Page 1 of 1
MX-18.3 Bare Server Edition respin
Posted: Wed Jun 19, 2019 5:33 am
by JayM
Based on Manyroads'
MX18 Continuum (Minimal) Release running on a Live USB, I took it a step farther and created a "minimal-er" respin of MX for use as the basis for building a small server for use in a home or small office environment, removing everything that won't be needed on a server. It should be ready for use as a samba file and print server (for a connected printer.) Additional server software such as Apache, PHP, MySQL, and media server applications may be installed from the Popular Applications or MX Stable repository using the MX Package Manager (MXPI.) This respin can also be used as a base installation for applications such as pen testing, creating a Darknet-based secured OS similar to Tails, or for other uses that you don't want to be based on a typical desktop-oriented Linux distro with unneeded cruft such as creating your own custom respin with only the packages that
you want installed.
- Ran apt update and apt-upgrade so it has all of the current MX 18.3 updates as of today
- Installed featherpad, qupzilla, samba
- Removed adobe-flash-properties-gtk, adobe-flashplugin, alsa-tools, alsa-utilities, blueman, bluetooth, bluez, bluez-cups, bluez-firmware, bluez-obexd, bluez-tools, compton, compton-conf, conky-all, conky-manager, conky-toggle-mx, ffmpeg, firmwareintelsound, flac, flake, gstreamer1.0-alsa, gstreamer1.0-pulseaudio, icedax, ideviceinstaller, ifuse, imagemagick, imagemagick-6-common, imagemagick-6.q16, java-common, lame, mx-clocky, mx-codecs, mx-conk,y mx-conky-data, mx-idevicemounter, mx-iphone, mx-select-soun,d mx-sound-theme-fresh-and-clean, mx-system-sounds, mx17-artwork, mx18-artwork, nano, openjdk-8-jre, openjdk-8-jre-headless, opustools, pavucontrol, pulseaudio, pulseaudio-module-bluetooth, pulseaudio-utils, python-imobiledevice, soundthemefreedesktop, sox, speex, transmission-common, transmission-gtk, usbmuxd, volumeicon-alsa, vorbis-tools, wavpack, xfburn, xfce4-pulseaudio-plugin, xfce4-weather-plugin
- Chose "none" as the default user wallpaper, added panel launchers for the Xfce Terminal and Qupzilla browser, added Clock to the panel
- Copied contents of the demo home directory to /etc/skel
- Ran MX Cleanup, remastered and created a general snapshot for distribution to others
https://sourceforge.net/projects/mx-linux-bse-respin/
Re: MX-18.3 Bare Server Edition
Posted: Wed Jun 19, 2019 6:20 am
by Jerry3904
Sounds interesting! Please be sure to post the link in
rasat's running remix thread.
Re: MX-18.3 Bare Server Edition respin
Posted: Wed Jun 19, 2019 6:41 am
by JayM
Done.
Re: MX-18.3 Bare Server Edition respin
Posted: Wed Jun 19, 2019 10:37 am
by manyroads
Good job! There was someone on here wanting to discuss the use of MX as a server. You might wish to open a thread on the topic.
Re: MX-18.3 Bare Server Edition respin
Posted: Wed Jun 19, 2019 10:39 am
by Jerry3904
a small server for use in a home or small office environment
Re: MX-18.3 Bare Server Edition respin
Posted: Wed Jun 19, 2019 10:42 am
by manyroads
Sorry to be so dense, but I have been coding all morning... (weak excuse, I know). I did not realize this was a standalone thread when I wrote my previous comment. This is a GREAT thread for discussing MX servers. :lipsrsealed:
Re: MX-18.3 Bare Server Edition respin
Posted: Wed Jun 19, 2019 9:03 pm
by JayM
I originally thought about pre-installing Apache, PHP, SMTP/POP3, NFS, MySQL and all the server stuff I could think of to make this a "server in a box" respin, but then I luckily came to my senses and remembered that server sysadmins don't want any extra, unneeded services running that might prove to be security holes, so I just made this the bare minimum MX installation as a platform to build on by installing just what they want and nothing else, just as Manyroads did with his Minimal respin as a basis for building other MX respins with different DEs and tiling WMs. He actually did most of the work, I just removed even more things than he did. I asked myself "Is this needed on a server?" based on memories of my computer support/IT/sysadmin days in a prior lifetime*. When in doubt I left it, but when I was sure I removed it: audio, bittorrent client, extra wallpapers, Java all went byebye. Sysadmins
do sometimes need Web access when they're at a server's console so I installed a lightweight web browser, and every computer should have a text editor to read READMEs if nothing else, so I put featherpad back. I also reinstalled Samba so it could do file and printer sharing OOTB, and people can install additional packages (and disable or uninstall samba) if they want to make a web server, mail server, DNS server or whatever, plus things like intrusion detection and system monitoring packages.
Someone could get a low-end file & print server like this:
https://www.ebay.com/itm/QNAP-TS-469L-D ... SwRcZcaY5G
and set it up with a RAID and some sort of additional backup solution like
https://www.ebay.com/itm/HP-Storagework ... SwJqVc~3hP
install this respin, and set up samba shares for a network file server with every user having their own share on the server to save their files to, so if their computer died they wouldn't lose their data. Around $500 for a little office file server complete with tape backup: not bad! The only thing I'm not sure of is whether or not MX supports a software RAID controller for those who want to set up an old desktop PC that they already have as a file server instead of buying dedicated hardware, such as for home use when they want to just throw something together from their junk pile and spare parts stash without spending any money.
A person could also use this respin as a basis for making a system meant for "serious" use as opposed to typical desktop PC use, such as pen testing and similar security work for example.
A Linux server OS isn't so much a matter of having a lot of features, it's about simplicity, robustness, performance and security (Most are headless and don't even have a GUI.) MX has the first three in spades, and it's always up to sysadmins to secure their own systems anyway. MX
is very quick to provide patched kernels whenever a new exploit or vulnerability is found, so I don't see any reason why this distro shouldn't be used as the basis of servers in a smaller, non-enterprise environment.
*I remember installing NT Server and being irritated at how long it took as it was copying .bmps and .wavs, as if a server needs those. I think even the games were included. This is more or less an MX version of NT Server with its GUI console but without all of that irritating cruft that if I were Microsoft I would have left out of their server products.
Re: MX-18.3 Bare Server Edition respin
Posted: Mon Jul 01, 2019 2:17 am
by JayM
An item for the server discussion thread: speaking as the person who made this, my first MX respin, I wouldn't recommend using MX Linux as the basis for a mission-critical production server. I would, rather, use a distro that's intended for that use and has a track record of security, stability and redundancy, has been built for use on commercially-made server hardware, and has excellent support for using it as a server.
This respin is meant more for people who want to experiment with repurposing an old desktop PC as a server: it's more for playing with, and not intended for use in critical applications. It could be deployed as an internal server in a small office environment, with the understanding that this respin isn't a real Linux server and that there are no guarantees regarding uptime and availability (especially if using a standard desktop PC as the server hardware without redundant power supplies and other hardware points of potential failure, a RAID, an automated daily incremental backup and weekly full backup solution in place, etc.) and it is entirely up to the person who chose to use it as a business server to make it work and keep it working. I would instead recommend using the respin as a home server for convenience in file- and printer-sharing, or as a media server so any machine on the home network could access your music and video collections, or as a backups storage server for your desktop/laptop machines to save their automated backups to, or similar non-critical uses.
One thing I would definitely do is disable the cron job that automatically checks for and applies updates. (I may actually make a newer version of the iso where that's already disabled). If someone goes ahead and uses this to build a serious server that users will be relying on to get their work done, I would advise that they also install an instance of it within a VM, enable the automatic updates there, and monitor and test them before (manually) applying those updates to the main machine, which I would do after normal business hours and at a scheduled date and time with the users being informed beforehand.
I'd also be very leery of deploying an MX server in a situation with an open Internet connection, outside of a firewall or within a DMZ, unless I knew what I was doing wrt hardening and securing such systems against intrusions or other attacks. While MX is probably secure enough for regular desktop use, you can bet your boots that if there's any vulnerability on a public system that has a direct Internet connection it will be found and exploited. I would also make myself aware, by subscribing to the MX blog, running an RSS app, and/or visiting the forum at least daily to keep myself abreast of any important announcements that might impact my server and my business.
Re: MX-18.3 Bare Server Edition respin
Posted: Mon Jul 01, 2019 7:00 am
by m_pav
Certainly an interesting project. Will download and have a look when I can, though very busy working 13 hours a day for the next few weeks.
Basic servers really need a few more services available OOTB, such as RAID, and dynamic volume management, but I wholeheartedly agree with your positioning statement about this being a potentially good desktop based home media/backup server.
Re: MX-18.3 Bare Server Edition respin
Posted: Mon Jul 01, 2019 7:33 am
by JayM
m_pav wrote: Mon Jul 01, 2019 7:00 am.
Basic servers really need a few more services available OOTB, such as RAID, and dynamic volume management
Perhaps, but I didn't want to include a lot of packages that may not be needed in certain applications. By the way, which particular packages would you recommend for those two things?
Re: MX-18.3 Bare Server Edition respin
Posted: Mon Jul 01, 2019 2:19 pm
by skidoo
An item for the server discussion thread: speaking as the person who made this, my first MX respin, I wouldn't recommend using MX Linux as the basis for a mission-critical production server. I would, rather, use a distro that's intended for that use and has a track record of security, stability and redundancy, has been built for use on commercially-made server hardware, and has excellent support for using it as a server.
I agree, that disclaimer is quite important.
Without extensive tuning and hardening, a respin of any "desktop -oriented linux" distro is suitable only as a
learning lab.
The X environment (the "desktop") is typically omitted from a server-oriented O/S, toward minimizing risk of vulnerabilities.
Further, on a server, the "sudo" command is typically absent, by design.
^---> establishes a sudoers policy such that the sudo password expires every 0 (zero) seconds.
This means that
every time sudo is invoked, it will ask for a password.
Without this as a starting point, a respin described as "for servers" will be cruel joke disservice
.
skidoo wrote: Sat Feb 02, 2019 5:45 pm
running a desktop-oriented linux distribution on a public-facing server is certainly contrary to BestPractices. Full stop.
figueroa wrote: Sun Feb 03, 2019 11:27 pm
No need to "Full stop." A lot of people run server functions on their desktop computers. The kernel refinement is more important to the desktop (responsiveness) than it is to the server. You can also install your server into a VirtualBox virtual machine if you'd like to segregate your stuff. No need to give the impression that MX is fatally flawed as a server.
Also, for usage as an "at-home server" (or even as a "learning lab"),
it will be advisable to remove some additional "desktop-oriented" niceties//conveniences, e. g.:
.
skidoo wrote: Sun Jun 16, 2019 11:51 am
antiX-19-b1-full (64 and 32 bit) available
the automount-antix uses devmon to provide the automounting of removable media.
the defaults do indeed utilize noexec on removable media. we could possible add an option to override that.
{
skidoo cringes }
.
@JayM, I haven't yet checked out your project. If you are already attending to security-related considerations, great. If not, please do so.
Re: MX-18.3 Bare Server Edition respin
Posted: Mon Jul 01, 2019 2:37 pm
by manyroads
I guess I just am not smart enough to understand why someone would want to disassemble a perfectly good desktop like MX and attempt to build a server out of it. There are perfectly useful, equally inexpensive, tried and true server distros available. [sarcasm] I guess the 'advantage is that this is more work and riskier[/sarcasm].
If someone really wants to learn how to build and maintain a Linux Server distro software, I'm 'pretty certain' the folks mentioned in the attached article are still accepting help.
https://www.techradar.com/news/best-linux-server-distro
Re: MX-18.3 Bare Server Edition respin
Posted: Tue Jul 02, 2019 1:09 am
by JayM
Alpha 2 has been uploaded:
https://sourceforge.net/projects/mx-linux-bse-respin/
Removed catfish xfce-appfinder sudo pmount (thanks, skidoo. It now prompts for the root password every time you try to run anything with elevated privileges and no longer allows mounting partitions by non-root users.)
Installed gnome-search-tool (Catfish sometimes stops responding during a search depending on the search criteria, and it bogs down the whole computer when that happens. Gnome's search app seems not to do that and performs many of the same functions as catfish.) Also added README and CHANGELOG files.
I thought about, then decided against, installing the RAID software controller and lvm management packages. Those who need them may install them themselves. I don't want to have any packages installed in this respin that are unneeded as they may lead to security issues, just as you would disable any unneeded services/daemons. The only one I installed was samba, which had been uninstalled in Manyroads' minimal respin that mine is based on, and samba's service can be disabled within the installer when someone goes to install my respin on their HDD or SDD.
Re: MX-18.3 Bare Server Edition respin
Posted: Tue Jul 02, 2019 2:28 am
by JayM
manyroads wrote: Mon Jul 01, 2019 2:37 pm
I guess I just am not smart enough to understand why someone would want to disassemble a perfectly good desktop like MX and attempt to build a server out of it. There are perfectly useful, equally inexpensive, tried and true server distros available. [sarcasm] I guess the 'advantage is that this is more work and riskier[/sarcasm].
If someone really wants to learn how to build and maintain a Linux Server distro software, I'm 'pretty certain' the folks mentioned in the attached article are still accepting help.
https://www.techradar.com/news/best-linux-server-distro
I only did this project because I wanted to try my hand at building a respin as I'd never done that before, and I was trying to think of one that others might find useful and that hadn't already been done. I decided to make an MX server edition that included all of the server packages preinstalled (samba, apache, PHP, mysql, service and system monitors, intrusion detection stuff, etc.) then I thought no, if someone wants to try using MX as a server it would be better if they had the barest minimum of things preinstalled on it then they would only install just what they needed themselves, and no more.
I personally would never even consider using this in a production work environment or as a publicly-accessible server on the Internet, but I might if I had a need for a simple server at home such as to make my mp3 collection available throughout my home network so I could listen to my music on a laptop in the kitchen while cooking dinner or while barbecuing on the patio, or to use for storing backups of all my computers, or if I wanted to set up a webserver or database server at home just to play with or learn on.
Re: MX-18.3 Bare Server Edition respin
Posted: Tue Jul 02, 2019 3:16 am
by JayM
skidoo wrote: Mon Jul 01, 2019 2:19 pm
Without extensive tuning and hardening, a respin of any "desktop -oriented linux" distro is suitable only as a
learning lab.
Agreed. That or a personal server on one's own home network.
Further, on a server, the "sudo" command is typically absent, by design.
sudo has been uninstalled in version a2. Thanks for the tip.
Also, for usage as an "at-home server" (or even as a "learning lab"),
it will be advisable to remove some additional "desktop-oriented" niceties//conveniences, e. g.:
.
skidoo wrote: Sun Jun 16, 2019 11:51 am
antiX-19-b1-full (64 and 32 bit) available
the automount-antix uses devmon to provide the automounting of removable media.
the defaults do indeed utilize noexec on removable media. we could possible add an option to override that.
automount-antix is not installed.
@JayM, I haven't yet checked out your project. If you are already attending to security-related considerations, great. If not, please do so.
