Config Server Firewall & Ubuntu help needed

  • While in the process of setting things up with Vultr, Ubuntu, Webmin and Virtaulmin I added CSF to Ubuntu and everything seemed to go well except I'm seeing *WARNING* RESTRICT_SYSLOG is disabled See SECURITY WARNING in /etc/csf/csf.conf.

    I tried searching Google but the only thing I could find that said anything about fixing the problem was for WHM, does anyone here know how to fix the issue with Vultr, Ubuntu, Webmin and Virtaulmin. I'm completely new to using command lines so if you know how to fix it, please explain it to me slooooowly :/ .

    • Offizieller Beitrag

    Hi

    never heard of it before, so I cannot comment on your issue specifically. I just wanted to comment more generally: It looks like you are installing "security software" you heard about without fully understanding it's purpose, it's strengths and it's weaknesses. In most cases the default configuration does not cut it (every system is different) and without adapting it to your needs it may even reduce the overall security.

    Start by answering this question: Why did you install CSF? What purpose should it serve in your case?

    /cc @Alexander Ebert

  • Start by answering this question: Why did you install CSF? What purpose should it serve in your case?

    I have managed VPS with one host and they have taken care of everything I have needed so far, which is great except I have never had the opportunity to learn about my server set up (WHM and CentoS).

    I recently created an account with Vultr (unmanaged VPS) and I was kind of hoping to learn as I went. It was recommended to me that I install Webmin, Virtualmin and CSF. With CSF I was looking for extra protection against hacking, etc., to be honest though, I do not know what protection I already had.

    It's a good question and I won't be so ready to install things in the future without asking it to/of myself.

    • Offizieller Beitrag

    No offense, but if you want to learn this, then you should do it correctly: Use a VM on your local PC and skip this control panel nonsense. Bonus points for no longer requiring stuff like CSF because iptables will already make the cut.

    That's pretty much the way I've learned it (except for I used a 400 MHz pc instead of a VM back then), but I learned to set up a system properly without the need for control panel solutions that have turned out to be useless for me more than once. Bonus points for being able to resolve almost all issues on your own because you know exactly what you did during setup and don't have to make wild guesses on how the control panel stuff has screwed up your system.

    • Offizieller Beitrag

    Hi

    I was kind of hoping to learn as I went

    That's something we (basically everyone running their own VPS / Dedicated box with experience in doing so) explicitely recommend against in the German threads, but it seems common among the English folks (I always wonder why). General recommendation over there is that one should gain Linux experience in a virtual machine on it's home computer first, because one will cause less damage when doing something wrong.

    It is not hard to properly run your own VPS, but it will take some time and learning and there is always room to improve. I'm running servers for 4.5 years (and running Linux on my personal computer for 8 years, as of the age of 12) by now and I am constantly improving my knowledge, still.

    Here are some general advices as a sane starting point in securing your VPS:

    • Use strong passwords (Bonus Points for using SSH keys and disallowing password login)
    • Keep all the software up to date (Bonus points for subscribing to the security annoucement mailing list of your Linux Distribution of choice and acting timely on new mails. This one's for Ubuntu: https://lists.ubuntu.com/mailman/listin…curity-announce)
    • Do not install software you don't need
    • Do not run software as root, unless there is a proper reason (most software you install using apt is configured correctly, software you install manually more often than not isn't)
    • Do not run any command without understanding it first (man and Google help you with that), even if you trust the author (you shouldn't) it may be outdated or not applicable to your System
    • Learn how to do things manually, instead of using your panel of choice (in case of emergency the panel will not help you)
  • No offense, but if you want to learn this, then you should do it correctly: Use a VM on your local PC and skip this control panel nonsense. Bonus points for no longer requiring stuff like CSF because iptables will already make the cut.

    That's pretty much the way I've learned it (except for I used a 400 MHz pc instead of a VM back then), but I learned to set up a system properly without the need for control panel solutions that have turned out to be useless for me more than once. Bonus points for being able to resolve almost all issues on your own because you know exactly what you did during setup and don't have to make wild guesses on how the control panel stuff has screwed up your system.

    LOl, ^that didn't help at all. I'm in no hurry to get things set up and I guess I can start over again with just Ubuntu 14.04 and LAMP but without out any kind of control panel I would be even more lost than I am now. Where can one go to start learning the basics?

    • Offizieller Beitrag

    @PJK Use a VM and then follow a guide similar to this: https://www.digitalocean.com/community/tuto…th-ubuntu-14-04 It shows how to set up a working webserver with PHP and MySQL without the need of using a control panel.

    There are dozens of dozens of tutorials regarding server setup for almost every major software available (even mail-servers), Google or a search engine of your choice will happily provide you with proper results. I might sound like a smug here, but in fact reading through documentation and simply google for issues is key - and yes, no matter what error you have there is guaranteed to be someone who already had it + you'll find your solution alongside with it.

  • @PJK Use a VM and then follow a guide similar to this: https://www.digitalocean.com/community/tuto…th-ubuntu-14-04 It shows how to set up a working webserver with PHP and MySQL without the need of using a control panel.

    Thank you @Alexander Ebert that is a very big help.

    There are dozens of dozens of tutorials regarding server setup for almost every major software available (even mail-servers), Google or a search engine of your choice will happily provide you with proper results.

    I usually try searching Google before asking questions on forums. I had no idea where to begin looking with this, "properly setting up Ubuntu" probably should have been the first thing I searched for. All of this is completely different than what I've been used to doing with WHM and cPanel, I realize that I really need to slow things down now.

    • Offizieller Beitrag

    "properly setting up Ubuntu"

    I wouldn't use something like that, because it is anything but specific; There is a huge difference between setting up Linux for a desktop or a server. For example if you want to set up nginx and php, search for "ubuntu nginx php" and not "linux webserver". In fact the default installations found out there are pretty solid (use the minimum images, not those cluttered with nonsense and called LAMP-package!) so you can safely focus on getting your services up and running.

    Hint: If you have a server-related problem and the search yields results from serverfault.com/stackoverflow.com always pick these results, they are almost guaranteed to contain a working solution.

    • Offizieller Beitrag

    Hi

    "Linux for Beginners" is probably a good place to start. Thank you Sherrie for the link.

    I just took a look at the table of contents. If you don't have any experience at all it seems like a good start on using Linux (depending on how well he explains, of course). Keep in mind that those are the absolute basics, you'll need to learn the specifics of the software you'll later use afterwards.

    One note of caution, though: Judging from the table of contents it looks like he explains fish syntax. While fish is great (I use it myself) it is non standard and must be manually installed. Also most other tutorials on the Internet assume bash syntax, which is slightly different. The differences aren't too large, but might be confusing as a beginner.

  • One note of caution, though: Judging from the table of contents it looks like he explains fish syntax. While fish is great (I use it myself) it is non standard and must be manually installed. Also most other tutorials on the Internet assume bash syntax, which is slightly different. The differences aren't too large, but might be confusing as a beginner.

    Thanks for pointing that out, Tim. I will look for tutorials that assume bash syntax if it is more commonly used.

  • While in the process of setting things up with Vultr, Ubuntu, Webmin and Virtaulmin I added CSF to Ubuntu and everything seemed to go well except I'm seeing *WARNING* RESTRICT_SYSLOG is disabled See SECURITY WARNING in /etc/csf/csf.conf.

    It's not THAT big of a deal honestly.
    This is what the config file tells you


    and below that is where you define a username for the valid access to the syslog



    You can set it to 3, and then give a custom group instead of mysyslog. I believe that CSF will create that group for you, but if not, it's easy enough to add. Then, any programs that need to write to the syslog will have to be added into that group - most people never have to do anything about that - it's for stuff like if you have a router and you want it to send it's output to the server syslog.All it basically does is restrict other programs that are NOT a member of the RESTRICT_SYSLOG_GROUP from writing to the system log. The reason you want to do that is to prevent a "bad script" that was injected in some manner from writing/overwriting data in the system log that is created by most Linux OS's.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!