I'm trying to setup an open-source project, I have a couple of developers on the team but nobody has experience with Apache. I would like to setup a simple home server for Bugzilla on Ubuntu 10.04, so my question is, is there a server that comes secure out-of-the-box so that simply adding files to /htdocs would suffice?
View 1 Replieshow to setup a secure and reliable server, i have three ubuntu 10.10 servers a Dell PowerEdge 850,1850 and 2850 which has a Dell PowerVault 220s attached to it.The Dell PE850 Server Consists of:
Intel Pentium D 3.0GHz
4 GB RAM
Eventually 2x250GB Sata Hard Drives
The Dell PE850 Server Consists of:
2xIntel Xeon Processors 3.4GHz
4 GB RAM
2x76GB SCSI Hard Drives RAID 1
The Dell PE850 Server Consists of:
2xIntel Dual Core Processors 2.8GHz
4 GB RAM
6x76GB SCSI Hard Drives RAID 5 (pretty sure)
Dell PowerVault 220s
I would like to setup a reliable webserver, mail server, DNS and Dynamic DNS, DHCP, SQL, FTP, Samba (with Roaming Profiles), PXE Boot Server.I know how to setup most of the server modules, i would just like to know the best way to do it tho. I also want to no how to setup the secuity of the system correctly, and setup and partition up my hard disks to allow for the best reliabilty, even when a server crashes.I would like to now how to set these servers up from start to finish in a sence.
I am going to set up a file server on Ubuntu. I have searched a while, but can't seem to find a guide to what I want. The requirements specifications are the following:File server: possible to upload, change and download files.Linux (Ubuntu) clients, Windows clients if possible.Access restriction to deny access to other than registered users.Only the user should be able to read the content of the files.Ideally root should not be able to see the individual files, but in worst case it is ok for root to see the files.Root should not be able to open the files.Point 1-3 is easy to find out how to set up. But I can't seem to find a way to deny root to view the files. The only solution I can think of is to encrypt files or a whole folder, but I don't know how to set it up.
The setup is for a home network, but the server used as a file server will have a web server as well. If someone manages to get access to the server I don't want them to be able to read the files.
As far as I know, servers are stable and don't go down easily, but every single server will eventually go down some day, either from hardware/software failure or from hacking.
But as sysadmins, our job is to keep servers running healthy as long as possible.
So I'm conducting another short survey (I might start more survey threads, and thank everyone for kindly replying my previous post):
1. Have you encountered server failures? What's the most common cause for server failure?
2. What is your most important trick in avoiding your server go down?
3. What security rules do you follow to protect your servers?
I currently run Win 7 and want to upgrade my computer to a server to accomplish the following... I have a VPN Service. I want the server machine to connect to a VPN providing a secure connection. Then, I want all the machines in the house (windows based) to connect through the server onto the VPN connection. Hopefully this makes sense. Would it be better to stick to Windows Server 2008 or switch to Ubuntu?
View 5 Replies View RelatedDoes anyone know how to go about setting up a secure IMAP email server that is able to be accessed from outside the network? Similar to how you can access your google email account from your computer using Thunderbird.
View 3 Replies View RelatedUsing Thunderbird as mail client, I notice an option in the mail account's Server Settings which reads "Use secure authentication" which allow secured transition of your username and password.I also have my own mail server. Hence, how do I enable this functionality for my mail server (I'm using Postfix & Dovecot) ?
View 5 Replies View RelatedI am running an Ubuntu Server on a VirtualBox VM running on my windows machine. So I've created a self-signed certificate using the following tutorial: [URL]
From this tutorial I'm left with 3 files:
server.key
server.csr
server.crt
Then I found this very similar tutorial that has an extra bit on installing the certificates in apache: [URL] So I followed it's instructions which boil down to this:
[Code]...
So I'm thinking this should work now. However in Chrome I get: SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. IE8 gives me a typical "Internet Explorer cannot display the webpage" Note that [URL] fails while [URL] works fine, so it's definitely something in my ssl setup I'm thinking.
I would like to set up a proxy server at home which i can use to access sites from work. I was thinking a web-page i log into and then a sort of use like a browser? like this for example, but where i can have a secure login
View 4 Replies View RelatedI am going to be away semi permanently and want to create a VPN that will allow me to act as if my laptop was connected to my home network.
All I want is for the drives to be accessible so I can use them for primary access as if they are in the laptop.
Questions:
1. Can I set up a Linux VPN that is secure using public WiFi (or however I connect to the net) when I am on the road?
2. I will be using a desktop (32 bit) as the server, what version of Linux would be best for this?
3. If my server is linux and the server drives are NTFS will they be accessible using a windows machine? (I will be double booting the laptop)
4. I would like to set up a pass-code that is stored on the laptop so that only that machine can get access.
This can be up to 255 characters and encrypted so it would be very hard to break. Even I would not know what it is. (I would store it on a pen drive and be able to recover it from there.)
One more. I might want to add separate users that only have access to their one drive, not the server drive. Is that OK?
I installed AWSTATS on my LAMP 10.04 LTS and followed several tutorials URL...) but I can't secure the folder, either by an alias or by .htaccess. I tried both methods manually and by using Webmin.If you go to the URL www.mywebsite/awstats/awstats.pl it shows up, which is good, but this is the default installation site and anyone who knows awstats could possibly see my stats. The conf folder is /etc/awstats/, and I did an alias for that, then .htacess, but neither worked. With the .htaccess, I would get a password promt but the full stats page was visible behind the password promt, and if you clicked "Cancel" about 20 times or so the promt would go away and the full stats page would be visible.
The actual file that powers awstats is in /usr/share/lib/cgi-bin/awstats.pl, and I also tried an Alias and .htaccess seperately and neither worked.I restarted apache2 after each change and I've searched several forums, but I still can't figure this out.
I'm running Ubuntu Server 9.10 and I'm looking to setup an FTP server. I have SSH running beautifully and it's accessible from any computer whether it be inside the network or coming in from the internet (provided you have the administrator username and password ). I've tried Proftpd and vsftpd and have failed miserably so far. Which FTP server application do you think I should go with and how could I go about setting it up through my SSH connection?
My current setup is this:
- Ubuntu Server 9.10 with Fixed IP of 192.168.1.100
- 500GB Hard Drive
- SDA1 = 512MB ext2 /boot
- SDA2 = 2GB swap
- SDA3 = 20GB ext4 /
- SDA5 = 438GB ext4 /home
- One User (Username = administrator)
- Full SSH Capabilities
- IP Address to DNS provided by www.dyndns.org
- WRT120N Router with Remote Access and Port 22 Open
I basically want to set up a secure FTP server that anyone on the internal network can access as well as anyone from the internet (as long as they have a username and password). I want to setup a username and password for each user so that they all have read/write access to the same folder in my /home partition (I'll call it FTPSHARE).
I am trying to remove the ability to login with password so, I follow the procedures I have found to generate a key, copy it on the server and after editing the sshd_conf file to set PasswordAuthentication to no, after I restart ssh, I find my self locked out of it....
View 5 Replies View RelatedOn a windows system I installed xampp, and let web applications on the computer be acceseable via internet . On a forum I was firmly instructed that it was an unsecure pracsis.Now I saw on utube, that it is possible to install apache and php on ubuntu 10.04 lts desktop edition.
q1: What shall I install to get apache and php and sql databases?
q2: Is runnings web applications that are acceseable via internet on a ubuntu desktop edition with the above descripted software also unacceptable in terms of security, or is it a productive secure platform. I was told that productive platforms are ok to connect to the internet.
Know any documentation or software packages to do a open source "File Hosting" or also known as "one-click hosting" server.I want to create my own private secure site to easily have clients download sensitive files. If it could be setup to use SSL that would be great.
View 1 Replies View RelatedI would like to use my Ubuntu server machine as a proxy so I can browse a little more securely/privately while I am traveling. I connect to a lot of open Wi-FI networks.I have Squid setup on an old laptop running Ubuntu Server 10.10 at home, and the main machine I will be using to connect to the proxy is a computer running Windows Vista.I am able to connect and use the Ubuntu Server machine as a proxy while traveling with the squid config file modified with http access set to 'allow all'.
Obviously this isn't the ideal setting.After lots of reading and Googling I can't figure out how to allow only my Vista laptop to use the proxy.I'm a little lost with the ACL settings required.
I was planning on using my VPS to grant some of my friends shells. The problem though is that I don't want them doing crazy stuff on it, like using up all my RAM or disk space. I would like to limit them to a very small 25 mb disk space, and allow them only certain application in /usr/bin like python perl irssi screen etc. I do NOT want them to be able to cd out of their home directory. I really want this to be setup like the shell provider SHellium. I can setup the FTP and SSH stuff myself.
View 3 Replies View RelatedI'm running a server using ubuntu 10.04 x64. I want to disable access of groups to "bin" folder so they cannot execute commands.
[info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.]
So what I wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it. How is it possible?
After securing webmin on my web server, with a custom SSL connection.I wanted to do the same with phpMyAdmin. But I am unsure of where to look for the best tutorial(s) to do this, can anyone help?Plus I saw once at work our network tech adding in accounts but then allocating that to the login itself.For example, when your brought up with a .htaccess prompt in the browser, thats assigned to you login within phpMyAdmin, taken from the db server no doubt, is it possible to do this?Should there be anything else I need to know in securing mysql?I have limited all services to a set number of IPs so non of its publically functional at the moment so I can take as long as possible, but naturally I'd like to be able to be as speedy as possible about getting this sorted.
View 7 Replies View RelatedI just installed FC12 x86_64. After a clean install I found that httpd, mysql, svn, svnadmin, etc are already installed. I still need to install and configure tomcat running as a worker behind httpd and configure everything. But my question is about security. What do I need to do to ensure that when I start httpd and mysql that they are secure? Are there default settings that I need to change? Are there security patches I need to apply?
System Config:
Fedora Core 12 x86_64
AMD Athlon II X2 250 3.0 GHz dual core
GIGABYTE GA-MA785GM-US2H
G.SKILL 4GB (2 x 2GB) 240-Pin DDR2 SDRAM DDR2 1066 (PC2 8500) Dual Channel Kit Desktop Memory Model F2-8500CL5D-4GBPK
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
i have a question about rpm.pbone.net, www.rpmseek.com and these kind of pages: Can I trust these sites and is it secure to install rpms from these sites on enterprise workstations and servers?
View 1 Replies View Relatedwe have a remote linux server and its /var/log/secureile is fully filled with unauthorized ssh users,of course they cannot able to log in successfully but they were making continuous ssh requests to log in, it some times results in server down problem. so how to secure our server from their ssh attempts.i know blocking unauthorized ip addresses can solve this problem and we can also change the ssh port numbers but what are the other possible ways of solving this.
View 4 Replies View RelatedI've setup Kerberos and OpenLDAP servers (9.10) similar to the official documentation (and other sites that fill in the "gaps"). However, when you start to get in to some of the details, there seem to be many options - and I guess I'm looking for what could be the defacto standard. I'd like to allow Ubuntu clients to have a sso capability, with the ability for local caching of passwords if not connected to the network (such as a laptop user away from the office, prior to a VPN). I'd like to automount a secure NFS share somewhere in the /home directory. If the user logs in to a computer they've not logged in to before (if they're authorized), it would be nice if a skeleton /home directory could be setup there automatically I'm guessing that it is not desirable to use a shared /home NFS - as if you're off the network this would be problematic - as well as multiple computers sharing the same /home. There are some benefits to a shared /home (SSH certs, etc.), so maybe there is a hybrid approach out there.
I've read that it's not necessarily good practice to have OpenLDAP to do the authentication (leave this to Kerberos), but it's fine for authorization (such as ACLs for logins to certain computers). It's also good practice to use TLS with OpenLDAP (which requires public certs on all the clients) and to not allow anonymous read to the directory. I would guess that a computer host keytab could be refreshed to bind to the OpenLDAP server via GSSAPI / SASL to allow a non-anonymous read, and then determine if, say, the user was a member of a group allowed to log in. Kerberos would then pick up and authenticate the user and then proceed to the login. Off the network here, I'm not sure. I found this document, but it's self declared missing items: [URL]
I'll stop the rambling, but I cannot be the only one who would like to setup a relatively standard and secure server based network authentication and authorization back-end. Is there any _complete_ documentation on the best practices and how to implement?
I'd like to set up a fileserver for myself and a few trusted individuals. I'm computer savvy and I use various linux servers frequently for work, but this is my first time trying to setup my own. Is it possible to have a Samba server setup so it is both secure and facing the Internet? Two questions:
Will opening Samba ports make my default Ubuntu server particularly vulnerable to penetration? More than having an SSH server running? Does Samba/ can Samba be configured to encrypt traffic or is it sent plainly? If so, does Windows and Mac support this secure communication?
If not, what would you suggest? I'd like to achieve something like a network drive and at a difficulty level that my parents could use this if they really wanted to. I will be storing things like financial information and tax returns, but no weapons-grade secrets.
I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
I have been doing a whole lot of reading on any kind of home server. I want to have a secure home server that I can access from school by a domain name. At first I was looking at FTP, but I need something secure and it seemed like the software that supported SFTP has to be purchased. Then I started looking at SSH stuff, but I also realized that I want to use a dynamic DNS, so I started reading about that.
Basically, now my head is so information-logged I can't figure out what and how I should do this. If anyone could give me some very step-by-step-procedure links (or information) that show me how to set up a secure home server that I can access with a domain name through the internet that also uses a DDNS, that would solve all my problems.
Ok im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
View 9 Replies View Relatedwhat is the best option to securing server via firewall and iptables?
View 9 Replies View RelatedI now have a windows box connected to the internet via the server.
Question is - how do I know if the linux box is secure?
Are there any things that I have to config now - I am slowly moving on to configuring the dns and dhcp server - but is there anything else I should have done?