See my post about version a2. If you have any other suggestions I'm all ears. Thanks again.
Re: MX-18.3 Bare Server Edition respin
Posted: Tue Jul 02, 2019 4:02 am
by jackdanielsesq
JayM
Must have your missed #2 by a whisker - we are in similar time zones - used #1 to build another KDE DE
It is running like the proverbial bat .. the only problem I had with #1 was the Quipzilla browser kept
crashing - subsequently removed same, installed Firefox instead, which is flawless .. a great job indeed.
Regards
Jack
Re: MX-18.3 Bare Server Edition respin
Posted: Tue Jul 02, 2019 4:30 am
by JayM
Thanks. It's good to hear that someone finds my (very first) respin useful. Version a2 mainly adds some security features by uninstalling a bit more stuff as skidoo suggested.
Re: MX-18.3 Bare Server Edition respin
Posted: Tue Jul 02, 2019 4:50 am
by jackdanielsesq
You are welcome ....
Re: MX-18.3 Bare Server Edition respin
Posted: Wed Jul 03, 2019 8:23 am
by JayM
Alpha 3 was just uploaded to Sourceforge:
https://sourceforge.net/projects/mx-linux-bse-respin/
Changes: Put sudo back but changed the timestamp_timeout value from the default 5 (minutes) to 0 so sudo prompts for your password every time you use it (at skidoo's recommendation), removed gnome-keyring to prevent "remembering" the root password so it also prompts for that every time it's needed, installed the Debian 4.0 LTS kernel so that after the respin has been installed it will be available as a back-up kernel in case there are issues with the default 4.19.0-1 or newer kernel(s), and created desktop launchers for "QSI" (Quick System Info) and for the MX Wiki website.
I discovered that the a2 version has problems running as a persistent or frugal live USB so I don't recommend using it. a3 is actually based on a1: I just did the same things to it that I did yesterday to make a2 except for removing sudo, plus the other things I just mentioned. Also, I decided not to create the same extra panel launchers for certain apps that I did in a2 as there's really no need as the menu is pretty sparse so things will be easy to find there.
If anyone wants to test this BSE respin please do so using a3 until further notice.
Re: MX-18.3 Bare Server Edition respin
Posted: Sat Jul 27, 2019 12:28 am
by m_pav
I see that a huge bunch of locales has been removed. I usually do that once installed to hard disk, never on a redistributable ISO. Don't know if that was your work or somebody elses, but it really mucks with the locale set at boot when running live and can flow into the installer. I found it when running the installer and discovered only a handful of locales were available. An example from the english locales, having a live ISO with only US based rules and provision for imperial measurements and clock settings really messes up the clock settings and measurement units for countries that use the metric system.
Thankfully, it's just a matter of re-introducing the correct locale for the region prior to installing, but to my way of thinking, having the ability to select the locale prior to booting and not having it available post-boot is an absolute no-no. I think it would be both prudent and wise to have all the base locales, identical to the original MX ISO re-enabled for A4.
Re: MX-18.3 Bare Server Edition respin
Posted: Sat Jul 27, 2019 1:14 am
by m_pav
In addition to the above, I remembered that somewhere along the line, the complete live demo configs were all copied to /etc/skel. This should never happen because it can copy a massive bunch of stuff that should never be redistributed.
Populating the skeleton folder needs to done in a very precise and very selective way so as to avoid introducing errors and unwanted/unwarranted and potentially dangerous configs to other users.
In /etc/skel/.config/ the startup folder has entries for apps that simply don't exist on this build and a complete profile for qupzilla is in there too. I would suggest copying the contents from a clean /etc/skel directly from a standard 18.3 iso, strip everything out that is no longer needed and replace the /etc/skel on your live-iso so as to avoid redistributing a skeleton file with dirty configs because the contents of /etc/skel are copied to every user account created in the installed system, excluding root.
Also do the same with the /root/ folder, esp the .config and /local where I found some dirty configs too, including a particularly troubling one, the presence of past keyrings in both the /root account profile folder and the skeleton file placed in /etc/skel ( yeowch! )
This info comes from the A1 iso, I don't have the A3, but I've not seen any indication in the dialogue in this thread, so I am assuming they will still be there.
I have just taken some cleaned up copies of the folders for you, should you wish to use them, they are on my Google drive at the following link.
https://drive.google.com/open?id=1ScqP3 ... NR21G_l9QL
Re: MX-18.3 Bare Server Edition respin
Posted: Sat Jul 27, 2019 3:35 am
by JayM
Thanks, Mike. It's because I don't really know what I'm doing regarding respins and there aren't any step-by-step instructions that I've found, so I'm just learning as I go. BSE A1 was the very first one I ever attempted.
A1 was taken from an installed system and the snapshot was made as a personal one. A3 is based on a remastered live USB with persistence and IIRC its snapshot is a general one for distribution to others. If you have time, maybe you could have a look at A3 and see if I messed it up too?
Also a question: when making a respin, how do you ensure that new user accounts' default desktops look the way you intend for them to look? I've just been setting up demo the way I want then copying all files from /home/demo to /etc/skel except for things like log files, lock files and caches, telling it to overwrite all files when I paste.
Thanks again.
Re: MX-18.3 Bare Server Edition respin
Posted: Sat Jul 27, 2019 6:29 pm
by m_pav
I don't want to rock the boat here because some great work has been accomplished with this build. If it were me, I'd carefully examine and document the entire process, starting from manyroads strip-down process to achieve a minimalist build, then adding to it what you've done. From there, I would assemble a plan to achieve the best possible home server build using best practices for repackaging and redistribution using a virtualised environment with only the necessary elements typical of a barebones server as the build environment.
If there was one more thing I would also investigate, it would be replacing the kernel with one that has a clock speed of 400hz. Desktop kernels typically have a much higher clock speed like 800-1000hz so they can run multimedia and while they can be used on a server, they're not ideal.
Re: MX-18.3 Bare Server Edition respin
Posted: Sat Jul 27, 2019 6:43 pm
by m_pav
Sorry, I forgot to answer your question about the user configs. I tried to give you the basis for that in my earlier post, examining the contents of /etc/skel for clues as to what you can safely include, which is why I placed a link to download the compressed files from my drive account. I have trimmed a handful of items in there. Compare those contained in my compressed archive on Google Drive folder by folder with the one shipped in MX-18 to get an idea of where to start. Another folder tree to examine is /etc/xdg/
Generally, you only need to add, edit or remove single files to achieve your desired result. I have family pulling me every which way right now so I can't give a concise answer because I have to attend to them for the day.
Re: MX-18.3 Bare Server Edition respin
Posted: Sun Jul 28, 2019 6:34 am
by JayM
I've removed the alpha versions, hopefully addressed the issues in /etc/skel, remastered and created a new snpshot which I'm calling the beta 1 version. I've also changed the category on the Sourceforge page from alpha to beta:
https://sourceforge.net/projects/mx-linux-bse-respin/
Re: MX-18.3 Bare Server Edition respin
Posted: Sun Jul 28, 2019 6:53 am
by Jerry3904
Re: MX-18.3 Bare Server Edition respin
Posted: Sun Jul 28, 2019 7:03 am
by JayM
Yes, at the top of the list.
Re: MX-18.3 Bare Server Edition respin
Posted: Sun Jul 28, 2019 7:08 am
by Jerry3904
Thanks. It's a great resource and has been linked in social media, so I just try to make sure it is being kept up to date.
Re: MX-18.3 Bare Server Edition respin
Posted: Sun Jul 28, 2019 7:19 am
by JayM
Rasat links the forum topics for each respin in his list, not their download links or anything, so all one has to do is post a reply to his or her own topic regarding updated versions or changes in downloading sites.