|
| [SMS] - Superb Mini Server Project Support Forum |
 |
| |
  |
| View previous topic :: View next topic |
| Author |
Message |
gerasimos_h
Site Admin
Joined: 09 Aug 2007
Posts: 1757
Location: Greece
|
 Posted: Wed Nov 04, 2009 8:40 pm Post subject: Securing and optimizing your SMS Server |
 |
|
Well you install SMS and all working as you should. What's next?
Either you server will be online or in a local network you should secure you server, from unauthorized access.
First action is to change the default passwords for root and administrator user.
Just type "passwd youruser" e.g. "passwd administrator"
Do the same for ftp users.
Tip: Always use complex passwords, and when adding users for mail or ftp and you are not going to use them for shell login always disable the shell e.g /bin/false or /dev/null
Another mandatory action is to add a password to mysql root user, by default mysql has no root password.
To do that type "mysql -u root mysql"and set password with the command | Code: | | mysql> set password for root@localhost=password('yourpasword'); |
Webmin needs your attention too, since it has the power to alter your system.
Change the password of admin user and select the networks that allowed to have access to it, you can also change the port which listen to(default :10000.)
If you finished with local users, it's time to handle the web applications
TorrentFlux
WebERP
PhpLDAPAdmin
PHPMyAdmin
HTTP access (.htaccess .htpasswd)
If you are not using any of the above delete their folders or disable their login.
If you have install applications from /extra such as avantfax do the same.
Increasing security you can change samba security from share to user so a login will required for accessing the shares, and add
| Code: | | hosts allow = 192.168.1. 127. 10.0.0. |
for restricting outside networks for accessing your samba shares.
Openldap needs a change of password too.
Just type "slappasswd" enter your password, copy/paste your password in slapd.conf e.g.
| Code: | | rootpw {SSHA}CMsEaYBDv2oO0TVpeCr0cwQVfTBm8/pJ |
Don't forget to change the password for ldap entries too
cn=Manager
uid=administrator
You have changed all the passwords by now and you server it's secure, what about speeding and lighten our server.
For doing that you must disable the services you are not using e.g mail server or fax server or printing services.
To disable a service make the startup script non executable by changing it's permissions.
e.g. "chmod -x /etc/rc.d/rc.script"
In some cases such as hylafax disabling the service it's not enough.
For disabling Hylafax do:
"chmod -x /etc/rc.d/rc.hylafax"
remove or comment faxgetty dialup line in /etc/inittab manually or with
"sed -e 's/d1:12345:respawn:/#d1:12345:respawn:/g' -i /etc/inittab"
Remove hylafax cronjobs from /etc/cron.hourly & /etc/cron.daily.
Reboot your server.
For Disabling Mail System do:
'chmod -x /etc/rc.d/{rc.postfix,rc.spamd,rc.mailscanner,rc.clamav,rc.dovecot,rc.saslauthd,rc.sqlgrey}'
To disable openldap do:
'chmod -x /etc/rc.d/rc.openldap'
To disable proftpd (ftp server) do:
'chmod -x /etc/rc.d/rc.proftpd'
To disable CUPS (print server) do:
'chmod -x /etc/rc.d/rc.cups'
For disabling Samba do:
"chmod -x /etc/rc.d/rc.samba"
For disabling webserver (HTTPD) do:
"chmod -x /etc/rc.d/rc.httpd"
For disabling mysql do:
"chmod -x /etc/rc.d/rc.mysql"
For disabling SSH server do:
"chmod -x /etc/rc.d/rc.sshd"
For disabling fail2ban server (not recommended) do:
"chmod -x /etc/rc.d/rc.fail2ban"
Tip: For enabling/disabling services you can use "pkgtool" script and select to rerun installation scripts and select services.
gerasimos_h
_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
| Back to top |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
|
 |
 |
SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional
|
 |
|
|
