The e-smith server and gateway
I tried to use the gateway but to no avail. As it turns out, PCMCIA devices are not supported (at least as part of the installation), something that I failed to notice in the documentation. I could load the PCMCIA package and try to configure it manually. Instead, I decided the best approach would be to do this again with the type of hardware it was intended to support. So, I called a friend at a company I work with on a regular basis and asked if he had a spare server. He did (thanks, Frank).
This time, my test system was a SCSI desktop system with an external modem. The boot was automatic and did not require the diskette. The installation was going very smoothly until I got to the Ethernet card selection. Once again, my card, a Linksys LNE100TX, was not selected although it used a standard Red Hat tulip driver. No problem, I decided that I would not let that slow me down. After all, I could manually add the card later. I finished the configuration and rebooted. In my second experience, I was rather pleased with how well things had worked and how fast.
Here's a quick tip. If you want to get to the command line, log in as "root" and not "admin". After editing my /etc/modules.conf file to load the tulip driver, I discovered the supplied driver is out of date for the card I had purchased. An internet connection would be nice at this point and, as it turned out, I realized that my e-smith gateway was working just fine with the dial-up connection. No trouble there. In fact, it was downright slick. I used the lynx browser to access the Linksys web site in order to get the latest driver.
The excitement was building. I was almost there. I unpacked the source, ran the install script and discovered that I had no C compiler. Tech support informed me that they do not install the compiler for security reasons, and I could accept that, but it wasn't even on the disk. Finally I gave up, found an old ISA card, plugged it in and was able to get the gateway up and running perfectly with one last boot.
In some ways, having problems while doing a review is not such a bad thing. You get to call tech support which gives you a feel for how quickly your questions and concerns will be answered. I am happy to report that not only did I not have to wait in a queue, but the person I spoke with was knowledgeable, helpful and open to the suggestions I made regarding the whole installation process. Consequently, by the time you read this, the problems I experienced may well have been solved.
I've spent a lot of time talking about the installation because I wanted to convey the type of thing that can throw off a turnkey installation like e-smith. Now that the system was up and running, it was time to experience it from the customer's point of view.
As I mentioned, the modem dialer (which uses diald) worked flawlessly. I had some nice tests planned out for this phase of the operation, with my notebook already configured to take advantage of my e-smith gateway. The default installation makes access to the Internet easy with all the appropriate IP masquerading rules already in effect.
Security is a serious issue with e-smith and perhaps its greatest strength. The server does not boot up with a dozen services running and a dozen potential places for a cracker to get in. Even SSH isn't activated by default. This is a very secure system that nonetheless provides a number of services for its internal users. One of the many things that e-smith's browser-based administration interface does is allow you to modify (see Figure 1). This interface is one of e-smith's strengths. With it, a non-technical administrator can oversee an installation and attend to their users' needs.
Through the web interface, you can also set up e-mail using either individual accounts or a multidrop system using fetchmail. Easy to configure, it worked flawlessly on my test (see figure 2). If you want to create and deploy your own web site, there's a menu option for that as well. e-smith's dialog will take you through the configuration for a "starter" web (figure 3). For performance, e-smith even comes with a Squid proxy pre-installed and ready to go.
Did I mention secure services? Besides SSH for secure remote access, e-smith includes a secure Apache web server and secure web-based e-mail as well. Sticking with e-mail for a moment, e-smith also provides a network directory with LDAP.
To round out this package, e-smith provides workgroup and intranet tools with "i-bays", information sharing sites, document repositories, file services that can be configured for local, remote, shared or private access (see Figu>e 4). Once again, easy to set up and use. When you configure a user through the interface, each one magically gets their own file services area. I won't spoil your adventure of discovery, but I will tell you that these "i-bays" also provide ready access to the web site, making it easy to do web design with your favorite HTML editor.
The one qualm I have about the web interface is a minor one. The bright orange "e-smith" banner on each page takes up an awful lot of real estate on the screen. It could be trimmed without affecting the functionality.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide