finally ordered a hard-drive for my 1U Dell server. 
I am starting with just a single TB, and will see where to go from there. it is likely i will not open the server to the public yet, as i need to do quite a bit of shakedown testing to make sure it is secure from tampering.
but, my server is almost alive
~Travis
Travis:
I was talking with my production manager yesterday about setting up our own server but I know nothing about it. Is is complicated? There are volumes of info out there, any you would recommend?
Tom
I would expect the most difficult thing about setting up a server is ensuring available bandwidth. At my home, i had a webcam server set-up to show a incoming storm and once 4-5 people were streaming my connection shit the bed. For an HTML/PHP site bandwidth is gonna be a lot less that streaming video, especially if you use external hosting for images... but still is a concern.
I have a standard 70 meg service and have options much higher. I don't think I'll need much more for what I want to do.
You have 70meg up and 70 meg down?
I've got 150meg down, but only 10meg up :(; The fastest speed speed is 300meg down and 30meg up.
First of all. Happy to hear you are making progress Travis
TKall:
I have a standard 70 meg service and have options much higher. I don't think I'll need much more for what I want to do.
You need to start with, "What I want to do." Setting up a server is easy. Setting up a server that works reliably for more than one user for more than one day, is another thing entirely. In many ways my job was actually a lot easier in 1989, before setup wizards, out of the box default settings and pre configured routers.
Start with capacity planning; how many concurrent users and what applications. That will give you an idea of where the bottle necks will be. Through to around Y2K the network was invariably the limiting factor but not so much these days. Also decide early on what operating system you are going to use. Windows is easier to administer. Linux is more performant, more robust but sucks up time getting it right during commissioning - Getting it wrong is much easier 
dally:
So Everything must (yes it's a must) be compiled (or recompiled) with the hardened profile. And it's not enough, it's the first step.
Maybe if you are closer to development than support.
The majority of Linux servers residing in data centres are running bog standard Red Hat or Debian or Suse. Outside of embedded, turnkey and bedroom developers, implementation decisions are ruled by commercial factors in my experience; TCO, RoI, ease of duplication and the cost of the skills to provide ongoing support. The bulk of the second line is focused on Windows desktop products - Those are the people I hand over to more often than not.
travis_farmer:
if i don't download it, are you saying i should write Linux code from scratch?
He's saying he recompiles the kernel with his own set of flags. 'Special Sauce' not 'Special Source'
Sometimes the recompile is worth the effort but a lot of times, it's just the same old, obfuscating, prima-donna, donkey crap. Security is one thing but inbuilt dependency on self appointed 'gurus' who can't work effectively in a team can end up being a much greater financial risk.
i don't really have that much time on my hands. besides, it is just a hobby server. i am still not entirely sure if i want to open it up fully to the public, or or not. i may just let only a select few people to be able to access it.
You don't really have a choice. Once your server can be reached from the internet it will get probed and it will get attacked. Exploiting web applications is often the means by which a server gets pwned.
At the end of the day, there is only so much you can do. Google, Amazon, Microsoft, Apple, Sony, have 1000s of the best engineers on the planet working for them, with near to an unlimited budget, and even they can not keep the hackers out entirely.
it's not like i will be running a corporate hosting service. just a personal website, with a hobby forum (if for no other reason than just because i can). other features may arrive in the future, but network port 80 is likely to be the extent of it.
The most valuable commodity for a hacker is free bandwidth and they find lots of it laying unprotected on 'unlimited' residential broad band accounts. You need to take some care to reduce the attack surfaces, keep a regular check on the logs and set up some alerts for any unusual network activity. Best advice is to not put any data on the server that you are not prepared to share or lose.
And, don't let any prima-donna guru put you off trying.
travis_farmer:
what the heck is a private topic?
~Travis
It's stuff that @dally has deleted (maybe because s/he is embarrassed by them), and got moved to the recycle bin.
I can retrieve them if you wish.
dally:
I want to see you removed from mod
You and me both.
You're absolutely right - I am annoying.
We all, in the Italian section
If only your (and your sock-puppet's) ravings were confined to the Italian section . . .
We have noted that a lot of posts have been removed because you don't like pictures of women.
So you work much with schools? Know how hard it is to get sites white-listed on school IT systems?
Do you know how hard it is to make this hobby, and STEM topics in general, wholly inclusive, when women are objectified by a significant section?
When your only defence to a picture of a young woman in a fishnet wife-beater and bikini bottom is "you see the same on Facebook"?
No, of course you don't. You keep proving it.
You're a short-sighted, sexist idiot.
Oh, you have also removed the picture of a very long white train
Nope. Don't be (more) stupid.
reported to the admin
UAT - user acceptance testing.
Wuh?
...and then back on topic...
Don't disregard the various "Pi"s for a server. They have plenty of power for a server, you can attach gobs of storage via USB (or SATA for some models), and most importantly they use very little electricity. Personally I made the switch last summer simply because my server was making my room too hot.
dally:
Wrong! Don't speak for me!I had answered with tecnical details, and then I removed my posts, so you can completely ignore what I was trying to say.
Three things;
Nobody wants to stop you.
You want to stop me. You said as much. I guess you just can not admit responsibility for yourself. You are going to be that person who, when they get things wrong and can not hide it, looks around and tries to blame someone, anyone, everyone else.
My answer may well have been incomplete. To say you recompile the kernel does not discount any of the other things you allude to doing. In the context of Travis' question, do you write your own kernel source? My answer appears to be perfectly adequate. To say, as you have done, I am wrong for having not said what I did not say, is both rude and demonstrates an expectation so logically twisted it provides reason for me to distrust you. [1]
"Hardening" is (in fact) a catch all term; covering everything from simply removing unused user accounts, to locking the system in a bunker physically shielded from electro magnetic interference, with any number of measures in between. In the context of the question being asked, is it hard to set up a server [for home or small business], I see no point in discussing the pros and cons of custom compilation. It's like confusing someone with van der Waals while they are trying to grasp Boyle's Law.
Making it difficult for the sake of making it difficult, yes, that does irritate me.
[1] I am struggling to reconcile your dislike of moderators, passion for smutty avatars and disregard for context, with someone who does, "serious business professionally around servers." Rightly or wrongly the more you say the more you sound to me like some wannabe in a bedroom.
Chagrin:
...and then back on topic...Don't disregard the various "Pi"s for a server.
That's the plan for my DC monitoring upgrade. Model III Pi running probes against the production boxes with mrtg/rrdtool rolling up the reports on a web page.
The I/O on the production boxes is a bit more than I would want to trust to a Pi
travis_farmer:
i have been researching Snort IPS. i used it in the past, though i am sure it has changed since then (it used to be just a IDS). anybody use it? is it still relevant?~Travis
Snort has its uses but there's a lot of time involved in implementing it -- not just in cleaning up rulesets but also integrating it with a firewall so that it's useful. A better place to start would be to install Nessus and use it to run scans against your network.
travis_farmer:
I am sure i will have to do a custom re-install, as the out-of-the-box general install is a little limp on packages. yes, i could manually install the packages i want, but rather than having to chase dependencies, i will let the software do it.
Geez, you are rusty. On RPM-based distributions you just need to "yum search something" to find the name of the package, then "yum install something" to install it. It works out all the dependencies for you.
I'm sure there's also some kind of GUI thingy too, if you're into that sort of thing.
travis_farmer:
I am sure i will have to do a custom re-install, as the out-of-the-box general install is a little limp on packages.
You are right your Linux is a bit rusty and Linux has moved on a long way.
Your Linux Bible is probably going to be more distracting than useful.
What I would do is...
Download the CentOS7 Minimal ISO, burn to a bootable USB stick and run the install.
Getting the network up can be a bind the first time you do it, you could always ask here though..
Once you have internet access,
yum install nano
yum install wget
Then, hop over to webmin.com, import the pgp key, create the repo
yum install webmin
systemctl start webmin
Point your browser at htps://server_ip:10000
And it all get's a lot easier from there on in.
travis_farmer:
i have been researching Snort IPS. i used it in the past, though i am sure it has changed since then (it used to be just a IDS). anybody use it? is it still relevant?~Travis
If you really want IDS / IPS you may want to take a look at
https://suricata-ids.org
Sort of a Snort++
All these things need ongoing management to be effective though. The rule of KISS (keep it simple stupid) being that the more complex the system, the more likely a component will fail [primarily due to human error]. Often it is better to manage one thing well than two things poorly.