What happened to OC? - CLOSED Carnage?!
Aer

Suggestions for web sv?

Gretings OC comunity, recently I have been messing around with Linux and web servers (no idea about what im doing tbh) I have installed lamp in an old pc and registering a free domain in NO-IP and that seems to work pretty well, but now I'm concerned should I install something else for security?
also at the moment Im trying to use the "Halo-Status-master" but apparently im not able to query any info from servers can anyone help me with that one?

if you have any suggestion about this please let me know maybe ill end learning osmething new

Halo-Status-master.zip

Share this post


Link to post
Share on other sites

Tiddy-bits:

On 12/23/2016 at 1:22 PM, Aer said:

Gretings OC comunity, recently I have been messing around with Linux and web servers (no idea about what im doing tbh) I have installed lamp in an old pc and registering a free domain in NO-IP and that seems to work pretty well, but now I'm concerned should I install something else for security?
also at the moment Im trying to use the "Halo-Status-master" but apparently im not able to query any info from servers can anyone help me with that one?

if you have any suggestion about this please let me know maybe ill end learning osmething new

Halo-Status-master.zip

Check your iptables and see if firewall is blocking messages from the master servers and also set SELinux to permissive mode (unless you want to get really nitty-gritty in configuring SELinux, but it can be tedious sometimes). If you have all of the ports unblocked on your server, it may be the host network that is blocking that port traffic, so that would be something to take up with your VPS provider.

 

As far as security is concerned, make sure you edit your SSH configuration to not allow root logins. Always drop down to root from your standard user. This prevents bruteforce attacks against root and compromise of your system. If you really want to get secure, you can check out some of the standardized DoD Secure Technical Implementation Guides  (or this) on how to harden your system and some of the settings they use. The ones you want to refer to (and they'll be different depending on the distro) are the RHEL 5/6/7 guides. RHEL 7 STIGs would be more in line with systems that run systemd. The ones you should particularly be paying attention to is the pam_tally configurations and setting max login attempt counts. For our systems, we use a permanent lockout, but you can configure it to lock out for a certain period (like 30 minutes or something). 

 

I can't tell you how much I get port scanned on my VPS from Chinese and South American IPs. 

Edited by Solaris
WaeV, Kavawuvi and Aer like this

System Administrator (Well Rounded) | AWS | Azure | Microsoft 365

Share this post


Link to post
Share on other sites

The problem with the halo status master tool must be something different because the pc is in a DMZ without firewalls (since the server is in an old pc in my home Im sure about it)
about the other recomendations I dont even know a lot of those things (RHEL, SELinux, iptables and a lot more of those)  but thats what I was looking for keywords now im going to search those in google lets see what I can get

Thanks a lot for your response and sorry for the late response!

Share this post


Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.