Network revamp: Linux with Windows

Overall, integrating Linux is fairly simple and, with proper preparation, can be done over a weekend for a LAN of 20 or 30 end user systems. This tutorial covers the process.
(Page 1 of 2)



linux tutorial

More and more corporations and small businesses are taking the Linux plunge these days, and for good reason. The low cost of Linux combined with an abundance of geeks who eat, sleep, and breathe UNIX has created a win-win situation for IT managers and geeks alike. Since it's usually a younger junior systems administrator or "that kid from the design group who knows a lot about computers" who introduces Linux into the workplace, there's already someone in-house to move into a full-time systems administration position with no training required.

In other cases, Linux is just stumbled across on accident, as illustrated by one of my previous contracts. About two years ago, I was brought into a large manufacturing outfit to improve their network. They were having problems all the way around the board, from poor network performance to their NT file server grinding to a halt because they lost their systems administrator and never bothered to hire a new one.

When I was brought in to take a look at their network and to do an initial inventory, I found an old Red Hat Linux 4.2 disc kicking around in their supply cabinet. It turns out that an intern who was working for them introduced them to Linux but wasn't skilled enough to do a full installation. Since they needed a zero-maintenance solution and part of my contract was to get their entire LAN up on the Internet with full e-mail and remote access capability, I decided that Red Hat Linux 5.0 (remember, this was 1997) would make the best replacement for their dying NT server.


Inventory and preparation

The first step in the network overhaul was to get a full inventory of everything touching the network. It's always a good idea to have a list of every system in the building for asset control and to find out the exact environment that end users work in on a day to day basis. Here is a basic inventory checklist to use when collecting data (I've used one of the systems from this upgrade as an example):
  • System Name: John's Beast (Windows 95 Revision A)
  • Description: Computer in John's office
  • Workgroup: HEATSHRINK
  • IP Address: N/A
  • Protocols: NetBIOS, IPX, NetBEUI
  • CPU/RAM/HDD: Intel 486dx2/66, 16MB RAM, 420MB HDD
  • Make/Model: Generic Scratchbuilt PC
  • Serial Number: N/A
  • Asset Tag: XXXX-XXXX
  • Owner Name: John Dough
  • Username: doughj
  • Password: lamepass
  • Applications: MS Office 97 (Word, Excel and PowerPoint), Internet Explorer, Microsoft Outlook, SMS Database Client.
  • Documents: C:\JOHNSTUFF\
Since most of the Windows 95 systems had been neglected and were in pretty poor shape, I decided that it would be best to do a full Windows 95 reinstall after the Linux server came online. That way, I had full control over what got installed, a consistent naming and IP addressing scheme could be instated, and all the little nasty problems that had been cropping up on each system would be wiped out. The last thing you want to happen is for management to blame the new Linux server for Windows 95 crashing.

Also, since a strict backup policy was set in place, I had each end user move all documents from their C: drive to their NT network drive. (Getting end users to actually do this was like pulling teeth, but they tended to comply once I told them that they'd lose three years worth of work when I formatted their hard drive if they don't move their files to the server.) After all users moved their files to the NT server, I started server inventory.

There were two NT production servers online. Both were virtually identical P133 systems with 64MB RAM and 4GB SCSI drives running Windows NT 4.0 Server. The NT server I wouldn't be touching for this upgrade was their domain controller and inventory, tracking, accounting and manufacturing system. Although it needed major work, it wasn't the focus of this job. The second system was just a file server running as a secondary domain controller. The file and directory structure was extremely simple showing that each user had a home directory and there were two shared group directories: an accounting/human relations area and a manufacturing/design area.

Unfortunately, there was no solid username policy in place so the upgrade wouldn't be as transparent as I had hoped. All users were reassigned new eight-character-or-less usernames based on their last name and first initial. A new password policy was also put in place to require alphanumerics and at least one punctuation mark. Since the network was no longer an island and would be connected to the Internet, this was the first security policy set in place.

Username migration took place around 3:00am after the last set of backups fired off. I simply changed the usernames on the domain controller and then pushed the changes to the secondary domain controller. The whole process only took about 30 minutes, including walking from PC to PC changing usernames so the end users wouldn't even have to type in their new name. The next day, each user was assigned a new password and their new username and password was noted on the inventory sheet.


Installing Linux

Since I couldn't afford to take a chance at bringing the NT server offline, I decided to do a redundant install. One of the spare 486dx2/66 systems with 16MB RAM and a 540MB HDD was initially used for their testbed Linux server, but after seeing the performance increase over the P133 running NT, it was decided to keep the 486 in place as their primary proxy, e-mail, Web, and file server.

I decided that using the 540MB HDD as a boot disk and then adding a 7.2GB HDD for /home and /var would be the best configuration. Red Hat Linux 5.0 was chosen because of my experience with it and its flawless performance as a high-load Web server. Had I been doing an equivalent installation, I would have chosen OpenBSD 2.5 or Red Hat Linux 6.0. I used the following partition table to squeeze the most space out of the drive:



/dev/hda1   35MB  /
/dev/hda2   75MB  swap
/dev/hda3  350MB  /usr
/dev/hda4   80MB  /tmp
/dev/hdb1  500MB  /var
/dev/hdb2  6.7GB  /home

Although disk requirements for Red Hat Linux 6.0 and other various distributions have started to skyrocket for a full installation, the above partition table works great for a small server with minimal services and packages installed. The minimal approach was chosen primarily because of security and the lack of funds for new hardware. Besides, the more simple the system, the more secure it is and the easier the maintenance.

Custom package installation was used and only the Base, Network, DNS, Email, FTP, Samba, and Web Server packages were installed. Because the server would rarely be used at the command line, niceties such as Emacs, IRC, and Netscape weren't installed and only the bare minimum tools would be used. The only other non-standard tools that were installed were *hobbit*'s netcat, qmail, sniffit, trafshow, and ssh.

Once the system was up and running, all non-essential services were disabled. Everything in /etc/inetd.conf was turned off except for FTP, IMAP, POP3, and SMTP (for qmail). All daemons were disabled except for httpd and sshd and the passwd file was then shadowed using pwconv5 (Red Hat Linux 6.0 automatically shadows now). As part of the new security policy, disabling everything that wasn't used ensured the system was as secure as possible.



Page 1 of 2

 
1 2
Next Page





Comment and Contribute

 


(Maximum characters: 1200). You have characters left.