Right i have my hard drive coming on Monday / Tuesday for my server, and also te replacement motherboard coming from eBay on Tuesday / Wednesday for me.
Basically i want to make it into a file / web / email server
I have downloaded Linux clarkconnect, as i was told this was best.
So any advice i need to make my server as secure as posible, and also good tips to making it the best performance?
dave164
Full Version: My server, plans to setup
QUOTE(dave164 @ Jan 13 2005, 15:11)
Right i have my hard drive coming on Monday / Tuesday for my server, and also te replacement motherboard coming from eBay on Tuesday / Wednesday for me.
Basically i want to make it into a file / web / email server
I have downloaded Linux clarkconnect, as i was told this was best.
So any advice i need to make my server as secure as posible, and also good tips to making it the best performance?
dave164
[right][snapback]585288310[/snapback][/right]
Basically i want to make it into a file / web / email server
I have downloaded Linux clarkconnect, as i was told this was best.
So any advice i need to make my server as secure as posible, and also good tips to making it the best performance?
dave164
[right][snapback]585288310[/snapback][/right]
You should learn how to use iptables, you should also post in the Linux Server forum as more linux users will notice it.
For a decent GUI frontend for iptables you should look at:
http://www.fs-security.com/
Moved to Linux forum
Ok.... what are iptables?
iptables is part of 'netfilter', which is just a way of saying that iptables handles all IP/ethernet traffic before it is received by the kernel for inbound traffic, and after the kernel and before the NIC device on send.
Perhaps I should just say that it is your inbound and outbound packet filter (it also does more advanced processwing, if you wish). It is 'stateful', meaning that it is aware of connections already open, and can treat these differently than new connections.
You can edit the rules in the chain (it's like a flowchart) manually with text commands, or you can get a GUI frontend to handle the rules. (much easier with a GUI)
I have a GUI 'wizard' for my installation, but I don't recall what it was that I used at home (I am at work now). There is also fwbuilder at http://www.fwbuilder.org/ They aren't the one I use, but they all do the same thing, really - make it easier to set up your firewall (iptables) rules.
Perhaps I should just say that it is your inbound and outbound packet filter (it also does more advanced processwing, if you wish). It is 'stateful', meaning that it is aware of connections already open, and can treat these differently than new connections.
You can edit the rules in the chain (it's like a flowchart) manually with text commands, or you can get a GUI frontend to handle the rules. (much easier with a GUI)
I have a GUI 'wizard' for my installation, but I don't recall what it was that I used at home (I am at work now). There is also fwbuilder at http://www.fwbuilder.org/ They aren't the one I use, but they all do the same thing, really - make it easier to set up your firewall (iptables) rules.
whats the domain name of ur server dude? lemme check the security 
...
nah .. i do penetration tests on server .. if ur server will be holding really imp imp files/data contact me . i will hardened it for a cost or ...
i give u some tips ( i found this on some free webhosters site)
1. Log into server as root.
2. Open /etc/httpd/conf/httpd.conf with an editor.
3. Change the line ServerSignature on to
ServerSignature Off
4. Find the line "HostnameLookups off"
After that line, add "ServerTokens Prod"
5. Save and exit.
6. Restart Apache with /etc/rc.d/init.d/httpd restart
Install System Integrity Monitor
System Integrity Monitor (SIM) monitors system services and provides a clean and information representation of system status. It is an essential tool for server admins to monitor servers. SIM has several modules that can be installed to help admin with common system processes. SIM will verify that system and services are online, check load averages, and maintain log files.
1. Login to server and su to root.
2. go to /usr/local 3. Get source file wget http://www.r-fx.org/downloads/sim-current.tar.gz
4. Untar file with tar -xzvf sim-current.tar.gz
5. cd sim-2.5-3 (or latest version of SIM)
6. Type ./setup -i
7. Enter and spacebar to continue.
8. Finally, get to auto-configuration script for SIM. Select options you want to install.
Security: Use SSH protocol 2
The old SSH Protocol 1 has several security leaks and faces many automated "root kits". Protocol 2 is an improvement to plug the holes. All servers with SSH 1 should use SSH 2.
