LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Arch
User Name
Password
Arch This Forum is for the discussion of Arch Linux.

Notices


Reply
  Search this Thread
Old 01-01-2009, 01:52 AM   #1
BeaverusIV
Member
 
Registered: Oct 2004
Location: New Zealand
Distribution: Arch Linux 2010.05
Posts: 136

Rep: Reputation: 18
Help with Arch as secure games/bittorrent/ssh server


Hey all, I have decided to change my server from XP to Arch Linux seeing as I'm trying to learn how to manage before I upgrade to a nice proper server. Atm I use uTorrent and Steam to download torrents and host Left 4 Dead, Team Fortress 2 and Half Life Deathmatch games. I would also like to host Battlefield: Vietnam and Battlefield 2 games also.

I have installed Arch w/ openssh and samba. I can get openssh to work with default settings from my kubuntu box, I have yet to try putty but I'm sure it'll connect no problem either. I am about to try and install hlds to run the Steam games. I also know I want to try out something for torrents.

The main question I would like answered is how to protect my system. I don't really have a need right now except maybe being able to temporarily block Internet traffic to keep the servers only available to the LAN but I want to learn and I know the security stuff will be important once I start letting unknown people into the network in the near future.

I'm guessing Arch doesn't come with a firewall pre-installed so I will need suggestions. Also I want to add RSA-SSH2 keys to the openssh to make it more secure or better yet just be able to list the allowed ip addresses that can access certain features.

I want to be able to control everything over ssh so I can theoretically control it from my phone anywhere. Its nice to be able to login and make sure everything works ^^,

Thanks for reading and hopefully someone can help me on my quest for a good nights rest

As a side question: This server isn't actually my one, its a friend's flat's server that I manage. They would like to be able to login as well so they can admin the game servers, is it unwise to just have one user account? Should I make an account for each person? I think there should be only one account logged in at a time so as not to cause confusion with people changing settings on the games at the same time.

Last edited by BeaverusIV; 01-01-2009 at 05:49 AM.
 
Old 01-01-2009, 05:01 PM   #2
darthaxul
Member
 
Registered: Aug 2008
Distribution: Devuan; Gentoo; FreeBSD
Posts: 236

Rep: Reputation: 19
maybe u should separate ur servers from ur internal network. it might be simpler to setup/review ur security options after that.
 
Old 01-01-2009, 05:13 PM   #3
Zerathidune
LQ Newbie
 
Registered: Feb 2006
Posts: 5

Rep: Reputation: 0
Quote:
Originally Posted by BeaverusIV View Post
Hey all, I have decided to change my server from XP to Arch Linux seeing as I'm trying to learn how to manage before I upgrade to a nice proper server. Atm I use uTorrent and Steam to download torrents and host Left 4 Dead, Team Fortress 2 and Half Life Deathmatch games. I would also like to host Battlefield: Vietnam and Battlefield 2 games also.

I have installed Arch w/ openssh and samba. I can get openssh to work with default settings from my kubuntu box, I have yet to try putty but I'm sure it'll connect no problem either. I am about to try and install hlds to run the Steam games. I also know I want to try out something for torrents.

The main question I would like answered is how to protect my system. I don't really have a need right now except maybe being able to temporarily block Internet traffic to keep the servers only available to the LAN but I want to learn and I know the security stuff will be important once I start letting unknown people into the network in the near future.

I'm guessing Arch doesn't come with a firewall pre-installed so I will need suggestions. Also I want to add RSA-SSH2 keys to the openssh to make it more secure or better yet just be able to list the allowed ip addresses that can access certain features.

I want to be able to control everything over ssh so I can theoretically control it from my phone anywhere. Its nice to be able to login and make sure everything works ^^,

Thanks for reading and hopefully someone can help me on my quest for a good nights rest
iptables is probably what you want from a firewall perspective, it allows you to block/allow based on ip address, and much more (most other firewalls are frontends to this anyway.) The man page for ssh-keygen will tell you how to generate rsa keys, after that you just need to disable password authentication in /etc/ssh/sshd_config. Also, I would advise having sshd listen on a port besides 22; this doesn't really qualify as "real" protection, but will at the very least reduce the number of failed attempts in the authentication logs for you to sift through. also, it is a good idea to set your iptables up not to respond to pings, this way attackers will have to know you're there.


Quote:
As a side question: This server isn't actually my one, its a friend's flat's server that I manage. They would like to be able to login as well so they can admin the game servers, is it unwise to just have one user account? Should I make an account for each person? I think there should be only one account logged in at a time so as not to cause confusion with people changing settings on the games at the same time.
You should know that having only one account won't solve this problem; the same account can be logged in from multiple locations. I'm not sure how you would deal with this issue, and without knowing how the server configuration works I can't make very good guesses.
 
Old 01-01-2009, 05:43 PM   #4
BeaverusIV
Member
 
Registered: Oct 2004
Location: New Zealand
Distribution: Arch Linux 2010.05
Posts: 136

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by Zerathidune View Post
iptables is probably what you want from a firewall perspective, it allows you to block/allow based on ip address, and much more (most other firewalls are frontends to this anyway.) The man page for ssh-keygen will tell you how to generate rsa keys, after that you just need to disable password authentication in /etc/ssh/sshd_config. Also, I would advise having sshd listen on a port besides 22; this doesn't really qualify as "real" protection, but will at the very least reduce the number of failed attempts in the authentication logs for you to sift through. also, it is a good idea to set your iptables up not to respond to pings, this way attackers will have to know you're there.
Will do. I realise now I have the hosts.allow/hosts.deny files, but I don't know how to get it working for ventrilo etc so atm hosts.deny had ALL:ALL: DENY commented to get them working.

Quote:
Originally Posted by Zerathidune View Post
You should know that having only one account won't solve this problem; the same account can be logged in from multiple locations. I'm not sure how you would deal with this issue, and without knowing how the server configuration works I can't make very good guesses.
I know, I think there is a line in the sshd_config that lets you set the amount of sessions that can be open at one time. I was just wondering if it bad practise to only have the one account... I don't think I'll need to log their actions, so I saw no need to differentiate between people.

I would also like to know how to get ventrilo (/etc/ventrilo/ventrilo_srv -d) to run at startup? I'd also like hlds game server to run as well, but I'm sure it'll be the same as the ventrilo command.

Last edited by BeaverusIV; 01-01-2009 at 05:45 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
free winxp openssh (beside f-secure ssh server & cygwin) to connect winxp from linux imnoob Linux - General 3 12-06-2007 12:26 PM
LXer: University of Michigan Selects SSH Tectia for Secure System Administration and Secure File Transfers LXer Syndicated Linux News 0 04-25-2006 12:54 AM
Which more secure, VPN or SSH server? Akonbobot Linux - Security 15 03-14-2006 09:04 PM
backwards engineering, hacking games, and best linux that fits me (arch/gentoo/slack) sl4cker Arch 2 03-14-2006 01:49 PM
Arch linux have sound but not in games :S jkh Linux - Games 1 07-14-2005 07:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Arch

All times are GMT -5. The time now is 09:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration