LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Securing a VPS (http://www.linuxquestions.org/questions/linux-server-73/securing-a-vps-714743/)

stephen_wq 03-26-2009 10:59 PM

Securing a VPS
 
Hey there,
A mate has a basic VPS running debian, and as far as i can tell hes running HTTPD as root.
In fact, he says he does most things as root, which is a habit that needs to be broken for obvious reasons.
Heres the output from webmin of the running services. Im average at linux, used to gui and only know fedora command line, so lost when it comes to debian.
Code:

26604        root        0.6 %        /usr/share/webmin/proc/index_cpu.cgi
28032        mysql        0.1 %        /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file ...
1        root        0.0 %        init [2]
13695        postfix        0.0 %        tlsmgr -l -t unix -u -c
19709        proftpd        0.0 %        proftpd: (accepting connections)
20113        daemon        0.0 %        /usr/local/apache2/bin/httpd
20135        daemon        0.0 %        /usr/local/apache2/bin/httpd
24269        root        0.0 %        sshd: root@pts/0
24286        root        0.0 %        -bash
26605        root        0.0 %        /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
26606        root        0.0 %        /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
27873        root        0.0 %        /sbin/syslogd
27933        root        0.0 %        /bin/sh /usr/bin/mysqld_safe
28033        root        0.0 %        logger -p daemon.err -t mysqld_safe -i -t mysqld
29947        root        0.0 %        /usr/local/apache2/bin/httpd
30286        root        0.0 %        /usr/lib/postfix/master
30308        postfix        0.0 %        qmgr -l -t fifo -u
30311        root        0.0 %        /usr/sbin/sshd
30343        root        0.0 %        /usr/sbin/cron
32343        root        0.0 %        /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf

Now HTTPD is running out of /home/user/ which is actually owned by root. So somehow, i want to change the owner (chown?) of /home/user/ to user, and then run HTTPD under that username, or whatever is the best method. Unfortunately i have no idea how.

What else shouldn't be running as root? What other basic security like denyhosts would be suggested?
Thanks in advance.

gnukish 03-26-2009 11:22 PM

Quote:

h!!p://www.usefuljaja.com/2007/6/debian-vps-setup-page-1
follow all parts of the tutorial, and i am sure you'll be on your way to securing your VPS. report back on how you do ;)

cheers!

robertjinx 03-27-2009 03:03 AM

You HTTPD is not running as root, Webmin is running as root and its normal, in rest seems everything ok, maybe create a user "apache" or "httpd" and change in the configuration of apache from daemon to "apache" or "httpd"

Good luck!

stephen_wq 03-27-2009 03:13 AM

@gnukish: Thanks. Following it through.
Though when i try running iptables-restore with his sample file (http://www.usefuljaja.com/assets/200...test.rules.txt), it says it failed on COMMIT (line 56)

I also need to add mysql & ftp to it, i assume i copy a line and add 3306?

@robertjinx: Thanks for clarification, i wasn't sure and he said he'd simply setup and used everything in root, and when i saw "29947 root /usr/local/apache2/bin/httpd", i assumed one of the virtual servers or something was running as root.

robertjinx 03-27-2009 03:43 AM

Btw what VPS are u using, Xen or OpenVZ/Virtuozzo?

If OpenVZ/Virtuozzo then you are limited to what you can do, cant have a full iptables and so on. Be sure of what you using and setup the VPS according to that.

stephen_wq 03-28-2009 09:55 PM

Quote:

Originally Posted by robertjinx (Post 3489286)
Btw what VPS are u using, Xen or OpenVZ/Virtuozzo?

If OpenVZ/Virtuozzo then you are limited to what you can do, cant have a full iptables and so on. Be sure of what you using and setup the VPS according to that.

Not sure what either of those are, how can i find out?

sleddog 03-29-2009 07:35 AM

[root@vps:~] cat /proc/user_beancounters

If you see information then it's OpenVZ/Virtuozzo. If you get a "No such file or directory" error then it isn't.

[root@vps:~] ls /proc/xen

If you get a file list then it's Xen. If you get a "No such file or directory" error then it isn't.

robertjinx 03-29-2009 10:16 AM

Try simple "uname -a" and will tell you want you need to know, in case of CentOS on Xen it will look something like 2.6.18-53.1.13.el5xen and in case of OpenVZ, I think vz or something.

Just put the output of uname -a in the post and i will tell u.

stephen_wq 03-30-2009 02:29 AM

Beancounters showed a bunch of info.

uname showed: "2.6.18-92.1.13.el5.028stab059.6 #1 SMP Fri Nov 14 16:01:01 MSK 2008 i686 GNU/Linux"

robertjinx 03-30-2009 02:49 AM

Its OpenVZ/Virtuozzo which means you are limited to some stuff, like some iptables parts, system configuration, kernel tunning, etc.

I think simple or normal linux security should be enough for the system, maybe just use iptable to allow a couple of ports, like ssh/http/https/mail and rest just block it.

Make sure that you do not allow root login over ssh and use locally sudo or su to login to root.

Good luck!

sleddog 03-30-2009 07:31 AM

Quote:

Originally Posted by robertjinx (Post 3491585)
Try simple "uname -a" and will tell you want you need to know, in case of CentOS on Xen it will look something like 2.6.18-53.1.13.el5xen and in case of OpenVZ, I think vz or something.

Just put the output of uname -a in the post and i will tell u.

2.6.18-53.1.13.el5xen certainly indicates a Xen VPS, but not all Xen VPSs have 'xen' in the kernel name :)

Moot point I guess, as stephen_wq looks to have an OpenVZ VPS.

Cheers.


All times are GMT -5. The time now is 11:52 PM.