| View previous topic :: View next topic |
| Author |
Message |
Tii
l33t
Joined: 02 Jan 2004
Posts: 733
|
 Posted: Fri Apr 30, 2004 4:00 pm Post subject: Homeserver security |
 |
|
I would like to put up server on my desktop machine but I'm a bit worried about security. How difficult is it to make the box pretty secure (or at least minimize the damage if something happens)? What kind of steps would that require (I can look up the details myself but I'd like a general idea)? I'm thinking about apache (with php and maybe mysql), ssh and maybe some email stuff. If I set up a server on my box but block all the ports (with shorewall) will that be safe (I would like to have some time to set everything up)?
edit: And what are the most important logs I need to keep an eye on? |
|
| Back to top |
|
 |
befortin
Apprentice
Joined: 10 Feb 2004
Posts: 193
|
|
| Back to top |
|
|
dvc5
Guru
Joined: 06 Dec 2003
Posts: 433
Location: Sunnyvale, California
|
| Posted: Fri Apr 30, 2004 4:18 pm Post subject: |
|
|
This guide shows you how to accomplish all of your goals and much more. I highly suggest you carefully read through it if you want to properly lock down your linux box.
_________________
#define NULL rand() /*heh heh heh */
Green Is Good |
|
| Back to top |
|
|
Tii
l33t
Joined: 02 Jan 2004
Posts: 733
|
| Posted: Fri Apr 30, 2004 4:23 pm Post subject: |
|
|
| Thanks for the links! They seem very good. I'll have to take a closer look at them soon. I have a spare 10 gig harddrive that I occasionally use for testing purposes. Maybe I could somehow use it for backups. What are the most important things to backup so that I can make my gentoo box back to the way it was without loosing anything (/home for sure and I think /etc, what else)? |
|
| Back to top |
|
|
dvc5
Guru
Joined: 06 Dec 2003
Posts: 433
Location: Sunnyvale, California
|
| Posted: Fri Apr 30, 2004 4:25 pm Post subject: |
|
|
Probably /root and /boot as well to save your working kernel images.
_________________
#define NULL rand() /*heh heh heh */
Green Is Good |
|
| Back to top |
|
|
befortin
Apprentice
Joined: 10 Feb 2004
Posts: 193
|
| Posted: Fri Apr 30, 2004 4:41 pm Post subject: |
|
|
And please, never do that backup on your 10 GB by connecting it to the same box, or anyone with logging as root will be able to delete your backup, and if there's a problem with your power supply, it's likely that both disks will crash (it happens more often than you think!!). Make sure that the disk that contains your backup is in a very secure place/computer.
Maybe that you should backup the "world" file as well, as it contains all the software that you have emerged. I think that this file is located in /var/edb/cache/world. You could also backup you /var/http/* if you're running Apache. |
|
| Back to top |
|
|
Tii
l33t
Joined: 02 Jan 2004
Posts: 733
|
| Posted: Fri Apr 30, 2004 5:41 pm Post subject: |
|
|
| befortin wrote: | | And please, never do that backup on your 10 GB by connecting it to the same box, or anyone with logging as root will be able to delete your backup, and if there's a problem with your power supply, it's likely that both disks will crash (it happens more often than you think!!). Make sure that the disk that contains your backup is in a very secure place/computer. |
The problem is that I have just one computer and there's really nowhere else to put it. I generally don't keep it plugged to the computer though unless I need it for something but it's still a problem. I could backup on cds if my cdrw drive wasn't broken atm. Maybe it's about time I fix it. Then I could transfer the copies to my 10 gig when I'm forced to reboot (I never keep my 80 gig and 10 gig drive plugged in at the same time so that if one gets messed up I can use the other until I'm able to fix it, the ten gig usually has only a basic gentoo installation with minimal software). |
|
| Back to top |
|
|
befortin
Apprentice
Joined: 10 Feb 2004
Posts: 193
|
| Posted: Fri Apr 30, 2004 5:51 pm Post subject: |
|
|
| Otherwise, if you have some money, you could buy a cheap DVD burner... |
|
| Back to top |
|
|
|
Networking & Security
