LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-19-2006, 10:44 AM   #1
linuxhippy
Senior Member
 
Registered: Sep 2004
Location: Philadelphia, PA
Distribution: Xubuntu, Mythbuntu, Lubuntu, Picuntu, Mint 18.1, Debian Jessie
Posts: 1,207

Rep: Reputation: 47
mp3 home server


I've been running a mp3 server out of my basement for a couple months now using an old Pentium pc, Slackware 10.2, and gnump3d ver. 2.98. I'm using a precompiled 2.6.13 kernel and iptables 1.3.5...I've set up a couple simple filter rules that open up traffic on port 8001 for my server and allow no-ip's software to run in the background and update my changing IP address on the web since I have a DHCP.

As far as I know, nobody has messed with my 24/7 server. Is there a log file that keeps track of all online activity?

What else could I do to secure my server from vulnerabilities?
 
Old 06-19-2006, 06:15 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by linuxhippy
I've been running a mp3 server out of my basement for a couple months now using an old Pentium pc, Slackware 10.2, and gnump3d ver. 2.98. I'm using a precompiled 2.6.13 kernel and iptables 1.3.5...I've set up a couple simple filter rules that open up traffic on port 8001 for my server and allow no-ip's software to run in the background and update my changing IP address on the web since I have a DHCP.

As far as I know, nobody has messed with my 24/7 server. Is there a log file that keeps track of all online activity?

What else could I do to secure my server from vulnerabilities?
as for logfiles, being that this is (i assume) a dedicated mp3 server, i believe you'd be pretty-much limited to the logfiles provided by the mp3 server app... of course there's always the iptables logs (and the system logs) but they aren't of much use in this situation (unless you are indeed allowing remote ssh logins, etc.)... what mp3 server app are you using??

as for hardening the box, you could post your iptables script and then maybe we could give you some pointers on how you might be able to make it better/tighter...

i would also recommend downgrading your kernel to the latest 2.4 (if possible), which at the time of this post is 2.4.33-rc1... you should make sure it's stripped-down to only what you need (a good start is disabling all the experimental options) of course... you'll need to recompile iptables after that...

other steps you can take are making sure you uninstall any packages you aren't using on the box, such as compilers, graphical libs/apps, etc...

if you want some heavy armor you could always patch the kernel with grsecurity... they should have a version for 2.4.33 released soon after 2.4.33 is actually released...

also, if your mp3 server app is able to run in a chroot jail, that would be great, as grsecurity provides chroot jail hardening...

there's plenty of other things you can do also... like, perhaps install rootkit hunter and set a cron job to email you the results of a scan once a day... or tripwire... or both...

just my ...

PS: does your mp3 server app have a web-based front-end?? if so, does it have it's own or does it use apache??

EDIT: sorry, i just noticed that you had indeed posted the app you are using, gnump3d...

Last edited by win32sux; 06-19-2006 at 06:25 PM.
 
Old 06-19-2006, 06:42 PM   #3
linuxhippy
Senior Member
 
Registered: Sep 2004
Location: Philadelphia, PA
Distribution: Xubuntu, Mythbuntu, Lubuntu, Picuntu, Mint 18.1, Debian Jessie
Posts: 1,207

Original Poster
Rep: Reputation: 47
Why should I go back to the 2.4.X kernel? I'm running a 200 MHz pc, so I'd like a precompiled 2.4.33 kernel for Slack 10.2. The 2.4 kernel that is on the server is 2.4.31.

As for the server application, it's gnump3d version 2.98. It provides me with a detailed access log file. People access this 24/7 mp3 server on port 8001.

I'm using a DHCP IP address. I'm using the software at www.no-ip.com to run in the background as a process and update their online database with my IP address changes. It needs port 8245 to be open for their software to use.

I've opened up the above ports in my iptables 1.3.5 definitions along with ports for ssh and ftp and the no-ip process updates in the background:

-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8001 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8245 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
COMMIT
 
Old 06-19-2006, 07:01 PM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by linuxhippy
Why should I go back to the 2.4.X kernel?
mainly for security... using an unsupported 2.6.13 is a very bad idea if you are concerned about security... trust me, patrick volkerding is not ever going to be backporting security patches to that 2.6.13...

Quote:
I'm running a 200 MHz pc, so I'd like a precompiled 2.4.33 kernel for Slack 10.2. The 2.4 kernel that is on the server is 2.4.31.
precompiled?? ideally you want a kernel with only the features you NEED included... precompiled kernels like those provided by slackware come with everything but the kitchen sink included (including experimental stuff)...

in any case, i doubt patrick will provide a 2.4.33 kernel for slackware 10.2, considering he didn't even provide a 2.4.32... but then again, 2.4.33 includes (will include) a lot security fixes so perhaps he'll issue it as a security update this time around... who knows...

what i can tell you is that it's best if you don't depend on him for your kernels... is there some reason in particular why you don't want to compile your own??

Quote:
As for the server application, it's gnump3d version 2.98.
yeah, i realized this after i posted - look at my edit...

Quote:
It provides me with a detailed access log file. People access this 24/7 mp3 server on port 8001.
cool... i was reading through the docs for that app and the developer seems like a serious person, which is good... he seems to have given a lot of thought to the security implications of this application...

Quote:
I'm using a DHCP IP address. I'm using the software at www.no-ip.com to run in the background as a process and update their online database with my IP address changes. It needs port 8245 to be open for their software to use.

I've opened up the above ports in my iptables 1.3.5 definitions along with ports for ssh and ftp and the no-ip process updates in the background:

-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8001 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8245 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
COMMIT
it's easier to give you feedback if you post your *entire* rc.firewall script...

Last edited by win32sux; 06-19-2006 at 07:11 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mp3 players and home net work imbassman Linux - Hardware 2 03-30-2005 07:18 AM
In-car Mp3 server djrevelation Linux - General 1 11-25-2004 09:34 PM
Serving up my mp3 library at home through a firewall at work nbcthreat Linux - Networking 3 07-08-2004 09:57 AM
Apache MP3 server GreenerLinux Linux - Networking 0 02-02-2004 04:39 PM
making a webpage server and home network server on the same computer ferretmanus Linux - Networking 1 09-11-2003 11:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration