MX-18.3 Bare Server Edition respin

[skidoo]

An item for the server discussion thread: speaking as the person who made this, my first MX respin, I wouldn't recommend using MX Linux as the basis for a mission-critical production server. I would, rather, use a distro that's intended for that use and has a track record of security, stability and redundancy, has been built for use on commercially-made server hardware, and has excellent support for using it as a server.

I agree, that disclaimer is quite important.
Without extensive tuning and hardening, a respin of any "desktop -oriented linux" distro is suitable only as a learning lab.
The X environment (the "desktop") is typically omitted from a server-oriented O/S, toward minimizing risk of vulnerabilities.
Further, on a server, the "sudo" command is typically absent, by design.

Code: Select all

timestamp_timeout=0

^---> establishes a sudoers policy such that the sudo password expires every 0 (zero) seconds.
This means that every time sudo is invoked, it will ask for a password.
Without this as a starting point, a respin described as "for servers" will be cruel joke disservice
.

Anyone here using MX Linux as a server?
Let's say I wanted to have an e-commerce website(small one), I believe it would be fine under MX then?

running a desktop-oriented linux distribution on a public-facing server is certainly contrary to BestPractices. Full stop.

No need to "Full stop." A lot of people run server functions on their desktop computers. The kernel refinement is more important to the desktop (responsiveness) than it is to the server. You can also install your server into a VirtualBox virtual machine if you'd like to segregate your stuff. No need to give the impression that MX is fatally flawed as a server.

Also, for usage as an "at-home server" (or even as a "learning lab"),
it will be advisable to remove some additional "desktop-oriented" niceties//conveniences, e. g.:
.

antiX-19-b1-full (64 and 32 bit) available

the automount-antix uses devmon to provide the automounting of removable media.

the defaults do indeed utilize noexec on removable media. we could possible add an option to override that.

{ skidoo cringes }

.
@JayM, I haven't yet checked out your project. If you are already attending to security-related considerations, great. If not, please do so.

[manyroads]

I guess I just am not smart enough to understand why someone would want to disassemble a perfectly good desktop like MX and attempt to build a server out of it. There are perfectly useful, equally inexpensive, tried and true server distros available. [sarcasm] I guess the 'advantage is that this is more work and riskier[/sarcasm].

If someone really wants to learn how to build and maintain a Linux Server distro software, I'm 'pretty certain' the folks mentioned in the attached article are still accepting help.

https://www.techradar.com/news/best-linux-server-distro

[JayM]

Alpha 2 has been uploaded:
https://sourceforge.net/projects/mx-linux-bse-respin/

Removed catfish xfce-appfinder sudo pmount (thanks, skidoo. It now prompts for the root password every time you try to run anything with elevated privileges and no longer allows mounting partitions by non-root users.)
Installed gnome-search-tool (Catfish sometimes stops responding during a search depending on the search criteria, and it bogs down the whole computer when that happens. Gnome's search app seems not to do that and performs many of the same functions as catfish.) Also added README and CHANGELOG files.

I thought about, then decided against, installing the RAID software controller and lvm management packages. Those who need them may install them themselves. I don't want to have any packages installed in this respin that are unneeded as they may lead to security issues, just as you would disable any unneeded services/daemons. The only one I installed was samba, which had been uninstalled in Manyroads' minimal respin that mine is based on, and samba's service can be disabled within the installer when someone goes to install my respin on their HDD or SDD.

[JayM]

I guess I just am not smart enough to understand why someone would want to disassemble a perfectly good desktop like MX and attempt to build a server out of it. There are perfectly useful, equally inexpensive, tried and true server distros available. [sarcasm] I guess the 'advantage is that this is more work and riskier[/sarcasm].

If someone really wants to learn how to build and maintain a Linux Server distro software, I'm 'pretty certain' the folks mentioned in the attached article are still accepting help.

https://www.techradar.com/news/best-linux-server-distro

I only did this project because I wanted to try my hand at building a respin as I'd never done that before, and I was trying to think of one that others might find useful and that hadn't already been done. I decided to make an MX server edition that included all of the server packages preinstalled (samba, apache, PHP, mysql, service and system monitors, intrusion detection stuff, etc.) then I thought no, if someone wants to try using MX as a server it would be better if they had the barest minimum of things preinstalled on it then they would only install just what they needed themselves, and no more.

I personally would never even consider using this in a production work environment or as a publicly-accessible server on the Internet, but I might if I had a need for a simple server at home such as to make my mp3 collection available throughout my home network so I could listen to my music on a laptop in the kitchen while cooking dinner or while barbecuing on the patio, or to use for storing backups of all my computers, or if I wanted to set up a webserver or database server at home just to play with or learn on.

[JayM]

Without extensive tuning and hardening, a respin of any "desktop -oriented linux" distro is suitable only as a learning lab.

Agreed. That or a personal server on one's own home network.

Further, on a server, the "sudo" command is typically absent, by design.

sudo has been uninstalled in version a2. Thanks for the tip.

Also, for usage as an "at-home server" (or even as a "learning lab"),
it will be advisable to remove some additional "desktop-oriented" niceties//conveniences, e. g.:
.

antiX-19-b1-full (64 and 32 bit) available

the automount-antix uses devmon to provide the automounting of removable media.

the defaults do indeed utilize noexec on removable media. we could possible add an option to override that.

automount-antix is not installed.

@JayM, I haven't yet checked out your project. If you are already attending to security-related considerations, great. If not, please do so.

See my post about version a2. If you have any other suggestions I'm all ears. Thanks again.

[jackdanielsesq]

JayM

Must have your missed #2 by a whisker - we are in similar time zones - used #1 to build another KDE DE
It is running like the proverbial bat .. the only problem I had with #1 was the Quipzilla browser kept
crashing - subsequently removed same, installed Firefox instead, which is flawless .. a great job indeed.

Regards

Jack

[JayM]

Thanks. It's good to hear that someone finds my (very first) respin useful. Version a2 mainly adds some security features by uninstalling a bit more stuff as skidoo suggested.

[jackdanielsesq]

You are welcome ....

[JayM]

Alpha 3 was just uploaded to Sourceforge: https://sourceforge.net/projects/mx-linux-bse-respin/

Changes: Put sudo back but changed the timestamp_timeout value from the default 5 (minutes) to 0 so sudo prompts for your password every time you use it (at skidoo's recommendation), removed gnome-keyring to prevent "remembering" the root password so it also prompts for that every time it's needed, installed the Debian 4.0 LTS kernel so that after the respin has been installed it will be available as a back-up kernel in case there are issues with the default 4.19.0-1 or newer kernel(s), and created desktop launchers for "QSI" (Quick System Info) and for the MX Wiki website.

I discovered that the a2 version has problems running as a persistent or frugal live USB so I don't recommend using it. a3 is actually based on a1: I just did the same things to it that I did yesterday to make a2 except for removing sudo, plus the other things I just mentioned. Also, I decided not to create the same extra panel launchers for certain apps that I did in a2 as there's really no need as the menu is pretty sparse so things will be easy to find there.

If anyone wants to test this BSE respin please do so using a3 until further notice.

[m_pav]

I see that a huge bunch of locales has been removed. I usually do that once installed to hard disk, never on a redistributable ISO. Don't know if that was your work or somebody elses, but it really mucks with the locale set at boot when running live and can flow into the installer. I found it when running the installer and discovered only a handful of locales were available. An example from the english locales, having a live ISO with only US based rules and provision for imperial measurements and clock settings really messes up the clock settings and measurement units for countries that use the metric system.

Thankfully, it's just a matter of re-introducing the correct locale for the region prior to installing, but to my way of thinking, having the ability to select the locale prior to booting and not having it available post-boot is an absolute no-no. I think it would be both prudent and wise to have all the base locales, identical to the original MX ISO re-enabled for A4.