1. Open /etc/ssh/sshd_config with an editor.
2. Find the line "#Protocol 2, 1".
3. Uncomment (remove #).
4. Save and exit.
5. Restart SSH with /etc/rc.d/init.d/sshd restart
: Disable direct root login
Root user is the most important account on a server. The root user has access to any file/program/application running on a server. By default, terminal services would allow the root user to login. This is a major threat to security as hackers can try to guess at the root password to gain access.
Disabling direct root login will create an extra user account before changing to root user. This will force a hacker to have try and guess 2 seperate passwords to become root user.
cPanel users/servers must add the user to 'wheel' group so that the user is allowed to su to root. Failure to do so would cause a lock out of the root account.
* A user with SSH access must already be created.
1. SSH into server as user and gain root access by 'su -'
2. Open /etc/ssh/sshd_config with an editor.
3. Find line PermitRootLogin yes
4. Uncomment it. Put no so thatPermitRootLogin no
5. Save the file and exit.
6. Restart SSH with "/etc/rc.d/init.d/sshd restart"
Security: Disabling Telnet
Telnet is a threat to server security. The protocol communicates on port 23 for both incoming and outgoing messages. Passwords and usernames are sent as clear text during logins, giving hackers the chance to tap the traffic between client and server and then gaining access. Telnet should always be disabled on web servers and replaced with a more secure platform like SSH.
To disable telnet on your server, follow these steps:
1. Login as root.
2. Open the file /etc/xinetd.d/telnet with your editor (pico/vi).
3. Find the line "disable = no" ,
replace with "disable = yes".
4. Restart the inetd service with command /etc/rc.d/init.d/xinetd restart
5. Do a quick scan to make sure port 23 telnet is closed.
nmap -sT -O localhost
warning :- DO this when u u.stand wht this means... do not blame me if ur dog eats ur cow or ur server crashes and burns.
... nah .. i do penetration tests on server .. if ur server will be holding really imp imp files/data contact me . i will hardened it for a cost or ...i give u some tips ( i found this on some free webhosters site)
1. Log into server as root.
2. Open /etc/httpd/conf/httpd.conf with an editor.
3. Change the line ServerSignature on to
ServerSignature Off
4. Find the line "HostnameLookups off"
After that line, add "ServerTokens Prod"
5. Save and exit.
6. Restart Apache with /etc/rc.d/init.d/httpd restart
Install System Integrity Monitor
System Integrity Monitor (SIM) monitors system services and provides a clean and information representation of system status. It is an essential tool for server admins to monitor servers. SIM has several modules that can be installed to help admin with common system processes. SIM will verify that system and services are online, check load averages, and maintain log files.
1. Login to server and su to root.
2. go to /usr/local 3. Get source file wget http://www.r-fx.org/downloads/sim-current.tar.gz
4. Untar file with tar -xzvf sim-current.tar.gz
5. cd sim-2.5-3 (or latest version of SIM)
6. Type ./setup -i
7. Enter and spacebar to continue.
8. Finally, get to auto-configuration script for SIM. Select options you want to install.
Security: Use SSH protocol 2
The old SSH Protocol 1 has several security leaks and faces many automated "root kits". Protocol 2 is an improvement to plug the holes. All servers with SSH 1 should use SSH 2.
1. Open /etc/ssh/sshd_config with an editor.
2. Find the line "#Protocol 2, 1".
3. Uncomment (remove #).
4. Save and exit.
5. Restart SSH with /etc/rc.d/init.d/sshd restart
: Disable direct root login
Root user is the most important account on a server. The root user has access to any file/program/application running on a server. By default, terminal services would allow the root user to login. This is a major threat to security as hackers can try to guess at the root password to gain access.
Disabling direct root login will create an extra user account before changing to root user. This will force a hacker to have try and guess 2 seperate passwords to become root user.
cPanel users/servers must add the user to 'wheel' group so that the user is allowed to su to root. Failure to do so would cause a lock out of the root account.
* A user with SSH access must already be created.
1. SSH into server as user and gain root access by 'su -'
2. Open /etc/ssh/sshd_config with an editor.
3. Find line PermitRootLogin yes
4. Uncomment it. Put no so thatPermitRootLogin no
5. Save the file and exit.
6. Restart SSH with "/etc/rc.d/init.d/sshd restart"
Security: Disabling Telnet
Telnet is a threat to server security. The protocol communicates on port 23 for both incoming and outgoing messages. Passwords and usernames are sent as clear text during logins, giving hackers the chance to tap the traffic between client and server and then gaining access. Telnet should always be disabled on web servers and replaced with a more secure platform like SSH.
To disable telnet on your server, follow these steps:
1. Login as root.
2. Open the file /etc/xinetd.d/telnet with your editor (pico/vi).
3. Find the line "disable = no" ,
replace with "disable = yes".
4. Restart the inetd service with command /etc/rc.d/init.d/xinetd restart
5. Do a quick scan to make sure port 23 telnet is closed.
nmap -sT -O localhost
warning :- DO this when u u.stand wht this means... do not blame me if ur dog eats ur cow or ur server crashes and burns.
kyro, that is some EXCELLENT and throrough advice! 
Might I ask you to make a post in the Server FAQ section with that info? I am sure it will help someone setting up a *nix server.
Might I ask you to make a post in the Server FAQ section with that info? I am sure it will help someone setting up a *nix server.
Great advice, should be posted in the Server HOWTOs.
However I should mention that hardening is someone a new craze among server admins and there are many "Hardeners" popping up as well as "Hardened Distro Versions" (usually that someone other then the official dev team made).
However I should mention that hardening is someone a new craze among server admins and there are many "Hardeners" popping up as well as "Hardened Distro Versions" (usually that someone other then the official dev team made).
Addition: for the SSH configuration, find ListenAddress and change it from any to the correct IP address
ipfilter .. that only works for Linux and not freebsd correct?
ipfilter .. that only works for Linux and not freebsd correct?
Right im getting more and more confused now
Help *eek's*, if someone could give me a step by step after installing clarkconnect Linux, in basic language, not complex language!!!
What programs do i need? I obviously need TightVNC to control my server, but what else?
dave164
Help *eek's*, if someone could give me a step by step after installing clarkconnect Linux, in basic language, not complex language!!!
What programs do i need? I obviously need TightVNC to control my server, but what else?
dave164
And you can do a FTP server on a home wireless network, or does it require a direct connection to the net?
You can do an FTP server as long as you have an FTP daemon, which most linux distros have. I'm not sure about clarkconnect, but I'd assume so. Also you do have a webcontrol interface and you don't need a VNC connection if you don't want one.
I'm not sure the installation of clarkconnect, but most linux installers do a pretty good job of walking you through it. Are you having trouble installing it?
I'm not sure the installation of clarkconnect, but most linux installers do a pretty good job of walking you through it. Are you having trouble installing it?
Nope, im just getting everything sorted before i get my HDD on Tuesday, motherboard on Wednesday, then i install it all 
Just getting all prepared.
Can anyone recommend me any other Linux distro... it was something beginnning with an M that i remember people talking about...
Just getting all prepared.
Can anyone recommend me any other Linux distro... it was something beginnning with an M that i remember people talking about...
QUOTE(dave164 @ Jan 14 2005, 17:21)
Nope, im just getting everything sorted before i get my HDD on Tuesday, motherboard on Wednesday, then i install it all
Just getting all prepared.
Can anyone recommend me any other Linux distro... it was something beginnning with an M that i remember people talking about...
[right][snapback]585295098[/snapback][/right]
Just getting all prepared.
Can anyone recommend me any other Linux distro... it was something beginnning with an M that i remember people talking about...
[right][snapback]585295098[/snapback][/right]
Probably Mandrake, but I wouldn't use it as a server. It can be used as one and probably do a good job, but it wouldn't exactly be the best server solution in my opinion.
-
Don't worry about the installation, it should be painless.
QUOTE(markjensen @ Jan 14 2005, 23:28)
kyro, that is some EXCELLENT and throrough advice!
Might I ask you to make a post in the Server FAQ section with that info? I am sure it will help someone setting up a *nix server.
[right][snapback]585293410[/snapback][/right]
Might I ask you to make a post in the Server FAQ section with that info? I am sure it will help someone setting up a *nix server.
[right][snapback]585293410[/snapback][/right]
Sir .. Yes Sir.....
*stomps the ground * marches to Completed server howto thread and makes a howto*
Sir... your command was carried out sucessfully ...
So what do people recommend as a Linux server?
QUOTE(dave164 @ Jan 15 2005, 04:17)
So what do people recommend as a Linux server?
[right][snapback]585297298[/snapback][/right]
[right][snapback]585297298[/snapback][/right]
If I'm not mistaken Clarkconnect will actually be your Linux Distro...your OS.
yes i know that, but i was asking what other distros (OS's) people recommend for servers
Oh sorry. Take a look here: http://www.neowin.net/forum/index.php?showtopic=269495
QUOTE(dave164 @ Jan 14 2005, 17:28)
I obviously need TightVNC to control my server, but what else?[right][snapback]585294805[/snapback][/right]
That would be a very Windows-like way of managing your server.dotRoot mentioned using a web interface (like webmin) to setup your server, which is an easy option for the GUI-centered. Logging in via ssh and changing things through a command line is another option, as well.
The link he points should probably be pinned and made into a sort of 'definitive' *nix server thread...
To setup a successful file sharing server/production server ;
Get a linux OS installed on it; such as Fedora core.
Don't install a GUI, it just leads to security problems and its also a waste of resources.
You need to install the basics. NO GUI'S!
Ok, Then you need to secure it via ssh...
There are a lot of guides on the net for this
You will need to install a control panel, APF firewall, BFD - Brute force protection, antivirus, IDS - snort and acid
There are a heap of things....
But don't install a GUI, do everything over SSH. Its easier, and i don't think VNC works on linux
Get a linux OS installed on it; such as Fedora core.
Don't install a GUI, it just leads to security problems and its also a waste of resources.
You need to install the basics. NO GUI'S!
Ok, Then you need to secure it via ssh...
There are a lot of guides on the net for this
You will need to install a control panel, APF firewall, BFD - Brute force protection, antivirus, IDS - snort and acid
There are a heap of things....
But don't install a GUI, do everything over SSH. Its easier, and i don't think VNC works on linux
Lol i just keep getting more and more confused now
Does someone have a guide cos people keep saying stuf, and it seems more and more is coming all the time, doing things through commands has never been my kinda style, id rather "see" it happening.
I'd guess i should wait untill i install Linux, cos im getting really really really confused now *rubs head*.
My stages now:
1) Downloading FC2, heard it was more stable then FC3
2) Mobo + HDD coming on Tuesday
What im stuck with:
1) What programs are used to do what i want (ftp / mail / web sites)
2) What everyone is saying about SSH and not installing a GUI, etc..
Does someone have a guide cos people keep saying stuf, and it seems more and more is coming all the time, doing things through commands has never been my kinda style, id rather "see" it happening.
I'd guess i should wait untill i install Linux, cos im getting really really really confused now *rubs head*.
My stages now:
1) Downloading FC2, heard it was more stable then FC3
2) Mobo + HDD coming on Tuesday
What im stuck with:
1) What programs are used to do what i want (ftp / mail / web sites)
2) What everyone is saying about SSH and not installing a GUI, etc..
Well, there is this HOWTO in our FAQ/HOWTO section:
http://www.neowin.net/forum/index.php?showtopic=258829
FC3 may have been a better choice than FC2, because you will have some updating to do. Other than that, it really doesn't matter.
