LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-22-2004, 06:19 PM   #1
Boby
Member
 
Registered: Feb 2004
Posts: 781

Rep: Reputation: Disabled
Root Server administration


Hello!

I work now for a company from Germany and I am from Romania. Usually I'm doing some PHP code and webdesign. We have the MySQL database on one server and the website on another. Now our website hoster is going crazy and the boss want's to buy/rent a root server. The server on wich is the database is not the best too.
We are two guys who know a little bit of Linux and one that want's to learn. Our boss want's us to administrate the server and learn something from this so he won't hire a specialist. We found at www.hosteurope.de and www.server4you.de some servers to rent. My [our] question is what is the best distribution to choose for the server: RedHat Enterprise ES Basic [this one +15 Euro/Month], SuSe or Debian?
I want to mention that on this server will run a big MySQL database and an Apache webserver with PHP, maybe some CGI later.

My other questions are:
1) Which is the best way to aministrate this server from a different country [from distance]? I think about SSH or is there a better, secure way of doing that?
2) Wich distribution to choose? like above.
3) What else should we use or not use for the best security? I know a little bit of "iptables" firewall.
4) Use the MySQL server on another port than it's default?
5) Should we buy an usual webadress and forward it's index.html to our webserver? And make a policy to our firewall that the only accepted connection is from the IP adress of the webadress? Or should we use the direct connection to our server?
6) How should our firewall look like? First block everything, then open ports 22 tcp [ssh] for a specific IP-adress, 80 tcp/udp [http], 443 tcp/udp [https] and 3306 tcp/udp [MySQL] or another port? What else?
7) How to filter services on each port? For example I found 22 trojans working on port 80 like http. But how can I block them on this port an allow only http?
8) What about flooding? Yes we will block pinging our IP adress...but syn, fin...how to block them and what other floods to stop?

You can give me some links, but some answers to my questions are better.
Thank you in advance!

With regards, Boby!
 
Old 12-22-2004, 07:24 PM   #2
zatriz
Member
 
Registered: Aug 2003
Location: Seattle, Wa
Distribution: Fedora,Trustix,Debian
Posts: 290

Rep: Reputation: 30
1.) SSH would be the best , you can take a look at webmin over ssl
2.) Go with redhat or suse they are more user friendly and easier to use for a beginner
3.) iptables is your only choice pretty much use a frontend like shorewall(www.shorewall.net), or knetfilter or millions of other frontends out there. shorewall is supported in webmin
4.) Probably no need, just block incoming request for port 3306 since the only thing that would access the database server would be the apache web server.
5.) If you are going to be hosting your own webserver than this would just be a waste of money just buy the domain and point the dns at your ip for your server.
6.) Thats it
7.) You cant, and dont worry about it anyway unless you filter at the application layer, waste of resources and the trojans dont infect your server (read about what a trojan is and what it does and how it works)
8.) setup the apache webserver to time out connections faster or setup a reverse proxy with squid and configure squid to your liking.


Be sure to test your iptables firewall script before hand because if you block yourself out you wont be able to login again unless you remove those rules for that reason if you like something more graphically try fwbuilder.
and also look into cohosting your server somewhere or just hosting your domain somewhere so you dont have to worry about all of these things.

If you go with your selection of choices to host with then they will take care of the firewall and everything else all you have to worry about is the website and database administration at least thats how most isp do it but i dont read german so i could be wrong

Last edited by zatriz; 12-22-2004 at 07:29 PM.
 
Old 12-22-2004, 07:32 PM   #3
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
1. ssh should be sufficient. If you are terribly security paranoid you may want to implement a vpn tunnel.

2. very subjective question. No one can answer this for you. Go to their websites and read the docs. Got questions...fire them off and see the quality and speed of the response. Redhat and SuSe are for profit businesses...they want to make money. Debian is a non-profit volunteer run distro. How does that fit into your philosophy? Redhat and SuSe will offer commercial support. Debian will not (ie: your on your own with technical problems)

3. You will definately want a strong iptables firewall. Commercial firewalls also exist. Look into kernel hardening patches such as grsecurity and selinux...

4. This is security through obscurity. A quick portscan with service detection will reveal which port your mysql runs on...

5. Not too sure what you're getting at here...

6. The best practice here IMO is too block everything...and specifically allow only needed services

7 and 8: sounds like you need some heavy iptables voodoo for this...and even then I am not sure it can be done... beyond my expertise anyway....

good luck....
 
Old 12-23-2004, 05:03 PM   #4
Boby
Member
 
Registered: Feb 2004
Posts: 781

Original Poster
Rep: Reputation: Disabled
Ok zatriz and bulliver, thank you very much so far!
I'll wait now to have the new server and I'll be back for sure with more questions

Thank you and Merry Christmas!
Boby
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS Server administration mikedeatworld Linux - Networking 2 10-04-2005 07:42 AM
LINUX Server Administration amisourav Linux - General 1 05-18-2005 09:33 AM
Remote Server Administration emperorjordan Linux - Newbie 10 03-05-2004 07:31 PM
Linux Server Administration 2 PC help agoodeill Linux - Newbie 2 11-19-2002 11:28 AM
RaQ Server administration Jase Linux - Networking 0 11-26-2001 09:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration