Hello I've got an un managed VPS running CentOS6 I'd like to install 2 websites and secure the whole VPS I've tried tutorials from the how to forge website but things keep screwing all the time. Please if any one can help or give a good working tutorials that would be awesome. Thanks a lot WI,
Am I asking stupid questions to get no answers?
On 23/02/2012 09:42 AM, Wuxi Ixuw wrote:
Hello I've got an un managed VPS running CentOS6 I'd like to install 2 websites and secure the whole VPS I've tried tutorials from the how to forge website but things keep screwing all the time. Please if any one can help or give a good working tutorials that would be awesome. Thanks a lot WI,
On Thu, Feb 23, 2012 at 12:25 PM, Wuxi Ixuw w7u64xi7@gmail.com wrote:
Am I asking stupid questions to get no answers?
On 23/02/2012 09:42 AM, Wuxi Ixuw wrote:
Hello I've got an un managed VPS running CentOS6 I'd like to install 2 websites and secure the whole VPS I've tried tutorials from the how to forge website but things keep screwing all the time. Please if any one can help or give a good working tutorials that would be awesome. Thanks a lot WI,
It would help if you're a LOT more specific asto what you've tried and what doesn't work.
Actually I am looking for a tutorial or a guide to follow as I am really newbie to this world.
On 23/02/2012 12:37 PM, Rudi Ahlers wrote:
On Thu, Feb 23, 2012 at 12:25 PM, Wuxi Ixuww7u64xi7@gmail.com wrote:
Am I asking stupid questions to get no answers?
On 23/02/2012 09:42 AM, Wuxi Ixuw wrote:
Hello I've got an un managed VPS running CentOS6 I'd like to install 2 websites and secure the whole VPS I've tried tutorials from the how to forge website but things keep screwing all the time. Please if any one can help or give a good working tutorials that would be awesome. Thanks a lot WI,
It would help if you're a LOT more specific asto what you've tried and what doesn't work.
On Thursday 23 February 2012 12:25:12 Wuxi Ixuw wrote:
Am I asking stupid questions to get no answers?
They're not stupid, just way too general.
We could answer something like "apache gives me this error: blablabla"
Regards
I am afraid if I get hacked and do not know what should i do to setup the whole vps the right way.
On 23/02/2012 02:25 PM, Marc Deop wrote:
On Thursday 23 February 2012 12:25:12 Wuxi Ixuw wrote:
Am I asking stupid questions to get no answers?
They're not stupid, just way too general.
We could answer something like "apache gives me this error: blablabla"
Regards
On 02/23/12 5:19 AM, Wuxi Ixuw wrote:
I am afraid if I get hacked and do not know what should i do to setup the whole vps the right way.
there is no single 'right way'. security requires a thorough understanding of all aspects of the system, this is not something that can be dealt with by a 'how to' walkthrough. hire a systems adminstrator with a background in security.
John R Pierce wrote:
On 02/23/12 5:19 AM, Wuxi Ixuw wrote:
I am afraid if I get hacked and do not know what should i do to setup the whole vps the right way.
there is no single 'right way'. security requires a thorough understanding of all aspects of the system, this is not something that can be dealt with by a 'how to' walkthrough. hire a systems adminstrator with a background in security.
Or, since it's a VPS, call your ISP's support line and ask them.
mark
I did and they asked for a 150 usd per hour ... and I do not have that money and each time I am asking for a thing I will need to pay again and counting.
On 23/02/2012 06:49 PM, m.roth@5-cent.us wrote:
John R Pierce wrote:
On 02/23/12 5:19 AM, Wuxi Ixuw wrote:
I am afraid if I get hacked and do not know what should i do to setup the whole vps the right way.
there is no single 'right way'. security requires a thorough understanding of all aspects of the system, this is not something that can be dealt with by a 'how to' walkthrough. hire a systems adminstrator with a background in security.
Or, since it's a VPS, call your ISP's support line and ask them.
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
A good start would be to download and install ConfigServer Security and Firewall.
http://configserver.com/cp/csf.html
That will help you on the security side.
But if you're completely new to the game, you should consider hosting your sites on a shared host somewhere and use the VPS as a learning tool -- unless the sites are not production and you don't care what happens to them occasionally.
On Feb 23, 2012, at 2:06 PM, Wuxi Ixuw wrote:
I did and they asked for a 150 usd per hour ... and I do not have that money and each time I am asking for a thing I will need to pay again and counting.
On 23/02/2012 06:49 PM, m.roth@5-cent.us wrote:
John R Pierce wrote:
On 02/23/12 5:19 AM, Wuxi Ixuw wrote:
I am afraid if I get hacked and do not know what should i do to setup the whole vps the right way.
there is no single 'right way'. security requires a thorough understanding of all aspects of the system, this is not something that can be dealt with by a 'how to' walkthrough. hire a systems adminstrator with a background in security.
Or, since it's a VPS, call your ISP's support line and ask them.
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
*pssssh pssssh*
On Thu, Feb 23, 2012 at 7:19 AM, Wuxi Ixuw w7u64xi7@gmail.com wrote:
I am afraid if I get hacked and do not know what should i do to setup the whole vps the right way.
There are many large books on the subject. If you don't want to spend your life staying ahead of the game: Use popular software Don't change defaults you don't understand Keep it up to date Use good passwords
Please suggest a one as I am keep goggling and all result bring books dealing with linux as a real server and not a vps.
On 23/02/2012 07:01 PM, Les Mikesell wrote:
On Thu, Feb 23, 2012 at 7:19 AM, Wuxi Ixuww7u64xi7@gmail.com wrote:
I am afraid if I get hacked and do not know what should i do to setup the whole vps the right way.
There are many large books on the subject. If you don't want to spend your life staying ahead of the game: Use popular software Don't change defaults you don't understand Keep it up to date Use good passwords
On Thu, Feb 23, 2012 at 1:05 PM, Wuxi Ixuw w7u64xi7@gmail.com wrote:
Please suggest a one as I am keep goggling and all result bring books dealing with linux as a real server and not a vps.
The difference is only in how much the hosting system forces you to use certain images and versions, which will likely vary with the vendor. Books on security are always out of date anyway. The system security business is very specialized - plan on spending a lot of either time or money if you are going to do anything out of the ordinary. But, unless you have something unique and valuable to attack, you mostly have to worry about known exploits on the platform you use, and the main thing you can do about it is to keep your software updated so you get the fixes as soon as they are available.
I will use Drupal core and mostly no modules.
On 23/02/2012 09:21 PM, Les Mikesell wrote:
On Thu, Feb 23, 2012 at 1:05 PM, Wuxi Ixuww7u64xi7@gmail.com wrote:
Please suggest a one as I am keep goggling and all result bring books dealing with linux as a real server and not a vps.
The difference is only in how much the hosting system forces you to use certain images and versions, which will likely vary with the vendor. Books on security are always out of date anyway. The system security business is very specialized - plan on spending a lot of either time or money if you are going to do anything out of the ordinary. But, unless you have something unique and valuable to attack, you mostly have to worry about known exploits on the platform you use, and the main thing you can do about it is to keep your software updated so you get the fixes as soon as they are available.
On 02/23/12 12:16 PM, Wuxi Ixuw wrote:
I will use Drupal core and mostly no modules.
Drupal has had its share of exploits, too. http://www.cvedetails.com/vulnerability-list/vendor_id-1367/product_id-2387/...
What shall I use then? I did goggled a lot for what I should use and found that Drupal is so far the best CMS compared to Joomla or Wordpress.
On 23/02/2012 10:26 PM, John R Pierce wrote:
On 02/23/12 12:16 PM, Wuxi Ixuw wrote:
I will use Drupal core and mostly no modules.
Drupal has had its share of exploits, too. http://www.cvedetails.com/vulnerability-list/vendor_id-1367/product_id-2387/...
Wuxi Ixuw wrote:
On 23/02/2012 10:26 PM, John R Pierce wrote:
On 02/23/12 12:16 PM, Wuxi Ixuw wrote:
I will use Drupal core and mostly no modules.
Drupal has had its share of exploits, too. http://www.cvedetails.com/vulnerability-list/vendor_id-1367/product_id-2387/...
What shall I use then? I did goggled a lot for what I should use and found that Drupal is so far the best CMS compared to Joomla or Wordpress.
You need to get your head around the idea that *NOTHING* is ultimately safe. To paraphrase the stupid phrase, "vigilance is the price of liberty (of your system from the bad guys)"
mark
Ok, I've made up my mind to dive and learn ... so to learn the right way like what professional do ... what shall I do?
On 23/02/2012 10:56 PM, m.roth@5-cent.us wrote:
Wuxi Ixuw wrote:
On 23/02/2012 10:26 PM, John R Pierce wrote:
On 02/23/12 12:16 PM, Wuxi Ixuw wrote:
I will use Drupal core and mostly no modules.
Drupal has had its share of exploits, too. http://www.cvedetails.com/vulnerability-list/vendor_id-1367/product_id-2387/...
What shall I use then? I did goggled a lot for what I should use and found that Drupal is so far the best CMS compared to Joomla or Wordpress.
You need to get your head around the idea that *NOTHING* is ultimately safe. To paraphrase the stupid phrase, "vigilance is the price of liberty (of your system from the bad guys)"
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thursday, February 23, 2012 03:58:10 PM Wuxi Ixuw wrote:
Ok, I've made up my mind to dive and learn ... so to learn the right way like what professional do ... what shall I do?
First, try not to top post.
Second, download the CentOS 6.2 installation media and install it on your own hardware, reading through the excellent upstream documentation (linked from the www.centos.org website). Read through the CentOS wiki HOWTOs and such. And play around with your system, feeling free to reinstall it (or re-clone it, for a VM) at any time. Live with it to learn it, really.
HowtoForge has some nice articles on setting up servers to do various things; read through a few that use CentOS 6 as the base, and attempt to implement on you testing CentOS server. Then attempt on your VPS.
Expect to spend quite a bit of time on the process; Rome wasn't built in a day, and neither is admin experience.
Ok, I've found many versions from it, one for 700 MB and others for a DVD, which one I should get?
On 24/02/2012 12:30 AM, Lamar Owen wrote:
On Thursday, February 23, 2012 03:58:10 PM Wuxi Ixuw wrote:
Ok, I've made up my mind to dive and learn ... so to learn the right way like what professional do ... what shall I do?
First, try not to top post.
Second, download the CentOS 6.2 installation media and install it on your own hardware, reading through the excellent upstream documentation (linked from the www.centos.org website). Read through the CentOS wiki HOWTOs and such. And play around with your system, feeling free to reinstall it (or re-clone it, for a VM) at any time. Live with it to learn it, really.
HowtoForge has some nice articles on setting up servers to do various things; read through a few that use CentOS 6 as the base, and attempt to implement on you testing CentOS server. Then attempt on your VPS.
Expect to spend quite a bit of time on the process; Rome wasn't built in a day, and neither is admin experience. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thursday, February 23, 2012 05:35:32 PM Wuxi Ixuw wrote:
Ok, I've found many versions from it, one for 700 MB and others for a DVD, which one I should get?
While I specifically stated the installation media, you should get both the DVD1 and DVD2; specifically, assuming a 32-bit system (you mentioned trying on a Pentium 4 or Pentium D, so 64-bit may not be an option, and isn't really necessary for a 'lab' machine anyway; you do need as much memory as you can cram in that old Optiplex, with an absolute minimu of 1GB (and it's going to top out less than 4GB anyway....)), you need to download, from a mirror: CentOS-6.2-i386-bin-DVD1.iso CentOS-6.2-i386-bin-DVD2.iso
While DVD2 is somewhat optional, it won't hurt to have it on hand just in case.
The LiveDVD and LiveCD options boot up to a usable desktop, and you can install from them, but if you're wanting the *server* install experience you need the others, not the LiveDVD or LiveCD.
Now, go give it a whirl, make sure you read the documentation on installation on the CentOS.org website, and come back in a few days when you've played with that installation a while.
Is it advised to install on a virtual machine like vmware or a real computer?
On 24/02/2012 01:22 AM, Lamar Owen wrote:
On Thursday, February 23, 2012 05:35:32 PM Wuxi Ixuw wrote:
Ok, I've found many versions from it, one for 700 MB and others for a DVD, which one I should get?
While I specifically stated the installation media, you should get both the DVD1 and DVD2; specifically, assuming a 32-bit system (you mentioned trying on a Pentium 4 or Pentium D, so 64-bit may not be an option, and isn't really necessary for a 'lab' machine anyway; you do need as much memory as you can cram in that old Optiplex, with an absolute minimu of 1GB (and it's going to top out less than 4GB anyway....)), you need to download, from a mirror: CentOS-6.2-i386-bin-DVD1.iso CentOS-6.2-i386-bin-DVD2.iso
While DVD2 is somewhat optional, it won't hurt to have it on hand just in case.
The LiveDVD and LiveCD options boot up to a usable desktop, and you can install from them, but if you're wanting the *server* install experience you need the others, not the LiveDVD or LiveCD.
Now, go give it a whirl, make sure you read the documentation on installation on the CentOS.org website, and come back in a few days when you've played with that installation a while. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 02/24/2012 12:25 PM, Wuxi Ixuw wrote:
Is it advised to install on a virtual machine like vmware or a real computer?
If you are going to use CentOS 6 - as a VM host it must be installed on a 64 bit architecture!
On 24/02/2012 01:22 AM, Lamar Owen wrote:
On Thursday, February 23, 2012 05:35:32 PM Wuxi Ixuw wrote:
Ok, I've found many versions from it, one for 700 MB and others for a DVD, which one I should get?
While I specifically stated the installation media, you should get both the DVD1 and DVD2; specifically, assuming a 32-bit system (you mentioned trying on a Pentium 4 or Pentium D, so 64-bit may not be an option, and isn't really necessary for a 'lab' machine anyway; you do need as much memory as you can cram in that old Optiplex, with an absolute minimu of 1GB (and it's going to top out less than 4GB anyway....)), you need to download, from a mirror: CentOS-6.2-i386-bin-DVD1.iso CentOS-6.2-i386-bin-DVD2.iso
While DVD2 is somewhat optional, it won't hurt to have it on hand just in case.
The LiveDVD and LiveCD options boot up to a usable desktop, and you can install from them, but if you're wanting the *server* install experience you need the others, not the LiveDVD or LiveCD.
Now, go give it a whirl, make sure you read the documentation on installation on the CentOS.org website, and come back in a few days when you've played with that installation a while. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
But I will install cent os 6 32 bit on the vps later on.
On 24/02/2012 02:25 AM, Rob Kampen wrote:
On 02/24/2012 12:25 PM, Wuxi Ixuw wrote:
Is it advised to install on a virtual machine like vmware or a real computer?
If you are going to use CentOS 6 - as a VM host it must be installed on a 64 bit architecture!
On 24/02/2012 01:22 AM, Lamar Owen wrote:
On Thursday, February 23, 2012 05:35:32 PM Wuxi Ixuw wrote:
Ok, I've found many versions from it, one for 700 MB and others for a DVD, which one I should get?
While I specifically stated the installation media, you should get both the DVD1 and DVD2; specifically, assuming a 32-bit system (you mentioned trying on a Pentium 4 or Pentium D, so 64-bit may not be an option, and isn't really necessary for a 'lab' machine anyway; you do need as much memory as you can cram in that old Optiplex, with an absolute minimu of 1GB (and it's going to top out less than 4GB anyway....)), you need to download, from a mirror: CentOS-6.2-i386-bin-DVD1.iso CentOS-6.2-i386-bin-DVD2.iso
While DVD2 is somewhat optional, it won't hurt to have it on hand just in case.
The LiveDVD and LiveCD options boot up to a usable desktop, and you can install from them, but if you're wanting the *server* install experience you need the others, not the LiveDVD or LiveCD.
Now, go give it a whirl, make sure you read the documentation on installation on the CentOS.org website, and come back in a few days when you've played with that installation a while. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thursday, February 23, 2012 07:25:09 PM Rob Kampen wrote:
On 02/24/2012 12:25 PM, Wuxi Ixuw wrote:
Is it advised to install on a virtual machine like vmware or a real computer?
If you are going to use CentOS 6 - as a VM host it must be installed on a 64 bit architecture!
I think he was asking more about a guest install rather than a host.
I'd echo the comment Les made and recommend to the OP to 'try both.' Virtual installs and physical installs are a tad different, but virtual has some distinct advantages, especially in terms of quick cloning, snapshotting with rollback capabilities for testing, etc. But virtualization brings with it another layer; and I would go as far as saying that, once you've gotten some experience, and if you have 64-bit hardware at your disposal, that you might want to attempt duplicating your hosted VPS environment completely, on you own 'host' as then you can test with the exact configuration you're using in production. That would mean the same VPS packages, the same 'guest' install options, and the same host OS packages.
But before throwing so many new layers in the mix try I'd recommend to the OP to get familiar with it one layer at a time; too many layers at once can be very confusing if you don't know enough to separate the effects of each layer.
On Thu, Feb 23, 2012 at 5:25 PM, Wuxi Ixuw w7u64xi7@gmail.com wrote:
Is it advised to install on a virtual machine like vmware or a real computer?
Both. It is quick and easy to test a lot of different variations of things and emulate network connections under vmware, and relatively cheap to hold a bunch of images on a big disk or two. It will make learning a lot quicker. But, real hardware has its own quirks.
On 02/23/12 11:05 AM, Wuxi Ixuw wrote:
Please suggest a one as I am keep goggling and all result bring books dealing with linux as a real server and not a vps.
you could do worse than starting here... http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_G...
VPS and real hardware work exactly the same once the software is installed.
my base level suggestions:
* start with a *minimal* install of the latest release (currently 6.2) * create your user account, give both user and root account different secure passwords * secure the SSH server (no root, key instead of password authentication, only allow ssh from your home/office networks or a few secure 'bastion' hosts, etc) * yum update right after install and reboot * install *just* the services you need, only from trustworthy yum repositories * secure the services you install as appropriate * document your configuration, including what packages you needed to install * script a secure backup of your configuration specific conf and data files to reliable offsite storage. * plan on regular yum updates, and staying up on security alerts, such as CERT
by far the biggest threat to servers are things installed on top of them, like web applications... for instance the very popular WordPress has a long and checkered history of security exploits, ranging from annoying to root elevation... http://www.wordpressexploit.com/
ANY user written web code has to be designed with security in mind, no matter how insignificant your little web server is, its valuable to the black hats as a proxy for their evil, and the worms and exploit scanners will find a wide range of poor design
John R Pierce wrote:
On 02/23/12 11:05 AM, Wuxi Ixuw wrote:
Please suggest a one as I am keep goggling and all result bring books dealing with linux as a real server and not a vps.
you could do worse than starting here... http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_G...
VPS and real hardware work exactly the same once the software is installed.
my base level suggestions:
- start with a *minimal* install of the latest release (currently 6.2)
- create your user account, give both user and root account different secure passwords
I was assuming his provider gave him a working system, not virtual bare metal.
- secure the SSH server (no root, key instead of password authentication, only allow ssh from your home/office networks or a few secure 'bastion' hosts, etc)
- yum update right after install and reboot
Yup.
- install *just* the services you need, only from trustworthy yum repositories
YES! For about 10 years, I ran an old rh (NOT RHEL) system as a firewall/router for my home network. I ran Bastille Linux over it - which is *not* a distro, but a set of hardening scripts. Great stuff, and NIST recommendations these days refer to it, last time I looked.
After running Bastille, *then* I got paranoid: I never installed X (security holes), or *any* compiler, or language I didn't absolutely need (no gcc, yes to perl). No nuttin'... and to the best of my knowledge, though I did see scans, I never had an intrusion, partly due to firewall rules of DROP, and partly because they had nothing to use to run their nasties.
If it got installed, and you don't need it, don't only turn it off, yum remove. At work, and home, I certainly don't need either bluetooth or avahi running, on wired boxen.
- secure the services you install as appropriate
- document your configuration, including what packages you needed to install
YES. You do *not* want to be trying to figure out what you'd done, a year from now, at 17:00 on a Friday, or 02:00 some morning.
- script a secure backup of your configuration specific conf and data files to reliable offsite storage.
Yup. Or have the full website, and all configuration files for the system, on your machine at home or work, so you can just upload the whole thing.
- plan on regular yum updates, and staying up on security alerts, such as CERT
<snip> RH, and this offshot I know of, called CentOS, are pretty good at announcing security fixes in a timely manner.... (take a bow, Johnny).
mark
Actually I read many times that geek people used to use a Linux computer as a firewall for their network but never figured out how they do so.
On 23/02/2012 09:52 PM, m.roth@5-cent.us wrote:
John R Pierce wrote:
On 02/23/12 11:05 AM, Wuxi Ixuw wrote:
Please suggest a one as I am keep goggling and all result bring books dealing with linux as a real server and not a vps.
you could do worse than starting here... http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_G...
VPS and real hardware work exactly the same once the software is installed.
my base level suggestions:
- start with a *minimal* install of the latest release (currently 6.2)
- create your user account, give both user and root account different secure passwords
I was assuming his provider gave him a working system, not virtual bare metal.
- secure the SSH server (no root, key instead of password authentication, only allow ssh from your home/office networks or a few secure 'bastion' hosts, etc)
- yum update right after install and reboot
Yup.
- install *just* the services you need, only from trustworthy yum repositories
YES! For about 10 years, I ran an old rh (NOT RHEL) system as a firewall/router for my home network. I ran Bastille Linux over it - which is *not* a distro, but a set of hardening scripts. Great stuff, and NIST recommendations these days refer to it, last time I looked.
After running Bastille, *then* I got paranoid: I never installed X (security holes), or *any* compiler, or language I didn't absolutely need (no gcc, yes to perl). No nuttin'... and to the best of my knowledge, though I did see scans, I never had an intrusion, partly due to firewall rules of DROP, and partly because they had nothing to use to run their nasties.
If it got installed, and you don't need it, don't only turn it off, yum remove. At work, and home, I certainly don't need either bluetooth or avahi running, on wired boxen.
- secure the services you install as appropriate
- document your configuration, including what packages you needed to install
YES. You do *not* want to be trying to figure out what you'd done, a year from now, at 17:00 on a Friday, or 02:00 some morning.
- script a secure backup of your configuration specific conf and data files to reliable offsite storage.
Yup. Or have the full website, and all configuration files for the system, on your machine at home or work, so you can just upload the whole thing.
- plan on regular yum updates, and staying up on security alerts, such as CERT
<snip> RH, and this offshot I know of, called CentOS, are pretty good at announcing security fixes in a timely manner.... (take a bow, Johnny).
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 02/23/12 12:47 PM, Wuxi Ixuw wrote:
Actually I read many times that geek people used to use a Linux computer as a firewall for their network but never figured out how they do so.
install linux on a computer with two ethernet cards. connect eth0 to your internet connection, and eth1 to your local network. configure iptables firewall rules in the linux system. or install pfsense on that same computer.
And do I need a recent computer for the linux one or an old one can do so? I mean something like Pentium 4 or Pentium D may fits?
On 23/02/2012 10:58 PM, John R Pierce wrote:
On 02/23/12 12:47 PM, Wuxi Ixuw wrote:
Actually I read many times that geek people used to use a Linux computer as a firewall for their network but never figured out how they do so.
install linux on a computer with two ethernet cards. connect eth0 to your internet connection, and eth1 to your local network. configure iptables firewall rules in the linux system. or install pfsense on that same computer.
Wuxi Ixuw wrote:
And do I need a recent computer for the linux one or an old one can do so? I mean something like Pentium 4 or Pentium D may fits?
On 23/02/2012 10:58 PM, John R Pierce wrote:
On 02/23/12 12:47 PM, Wuxi Ixuw wrote:
Actually I read many times that geek people used to use a Linux computer as a firewall for their network but never figured out how they do so.
install linux on a computer with two ethernet cards. connect eth0 to your internet connection, and eth1 to your local network. configure iptables firewall rules in the linux system. or install pfsense on that same computer.
That's one of the beauties of Linux: unlike a competing "operating system" which shall remain nameless (but is headquartered in Redmond, WA), it'll run on pretty much *anything*. It will find more hardware errors... because it uses the entire system much more efficiently. But if the hardware's ok, it'll run for a *long* time. So, yes, anything you've got should work.
mark
Wuxi Ixuw wrote:
what do you mean?
On 23/02/2012 11:10 PM, m.roth@5-cent.us wrote:
It will find more hardware errors
Windows uses hardware sloppily, and not that well. Linux, like all versions of Unix, uses much more of the hardware's capabilities. Try running Linux on the same hardware as Windows: my fiancee's 14-yr-old son is dual booting his T-60 laptop, and *he* sees the difference in speed (Linux being that much faster).
mark
On Thu, Feb 23, 2012 at 4:08 PM, m.roth@5-cent.us wrote:
Windows uses hardware sloppily, and not that well. Linux, like all versions of Unix, uses much more of the hardware's capabilities. Try running Linux on the same hardware as Windows: my fiancee's 14-yr-old son is dual booting his T-60 laptop, and *he* sees the difference in speed (Linux being that much faster).
That doesn't really make any sense. Things that use directx on windows are typically slightly faster than openGL equivalents and everything else should work at hardware/wire speeds. A badly maintained windows box might be more likely to have disk fragmentation or malware, or it might have an intentionally-installed virus scanner wasting time.
I will install it as the only operating system on this machine.
On 24/02/2012 12:08 AM, m.roth@5-cent.us wrote:
Wuxi Ixuw wrote:
what do you mean?
On 23/02/2012 11:10 PM, m.roth@5-cent.us wrote:
It will find more hardware errors
Windows uses hardware sloppily, and not that well. Linux, like all versions of Unix, uses much more of the hardware's capabilities. Try running Linux on the same hardware as Windows: my fiancee's 14-yr-old son is dual booting his T-60 laptop, and *he* sees the difference in speed (Linux being that much faster).
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 02/23/12 1:00 PM, Wuxi Ixuw wrote:
And do I need a recent computer for the linux one or an old one can do so? I mean something like Pentium 4 or Pentium D may fits?
for a SOHO firewall, I would want to use something very reliable and low power, quiet. CPU isn't at all important, reliability is.
If I was buying something, I'd probably get a little ITX box like alix http://www.pcengines.ch/alix2d2.htm or soekris http://soekris.com/products/net4501-1.html
and run pfSense on it, using it strictly as a pure firewall not a general purpose computer.
Here at local stores we have a used branded computers like Dell optiPlex GX 620 ... so I mean something like this ... it is sold for 80 usd.
On 23/02/2012 11:19 PM, John R Pierce wrote:
On 02/23/12 1:00 PM, Wuxi Ixuw wrote:
And do I need a recent computer for the linux one or an old one can do so? I mean something like Pentium 4 or Pentium D may fits?
for a SOHO firewall, I would want to use something very reliable and low power, quiet. CPU isn't at all important, reliability is.
If I was buying something, I'd probably get a little ITX box like alix http://www.pcengines.ch/alix2d2.htm or soekris http://soekris.com/products/net4501-1.html
and run pfSense on it, using it strictly as a pure firewall not a general purpose computer.
thanks a lot for these steps, I will follow them and hope to find all up and running.
On 23/02/2012 09:41 PM, John R Pierce wrote:
On 02/23/12 11:05 AM, Wuxi Ixuw wrote:
Please suggest a one as I am keep goggling and all result bring books dealing with linux as a real server and not a vps.
you could do worse than starting here... http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_G...
VPS and real hardware work exactly the same once the software is installed.
my base level suggestions:
- start with a *minimal* install of the latest release (currently 6.2)
- create your user account, give both user and root account different secure passwords
- secure the SSH server (no root, key instead of password authentication, only allow ssh from your home/office networks or a few secure 'bastion' hosts, etc)
- yum update right after install and reboot
- install *just* the services you need, only from trustworthy yum repositories
- secure the services you install as appropriate
- document your configuration, including what packages you needed to install
- script a secure backup of your configuration specific conf and data files to reliable offsite storage.
- plan on regular yum updates, and staying up on security alerts, such as CERT
by far the biggest threat to servers are things installed on top of them, like web applications... for instance the very popular WordPress has a long and checkered history of security exploits, ranging from annoying to root elevation... http://www.wordpressexploit.com/
ANY user written web code has to be designed with security in mind, no matter how insignificant your little web server is, its valuable to the black hats as a proxy for their evil, and the worms and exploit scanners will find a wide range of poor design
I am not using cent os for my daily computing tasks at home or work but just for the vps hosting website. you mean to use web control panel back end or you mean another issue?
On 23/02/2012 07:01 PM, Les Mikesell wrote:
On Thu, Feb 23, 2012 at 7:19 AM, Wuxi Ixuww7u64xi7@gmail.com wrote:
I am afraid if I get hacked and do not know what should i do to setup the whole vps the right way.
There are many large books on the subject. If you don't want to spend your life staying ahead of the game: Use popular software Don't change defaults you don't understand Keep it up to date Use good passwords
Hi,
On Thu, Feb 23, 2012 at 9:08 PM, Wuxi Ixuw w7u64xi7@gmail.com wrote:
I am not using cent os for my daily computing tasks at home or work but just for the vps hosting website.
If all you want to do is to host a single website then a VPS is an overkill.
Just a find a hosting service for a "webhotel": this way your ISP deals with the security of the server and you don't need to worry about any operation system level admin stuff.
It should be a lot cheaper as well.
Best, Peter
Actually I used to be on a shared hosting and run out of resources many times. I am expecting about 20 k or may be more per day with 400-600 on the same time visitors. This is why I want to go for a VPS. I did start to learn and keep screwing the whole vps several times.
On 23/02/2012 09:23 PM, Peter Peltonen wrote:
Hi,
On Thu, Feb 23, 2012 at 9:08 PM, Wuxi Ixuww7u64xi7@gmail.com wrote:
I am not using cent os for my daily computing tasks at home or work but just for the vps hosting website.
If all you want to do is to host a single website then a VPS is an overkill.
Just a find a hosting service for a "webhotel": this way your ISP deals with the security of the server and you don't need to worry about any operation system level admin stuff.
It should be a lot cheaper as well.
Best, Peter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, Feb 23, 2012 at 1:08 PM, Wuxi Ixuw w7u64xi7@gmail.com wrote:
I am not using cent os for my daily computing tasks at home or work but just for the vps hosting website. you mean to use web control panel back end or you mean another issue?
I don't have any idea what a 'web control panel back end is' since that is not a stock centos feature. CentOS itself packages updates as soon as possible after they are released and on a non VPS system you would use 'yum update' to install them. And normally you want to do that as soon as possible because when the updates are published, the vulnerabilities that they fix are obvious and often even explained in public.
Les Mikesell wrote:
On Thu, Feb 23, 2012 at 1:08 PM, Wuxi Ixuw w7u64xi7@gmail.com wrote:
I am not using cent os for my daily computing tasks at home or work but just for the vps hosting website. you mean to use web control panel back end or you mean another issue?
I don't have any idea what a 'web control panel back end is' since that is not a stock centos feature. CentOS itself packages updates as
I'd guess he's talking cPanel.
soon as possible after they are released and on a non VPS system you would use 'yum update' to install them. And normally you want to do that as soon as possible because when the updates are published, the vulnerabilities that they fix are obvious and often even explained in public.
Actually, I assume that my hosting provider is regularly updating system software. I should probably look, but I think I'm paying for that, as part of what they do... which is also very much to their own benefit.
mark
managed web hosting is really expensive.
On 23/02/2012 09:39 PM, m.roth@5-cent.us wrote:
Les Mikesell wrote:
On Thu, Feb 23, 2012 at 1:08 PM, Wuxi Ixuww7u64xi7@gmail.com wrote:
I am not using cent os for my daily computing tasks at home or work but just for the vps hosting website. you mean to use web control panel back end or you mean another issue?
I don't have any idea what a 'web control panel back end is' since that is not a stock centos feature. CentOS itself packages updates as
I'd guess he's talking cPanel.
soon as possible after they are released and on a non VPS system you would use 'yum update' to install them. And normally you want to do that as soon as possible because when the updates are published, the vulnerabilities that they fix are obvious and often even explained in public.
Actually, I assume that my hosting provider is regularly updating system software. I should probably look, but I think I'm paying for that, as part of what they do... which is also very much to their own benefit.
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I mean something like ISPConfig , VirtualMin, WebMin, ..etc
On 23/02/2012 09:27 PM, Les Mikesell wrote:
On Thu, Feb 23, 2012 at 1:08 PM, Wuxi Ixuww7u64xi7@gmail.com wrote:
I am not using cent os for my daily computing tasks at home or work but just for the vps hosting website. you mean to use web control panel back end or you mean another issue?
I don't have any idea what a 'web control panel back end is' since that is not a stock centos feature. CentOS itself packages updates as soon as possible after they are released and on a non VPS system you would use 'yum update' to install them. And normally you want to do that as soon as possible because when the updates are published, the vulnerabilities that they fix are obvious and often even explained in public.
Wuxi Ixuw wrote:
Am I asking stupid questions to get no answers?
I am not sure exactly what you are doing, but I am going to be posting some videos next week (hopefully) showing how to install centos 6 on a machine as a virtual host. The second video in that series will show all the steps of installing a centos 6 guest on that very host.
the guest will have all the needs of a webserver, php, apache, postifx, dovecot, etc and cover each step from network to firewall. You should be able to do a guest install, fully operational, by hand, in less than an hour. secure, safe, (at least as much as it can be).
I will post a link to the youtube videos when I finish and upload them..
-
Bob Hoffman -
Craig Thompson -
John R Pierce -
Lamar Owen -
Les Mikesell -
m.roth@5-cent.us -
Marc Deop -
Mikael Fridh -
Peter Peltonen -
Rob Kampen -
Rudi Ahlers -
Wuxi Ixuw