On Fri, 25 Sep 2009, Marten Lehmann wrote: > Hello, > > I am currently rsyncing the CentOS tree to one of our server. We are > managing a few dozends of CentOS servers, so it surely will speed up > updates and lead to less wasted bandwidth if we don't update from common > public repositories any longer, but use an internal server instead, that > only syncs once with the master server. > > Now I'm in doubt wether I should make our own mirror public or not. > > The first and main issue are the bandwidth costs. Can you give an > estimate on how much traffic a typical European/German mirror generates > per month? > > The second issue is, that some kiddies might try to attack and hack our > mirror to inject changed packages. Do you have statistics on this? Which > FTP daemon do you recommend for a hardened anonymous-FTP only service? > > Btw.: What do I have to change in the yum config on each server to use > one specific repository server and not the mirrorlist system? Do I just > have comment the mirrorlist line and uncomment the baseurl? Since I'm not a German or European mirror, I don't have an answer to your bandwidth question. As to the issue of being attacked, remember that the packages are signed, so if someone were to compromise your mirror, the changed package would not be signed and would give an error. (If your mirror is compromised, your other clients are still safe.) vsftpd has a good reputation, and is the package provided by Red Hat and CentOS (disclaimer: I don't provide FTP service, just http and rsync). To make your machines go straight to your mirror, yes, 1) comment out the mirrorlist, 2) uncomment the baseurl, and 3) change the baseurl to point to your mirror. DR -- David Richardson <david.richardson at utah.edu> "There are two kinds of statistics: the kind you look up and the kind you make up." -- Archie Goodwin, Death of a Doxy