LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-26-2009, 10:59 PM   #1
stephen_wq
LQ Newbie
 
Registered: Sep 2006
Posts: 12

Rep: Reputation: 0
Securing a VPS


Hey there,
A mate has a basic VPS running debian, and as far as i can tell hes running HTTPD as root.
In fact, he says he does most things as root, which is a habit that needs to be broken for obvious reasons.
Heres the output from webmin of the running services. Im average at linux, used to gui and only know fedora command line, so lost when it comes to debian.
Code:
26604 	root 	0.6 % 	/usr/share/webmin/proc/index_cpu.cgi
28032 	mysql 	0.1 % 	/usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file ...
1 	root 	0.0 % 	init [2]
13695 	postfix 	0.0 % 	tlsmgr -l -t unix -u -c
19709 	proftpd 	0.0 % 	proftpd: (accepting connections)
20113 	daemon 	0.0 % 	/usr/local/apache2/bin/httpd
20135 	daemon 	0.0 % 	/usr/local/apache2/bin/httpd
24269 	root 	0.0 % 	sshd: root@pts/0
24286 	root 	0.0 % 	-bash
26605 	root 	0.0 % 	/usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
26606 	root 	0.0 % 	/usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
27873 	root 	0.0 % 	/sbin/syslogd
27933 	root 	0.0 % 	/bin/sh /usr/bin/mysqld_safe
28033 	root 	0.0 % 	logger -p daemon.err -t mysqld_safe -i -t mysqld
29947 	root 	0.0 % 	/usr/local/apache2/bin/httpd
30286 	root 	0.0 % 	/usr/lib/postfix/master
30308 	postfix 	0.0 % 	qmgr -l -t fifo -u
30311 	root 	0.0 % 	/usr/sbin/sshd
30343 	root 	0.0 % 	/usr/sbin/cron
32343 	root 	0.0 % 	/usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
Now HTTPD is running out of /home/user/ which is actually owned by root. So somehow, i want to change the owner (chown?) of /home/user/ to user, and then run HTTPD under that username, or whatever is the best method. Unfortunately i have no idea how.

What else shouldn't be running as root? What other basic security like denyhosts would be suggested?
Thanks in advance.
 
Old 03-26-2009, 11:22 PM   #2
gnukish
Member
 
Registered: Apr 2005
Location: Neverland
Distribution: Slackware / Ubuntu
Posts: 171

Rep: Reputation: 30
Quote:
h!!p://www.usefuljaja.com/2007/6/debian-vps-setup-page-1
follow all parts of the tutorial, and i am sure you'll be on your way to securing your VPS. report back on how you do

cheers!
 
Old 03-27-2009, 03:03 AM   #3
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 561

Rep: Reputation: 58
You HTTPD is not running as root, Webmin is running as root and its normal, in rest seems everything ok, maybe create a user "apache" or "httpd" and change in the configuration of apache from daemon to "apache" or "httpd"

Good luck!
 
Old 03-27-2009, 03:13 AM   #4
stephen_wq
LQ Newbie
 
Registered: Sep 2006
Posts: 12

Original Poster
Rep: Reputation: 0
@gnukish: Thanks. Following it through.
Though when i try running iptables-restore with his sample file (http://www.usefuljaja.com/assets/200...test.rules.txt), it says it failed on COMMIT (line 56)

I also need to add mysql & ftp to it, i assume i copy a line and add 3306?

@robertjinx: Thanks for clarification, i wasn't sure and he said he'd simply setup and used everything in root, and when i saw "29947 root /usr/local/apache2/bin/httpd", i assumed one of the virtual servers or something was running as root.

Last edited by stephen_wq; 03-27-2009 at 03:15 AM.
 
Old 03-27-2009, 03:43 AM   #5
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 561

Rep: Reputation: 58
Btw what VPS are u using, Xen or OpenVZ/Virtuozzo?

If OpenVZ/Virtuozzo then you are limited to what you can do, cant have a full iptables and so on. Be sure of what you using and setup the VPS according to that.
 
Old 03-28-2009, 09:55 PM   #6
stephen_wq
LQ Newbie
 
Registered: Sep 2006
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by robertjinx View Post
Btw what VPS are u using, Xen or OpenVZ/Virtuozzo?

If OpenVZ/Virtuozzo then you are limited to what you can do, cant have a full iptables and so on. Be sure of what you using and setup the VPS according to that.
Not sure what either of those are, how can i find out?
 
Old 03-29-2009, 07:35 AM   #7
sleddog
Member
 
Registered: Jan 2002
Location: Labrador, Canada
Distribution: CentOS, Debian
Posts: 182

Rep: Reputation: 35
[root@vps:~] cat /proc/user_beancounters

If you see information then it's OpenVZ/Virtuozzo. If you get a "No such file or directory" error then it isn't.

[root@vps:~] ls /proc/xen

If you get a file list then it's Xen. If you get a "No such file or directory" error then it isn't.
 
Old 03-29-2009, 10:16 AM   #8
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 561

Rep: Reputation: 58
Try simple "uname -a" and will tell you want you need to know, in case of CentOS on Xen it will look something like 2.6.18-53.1.13.el5xen and in case of OpenVZ, I think vz or something.

Just put the output of uname -a in the post and i will tell u.
 
Old 03-30-2009, 02:29 AM   #9
stephen_wq
LQ Newbie
 
Registered: Sep 2006
Posts: 12

Original Poster
Rep: Reputation: 0
Beancounters showed a bunch of info.

uname showed: "2.6.18-92.1.13.el5.028stab059.6 #1 SMP Fri Nov 14 16:01:01 MSK 2008 i686 GNU/Linux"
 
Old 03-30-2009, 02:49 AM   #10
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 561

Rep: Reputation: 58
Its OpenVZ/Virtuozzo which means you are limited to some stuff, like some iptables parts, system configuration, kernel tunning, etc.

I think simple or normal linux security should be enough for the system, maybe just use iptable to allow a couple of ports, like ssh/http/https/mail and rest just block it.

Make sure that you do not allow root login over ssh and use locally sudo or su to login to root.

Good luck!
 
Old 03-30-2009, 07:31 AM   #11
sleddog
Member
 
Registered: Jan 2002
Location: Labrador, Canada
Distribution: CentOS, Debian
Posts: 182

Rep: Reputation: 35
Quote:
Originally Posted by robertjinx View Post
Try simple "uname -a" and will tell you want you need to know, in case of CentOS on Xen it will look something like 2.6.18-53.1.13.el5xen and in case of OpenVZ, I think vz or something.

Just put the output of uname -a in the post and i will tell u.
2.6.18-53.1.13.el5xen certainly indicates a Xen VPS, but not all Xen VPSs have 'xen' in the kernel name

Moot point I guess, as stephen_wq looks to have an OpenVZ VPS.

Cheers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The best VPS DJOtaku General 1 01-10-2009 03:15 PM
VPS on i386 pixnet Linux - Newbie 0 11-19-2007 07:41 PM
VPS securing tasks for admin ? tuka Linux - Security 1 12-11-2006 05:35 PM
How to create a VPS? andy7t Linux - Software 1 05-13-2006 05:45 PM
Where can I download UML VPS or Xen VPS to make a virtual private server? abefroman Linux - Software 3 12-09-2005 10:00 AM


All times are GMT -5. The time now is 10:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration