Author Topic: What do servers need?  (Read 4329 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
What do servers need?
« on: July 02, 2008, 08:19:15 pm »
I'm working on rebuilding my servers right now. I've done a stripped down install of Slackware 12.1. Right now, I'm working on setting up the base image that I'll copy to make the other images.

Besides default software/services (hard to provide a list..), I've installed:
- hping3 (troubleshooting)
- nmap (troubleshooting)
- vmware tools
- automatic time updating
- back up tools/accounts

Any other ideas for things that are required across the board? I want to get this set up right before I finalize it.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: What do servers need?
« Reply #1 on: July 02, 2008, 08:40:18 pm »
Lamp?
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: What do servers need?
« Reply #2 on: July 02, 2008, 09:00:31 pm »
Linux is obvoius.

Only the Web server needs Apache/PHP

Only the database server needs MySQL

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: What do servers need?
« Reply #3 on: July 02, 2008, 09:20:10 pm »
cron?  Also, don't forget ssh for the database and site servers, and FTP on the website server.  You also can't forget about RCRS (or can you?)  Maybe ident too, though I'm not sure.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: What do servers need?
« Reply #4 on: July 02, 2008, 09:23:33 pm »
ssh is there, that's a default. I don't (and won't) use FTP, so that's a non issue.

RCRS, I'm not worried about.

What good is ident? I've never installed that, but I wouldn't be opposed to it if it could be useful.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: What do servers need?
« Reply #5 on: July 02, 2008, 09:50:59 pm »
I know you're trying to keep this lightweight, but it seems uses for quick perl scripts pop up in tons of situations.  If you think this might be the case, I'd install CPAN on all of your servers.

I'd be shocked if Slackware didn't come with the Python stuff, but you'd want that too.

I'd also look into something that monitors and takes action on failed login attempts via SSH.  I have a python program running on my server that watches for failed login attempts in the log files and blocks IP addresses after they fail some number of times (I think it's 7 by default).  It also removes the blocks after a set amount of time.

There's another cool concept called "graylisting" where you block every attempt to connect via SSH the first time, and allow all other attempts through.  This makes most brute force bots give up.

I'm pretty sure you already know about those things, but I figured I'd throw them out there since they seem pseudo-important from a security standpoint. :)

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: What do servers need?
« Reply #6 on: July 02, 2008, 10:04:08 pm »
I know you're trying to keep this lightweight, but it seems uses for quick perl scripts pop up in tons of situations.  If you think this might be the case, I'd install CPAN on all of your servers.
Came with Slackware

I'd be shocked if Slackware didn't come with the Python stuff, but you'd want that too.
Ditto, I installed all the dev tools.

I'd also look into something that monitors and takes action on failed login attempts via SSH.  I have a python program running on my server that watches for failed login attempts in the log files and blocks IP addresses after they fail some number of times (I think it's 7 by default).  It also removes the blocks after a set amount of time.
Not a bad idea, I thought about doing that before, but hadn't gotten around to it.

There's another cool concept called "graylisting" where you block every attempt to connect via SSH the first time, and allow all other attempts through.  This makes most brute force bots give up.
Obscurity. It only works till lots of people do it. :)

I'm pretty sure you already know about those things, but I figured I'd throw them out there since they seem pseudo-important from a security standpoint. :)
Heh, yeah.

Speaking of security, I was thinking of putting traffic monitoring software on each server, and pulling the stats back to one server (possibly the backup server). Not sure if I'm going to bother, though.

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: What do servers need?
« Reply #7 on: July 02, 2008, 10:47:30 pm »
Some sort of data encryption on the hard-disk? I dunno. I'd say NetHack but you couldn't take me seriously. :P
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: What do servers need?
« Reply #8 on: July 02, 2008, 11:06:31 pm »
Obscurity. It only works till lots of people do it. :)

Obviously, but as long as you don't rely on it, I don't see the harm in exploiting it. :P

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: What do servers need?
« Reply #9 on: July 02, 2008, 11:09:02 pm »
I'm not sure that hard disk encryption would buy me anything on a vmware image. The only real attack avenue is somebody hacking the server, encryption wouldn't help much if they had physical access (could just pause/resume vmware images).

Here is the list of things so far:
- iptables with default deny all (I'm already firewalling at the router, but an extra layer couldn't hurt)
- ntop (traffic monitoring), if it works (wouldn't really work for me before)
- a way to update software (I'm thinking a folder that they'll install packages from if it's filled.. maybe require the packages to be signed by me? We'll see)
- deny hosts (ban ssh brute forcers)
- locked down root account (can't log in remotely as root, will make a different default account)
- nightly portscans scheduled, from the trusted zone, so I can see when services change
- empty /usr/local and /home folders, ready to have separate drives mounted

Other suggestions are good, I'm probably going to build this image this weekend.

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: What do servers need?
« Reply #10 on: July 03, 2008, 12:03:39 am »
rsync is nice if you have a good place to put the backups

Offline while1

  • x86
  • Hero Member
  • *****
  • Posts: 1013
    • View Profile
Re: What do servers need?
« Reply #11 on: July 03, 2008, 12:11:04 am »
Let's see.  I don't see any porn on your list.  No server can live without porn!  It serves you, but do you service it?
I tend to edit my topics and replies frequently.

http://www.operationsmile.org

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: What do servers need?
« Reply #12 on: July 03, 2008, 12:14:11 am »
a server most of all requires tender love and care, someone to hug him when he's feeling blue..perhaps an occasional bedtime story.
when he's running a fever be sure to keep him nice and cool, he's forgetful so make backups of his data regularly

at times he may become frustrated with the amount of load he's put under, dont be mad at him he's trying his best.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline mynameistmp

  • Full Member
  • ***
  • Posts: 111
  • Hi! I'm new here!
    • View Profile
Re: What do servers need?
« Reply #13 on: July 03, 2008, 12:17:44 am »
I always used to install svn. I'd host one server on my LAN, and then install the client on all other machines I frequented. I used to have 4 or 5 machines that I'd switch between, so it eliminated redundancies. I would log in to desktop A as tmp, hack around for an hour or two on a variety of different things. Then I'd commit to the server repository and log out. svn would automatically tabulate all of the files modified during the session and store them for me. I could leave for lunch, log in via laptop from the restaurant, check a copy of my home directory out, and be exactly where I left off; down to the wall paper and xmms volume. Rinse, repeat. I was always surprised how few people it seemed exploited this functionality.

Another is vtund, but depending on which version of the kernel you selected you may not have the necessary module.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: What do servers need?
« Reply #14 on: July 03, 2008, 08:18:15 am »
Good call at svn, I meant to make sure that was installed. It came by default, but it won't run because I'm missing libldap. Will take care of that!

vtund doesn't sound like something I need, at least for this. :)