Endre_Szekely_Benczedi
asked on
SmartFilter & Squid question
Hi,
I would need to move a squid from Windows NT (heh) to some Unix (i386) machine. Also, I would like to use SmartFilter (www.securecomputing.com) to filter some urls or whatever. I need to know the following:
What OS would you recommend (preferably free one, for business use) to run Squid and Smartfilter on?
Smartfilter compatibility list only lists Solaris and Redhat; but Redhat Linux support and development ends with April this year, so perhaps something else?
I was thinking on 1) Slackware, and 2) OpenBsd.
Unfortunately, I haven't got any experience with OpenBsd, but as I heard it's a nice little pearl for running networking services. But I don't know if it is indeed o.k. for running a Squid.
Also, this SmartFilter thing, would it work on it? Or I just choose Slackware?
I'd appreciate any feedback on this from people who used this combination.
Thanks,
Endre.
I would need to move a squid from Windows NT (heh) to some Unix (i386) machine. Also, I would like to use SmartFilter (www.securecomputing.com) to filter some urls or whatever. I need to know the following:
What OS would you recommend (preferably free one, for business use) to run Squid and Smartfilter on?
Smartfilter compatibility list only lists Solaris and Redhat; but Redhat Linux support and development ends with April this year, so perhaps something else?
I was thinking on 1) Slackware, and 2) OpenBsd.
Unfortunately, I haven't got any experience with OpenBsd, but as I heard it's a nice little pearl for running networking services. But I don't know if it is indeed o.k. for running a Squid.
Also, this SmartFilter thing, would it work on it? Or I just choose Slackware?
I'd appreciate any feedback on this from people who used this combination.
Thanks,
Endre.
Actually depends on volume you want to handle.
OpenBSD is quite fine.
Stack/Memory protections mean that applications are intended to crash on respective bug, instead of it being exploited.
(default OpenBSD handles about 100 proxy users or so, you need to rebuild kernel for more)
FreeBSD is about the same, without accent on security, but works well under heaviest network loads (like Yahoo! etc), and runs on most proxies I have seen.
RedHat is much different from default GNU/Linux toolset, i.e. their kernel and compilers differ from common ones greatly, and you cannot build shipped kernel from sources.
Debian is wel supported by developer/user community, has all the features any other linux advertizes
And the most popular is FreeBSD.
*BSD are updated using source+rebuilds
Linux usually come with binary patches.
OpenBSD is quite fine.
Stack/Memory protections mean that applications are intended to crash on respective bug, instead of it being exploited.
(default OpenBSD handles about 100 proxy users or so, you need to rebuild kernel for more)
FreeBSD is about the same, without accent on security, but works well under heaviest network loads (like Yahoo! etc), and runs on most proxies I have seen.
RedHat is much different from default GNU/Linux toolset, i.e. their kernel and compilers differ from common ones greatly, and you cannot build shipped kernel from sources.
Debian is wel supported by developer/user community, has all the features any other linux advertizes
And the most popular is FreeBSD.
*BSD are updated using source+rebuilds
Linux usually come with binary patches.
ASKER
Will need to handle about 150 users, possibly even 500 at the end of this year.
Will think about this some ... I thought of OpenBSD because its security measures. I am
not familiar with it but worked in suse, redhat, slackware some so it shouldn't be
very hard with the proper documentation.
Will think and perhaps test OpenBSD first, I think.
I saw Debian once and saw that it has a shitload of applications, desktop stuff.
I won't really need that, I'd need a stable and secure server to run Squid on,
and SmartFilter.
Kernel compiling shouldn't be very hard in Linux environment at least, done that
a couple of times on Redhat (from kernel.org sources) and it worked well (RH 9).
Will think about it and possibly make some tests in the near future, and I'll be back here with some results.
Thanks,
Endre
Will think about this some ... I thought of OpenBSD because its security measures. I am
not familiar with it but worked in suse, redhat, slackware some so it shouldn't be
very hard with the proper documentation.
Will think and perhaps test OpenBSD first, I think.
I saw Debian once and saw that it has a shitload of applications, desktop stuff.
I won't really need that, I'd need a stable and secure server to run Squid on,
and SmartFilter.
Kernel compiling shouldn't be very hard in Linux environment at least, done that
a couple of times on Redhat (from kernel.org sources) and it worked well (RH 9).
Will think about it and possibly make some tests in the near future, and I'll be back here with some results.
Thanks,
Endre
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
last backslash is wrong, it is not needed
ASKER
While (as I found out) unfortunately SmartFilter is only distributed as a binary package so I will prolly not able to use it on a BSD system, and will have to run a RedHat, your comment was educating about these proxy-settings for BSD.
Thanks.
Thanks.
Anyway - RedHat has /etc/sysctl.conf.
fs.file-max=65535
and
/etc/security/limits.conf
squid soft nofile 5120
squid hard nofile 5120
add to /etc/pam.d/system-auth
session required /lib/security/pam_limits.s
fs.file-max=65535
and
/etc/security/limits.conf
squid soft nofile 5120
squid hard nofile 5120
add to /etc/pam.d/system-auth
session required /lib/security/pam_limits.s
That only applies to the free version. RedHat Enterprise Linux is available and is supported. Since you intend to use a commercial web filter it would seem to me that there shouldn't be paying a reasonable fee for the OS.
If I were to deploy a commercial package like this I'd certainly use an operating system that the package vendor supports. It might work fine on some other OS, but if any problems arise it could be difficult to get such issues resolved.