppy, and boot from the floppy to install an entire machine from the network. Unfortunately, this potentially useful feature is under-hyped: the manual doesn't cover it, and the information on SuSE's support site and elsewhere on the Web is sparse.
The KDE2 desktop is the default, and it, along with some other large projects, gets its own directories in /opt. If you're manually partitioning the system, you'll need to create adequate space for /opt as well as /usr, and this is why /opt is fundamentally evil. Applications should each get a subdirectory of /usr/lib or /usr/local/lib, so that you don't need to play Nostradamus when you're deciding how big to make /usr and how big to make /opt. On a desktop system, you'll be able to get away with just root and swap partitions, so /opt isn't so bad there, but anywhere you want multiple partitions for more space or safety, /opt makes you waste space unnecessarily.
SuSE does an excellent job with packaging and integrating KDE. Konqueror, KDE's web browser, is a usable daily driver for all but the worst-designed sites (it even supports a Shockwave Flash plugin), and the rest of the desktop environment is well laid out with sensible defaults. Some of the colors for “ls” are too light to read easily on the default white terminal windows (All right, who at SuSE used to work for Wired?), but if you do a lot of command-line work, you'll be customizing that kind of stuff anyway.
Changing system configuration from the desktop is pointy-clicky, with a dialog box to enter the root password for actions that need to be done as root. It looks pretty convenient for a new desktop user and would be easy for a support person to talk someone through.
The number of network ports open on a default install has come down quite a bit, which is a refreshing change from the “everything on by default” policy we've seen in other distributions. KDE and X each have a high port open during a user session, though.
There are “Personal Firewall” (simple block-everything) and “SuSEfirewall” (allow some traffic through) scripts that you can turn on to block incoming connections. A stealth FIN scan with nmap will still see the blocked ports. This is a nice touch for a security-conscious distribution.
There are three more minor issues with an otherwise solid product. First, the last character in the shell prompt isn't set to change to # by default when you su to root, which a lot of people expect and a lot of documentation assumes. That's a little confusing. The install should also prompt for an address to which mail for root should go, since you don't want important messages piling up in /var/spool/mail/root. And the “Online Update” feature in YaST2 is nifty but doesn't give you a place to enter an HTTP proxy, which might be the fastest or only way of getting new packages from the Net at some sites.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide