Dedi security measures

Discussion in 'Systems Administration' started by Venomous_Creeper, May 30, 2017.

  1. Hello, I'd like to know how to setup proper security on my dedicated server, I realized that the person I paid might've not properly configured everything so I need help with the ff:

    1. I already made 2 new users for Multicraft since people were saying not to use the root user, is there anything else I need to change here?
    users.PNG
    2. How do I setup security via Putty, and what steps should I take to keep/make my dedi secure?

    Thanks!
     
  2. electronicboy

    IRC Staff

    accounts with ALL PRIVILEGES on global is just as bad as using root for everything, most attacks on mysql involve working around injection/bugs of existing stuff installed on the server, so they already have access to whatever permissions you grant to the user using that software anyways.

    Beyond that, there are several dozen guides to securing up a box, e.g. setting up ssh keys so that you're not using passwords, disabling ssh root logins, iptables...
     
  3. For the user Xenf, can I allow it to use only the Xenforo database? or do I need to grant access for other things such as the MySQL?

    If I use disable the ssh root password will that disable me from using filezilla? So would IP tables and setting up ssh keys/removing password option be enough?
     
  4. electronicboy

    IRC Staff

    yes, you would grant privileges to that user on the xenforo database instead of global privileges, if Xenforo actually needed a privilege on global for something stupid (Which, I really doubt that it does), you'd grant that specific privilege only.

    if you're using root to upload files, you're probably doing something wrong, but you can use ssh keys in filezilla as far as I'm aware.
    iptables is generally recommended, as well as ssh keys. Worth noting that you'll need to leave passwords on the users, especially if you ever intend to use sudo.

    That isn't an all inclusive suggestion, however; specific setups come into effect, e.g. once you install a web server, you have to consider that... once you install software on the web server, you also have to consider that... I'm far from a security expert, but what most people forget is that everything can have a bug, security at every layer is generally critical to preventing incidents in the first place, and limiting their effect in the inevitable.
     
  5. Thanks, I found this guide which I'm following right now, also should I worry about the users listed below? I only added jet.

    Code (Text):
    root
    bin
    daemon
    adm
    lp
    sync
    shutdown
    halt
    mail
    uucp
    operator
    games
    gopher
    ftp
    nobody
    vcsa
    named
    saslauth
    postfix
    sshd
    tcpdump
    dbus
    ntp
    apache
    mysql
    minecraft
    mc1
    mc2
    mc3
    jet
     
    I can't open visudo, I was able to earlier, but putty was being slow so I just exited out of it, but now when I type 'visudo' I get 'visudo: /etc/sudoers busy, try again later'
     
    #5 Venomous_Creeper, May 30, 2017
    Last edited: May 30, 2017