You can use Apache (httpd) as your web server, ftpd for ftp, and probably qmail (default is sendmail in Fedora) for mail serving.
You don't need to install a GUI of any sort. Using webmin will allow you to set up your server via a GUI on another PC (point your browser to your server and go). You can ssh into your server and do everythign through the command line, once you get comfortable with that, but the main issue is there is no need to install X or any GUI environments.
(and, of course, if you as 20 Linux experts, you will get 50 opinions, as there are always alternatives)
http://www.neowin.net/forum/index.php?showtopic=258829
FC3 may have been a better choice than FC2, because you will have some updating to do. Other than that, it really doesn't matter.
You can use Apache (httpd) as your web server, ftpd for ftp, and probably qmail (default is sendmail in Fedora) for mail serving.
You don't need to install a GUI of any sort. Using webmin will allow you to set up your server via a GUI on another PC (point your browser to your server and go). You can ssh into your server and do everythign through the command line, once you get comfortable with that, but the main issue is there is no need to install X or any GUI environments.
(and, of course, if you as 20 Linux experts, you will get 50 opinions, as there are always alternatives)
Yeh i keep getting really confused 
But thanks for summing it up mark
Can i just login to my server via the ip its on? How do i? *sounds really really n00b*
Installation is sounding really complicated now im reading more stuf, etc..
Im all ok about the apps now though!!
Im so damn confused, can someone talk to me on MSN please?
But thanks for summing it up mark
Can i just login to my server via the ip its on? How do i? *sounds really really n00b*
Installation is sounding really complicated now im reading more stuf, etc..
Im all ok about the apps now though!!
Im so damn confused, can someone talk to me on MSN please?
QUOTE(dave164 @ Jan 15 2005, 19:15)
Can i just login to my server via the ip its on? How do i? *sounds really really n00b*[right][snapback]585300567[/snapback][/right]
Hang in there! It sounds more complex than it is. 
And, yes, when you have a server set up, you can log into it by IP or by name on the network.
- ssh can be used to log into it, just like you were at the keyboard right on it. Just ssh -l username hostname (or use IP), and it will prompt you for the password for the username you provided. Bingo! You are logged in.
- Or webmin can be used by any browser on your network. Point your browser to http://pcname_or_ip:10000, and login. (I haven't used webmin ever, but that is what the docs I could find say to do)
Hope that helps (and not confuses!)
Ok, step one, i now know how to achually log into it
Is there anything i should know in the Linux installation?
Is there anything i should know in the Linux installation?
QUOTE(dave164 @ Jan 15 2005, 19:29)
Is there anything i should know in the Linux installation?[right][snapback]585300626[/snapback][/right]
You (almost) can't do anything too wrong. If you forget to add a package, it can be added after install. If you have things you don't want/need, they can be removed.
Fedora may be an OK choice for a server, but it isn't really made for a server, its made for a desktop. I do use FC2 on my personal testbed server, just because I wanted to try it out. Don't worry about the GUI thing. I'm not a GUI guy myself, but you may be. Go ahead and when it installs if you want a GUI select: X Windows Server, KDE, Gnome...to see which one you like.
Also be sure when looking through the apps installs to select SAMBA. It will allow you to fileshare with windows computers on the same network. And don't worry, all the install apps are just checkboxes beside their names with descriptions of what they are in FC2.
As for VNC not working on linux? WHAT? Sure it does, AT&T when they made VNC, I believe they first have the UNIX version. Anyway VNC does work on linux.
Also to SSH to your server from a windows machine get: PuTTy. Its an SSH client.
As for webmin, its a great tool for someone starting out and even for the expert. Webmin also runs its own webserver so that if Apache or whatever webserver you use goes down you can still access webmin, making it all the better for troubleshooting. It has plugins that are great and let's you point and click your way through the more 'advanced' tasks in linux.
It even has a plugin for VNC. And it also supports installing RPM packages, YUM, apt-get, etc. I'd recommend getting it!
If you like FC2 then I'd look into: WhiteBox. Fedora is RedHat's distro for the home consumer and RedHat Enterprise Linux is for the server market. Well RHEL does cost from $1,300 - $6,300. However WhiteBox is RHEL, just without RedHat's trademarks. Whitebox was actually compiled from the RHEL source code.
I hope this all helps you. Most people download like 5 or more distros, then install them and see which they like the best.
Also be sure when looking through the apps installs to select SAMBA. It will allow you to fileshare with windows computers on the same network. And don't worry, all the install apps are just checkboxes beside their names with descriptions of what they are in FC2.
As for VNC not working on linux? WHAT? Sure it does, AT&T when they made VNC, I believe they first have the UNIX version. Anyway VNC does work on linux.
Also to SSH to your server from a windows machine get: PuTTy. Its an SSH client.
As for webmin, its a great tool for someone starting out and even for the expert. Webmin also runs its own webserver so that if Apache or whatever webserver you use goes down you can still access webmin, making it all the better for troubleshooting. It has plugins that are great and let's you point and click your way through the more 'advanced' tasks in linux.
It even has a plugin for VNC. And it also supports installing RPM packages, YUM, apt-get, etc. I'd recommend getting it!
If you like FC2 then I'd look into: WhiteBox. Fedora is RedHat's distro for the home consumer and RedHat Enterprise Linux is for the server market. Well RHEL does cost from $1,300 - $6,300. However WhiteBox is RHEL, just without RedHat's trademarks. Whitebox was actually compiled from the RHEL source code.
I hope this all helps you. Most people download like 5 or more distros, then install them and see which they like the best.
Thanks alot dotRoot that really helped, i would prefer using a GUI so i can see what is going on, maybe in a month or so ill just advance to commands via SSH.
On Webmin can you install things, uninstall things, configure, do everything you need to do to set up all the required apps i need?
dave164
On Webmin can you install things, uninstall things, configure, do everything you need to do to set up all the required apps i need?
dave164
QUOTE(dave164 @ Jan 16 2005, 04:47)
Thanks alot dotRoot that really helped, i would prefer using a GUI so i can see what is going on, maybe in a month or so ill just advance to commands via SSH.
On Webmin can you install things, uninstall things, configure, do everything you need to do to set up all the required apps i need?
dave164
[right][snapback]585302393[/snapback][/right]
On Webmin can you install things, uninstall things, configure, do everything you need to do to set up all the required apps i need?
dave164
[right][snapback]585302393[/snapback][/right]
Yes you can. You can even put in the URL of where the RPM file is and it will download it to a temp folder, install it and then keep the info in the RPM database for future updating and uninstallation. It also will clean the temp folder out every once and awhile unless you tell it to do it yourself.
When you do use Webmin, the first thing I'd suggest is use its YUM interface (same place) and type: apt-get and then click install. That's another thing, with YUM and apt-get you don't have to know where a app is to install it, you just type the name and it searches its internet repositories and downloads, installs and all that for you. What's great about YUM and apt-get is also that it will find the file's dependancies for you and install those too...kind of like having windows and downloading a file only to have it error and complain, because you need a runtime file or library.
Anyway both apt-get and YUM are also accessable via the command line and VERY easy to use as well as both should have a GUI on the desktop if you so desire to download the GUI interface...although webmin is just another GUI to them umong other things.
Don't worry about SSH. Yes you'll need to learn the commands, but its not hard. What makes linux hard with and/or without a GUI is that mostly people come from windows, so they are used to stuff being the same. But just a child coming and using linux for the first time is just like them using windows for the first time and both are just as easy. I'm not saying you'll make your whole computing experience switch to linux (lots of people do), but you will find a much more rewarding experience if you stay with it.
Besides, we're all here to help on Neowin's Nix support forums, but we only count for probably less than 1% of the huge communities out there willing to help people with linux, BSD, or whatever.
Right ok, i guess ill have to have a play when i install it
dave164
dave164
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.