Log inUsernamePassword
Log me on automatically each visit    
Register
Register
Log in to check your private messages
Log in to check your private messages
SMS Forum Index » Tips, Tricks & Tutorials

Post new topic   This topic is locked: you cannot edit posts or make replies.
Securing and optimizing your SMS Server (GUI)
View previous topic :: View next topic  
Author Message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Sun Nov 11, 2012 8:35 pm    Post subject: Securing and optimizing your SMS Server (GUI) Reply with quote

SMS now has a GUI through sms_config kmdr tools to secure and optimize your server.
The GUI intended for clean installations of SMS with default passwords, although some part or all might work in older installations.
/usr/share/applications/sms_secure.kmdr is a part of sms_config.kmdr shortcut available in root's Desktop.





Manage Unix Users & Logins

Here you can alter all password and shells at once or individual for default users.
Assuming you already add password for root during installation, they are users administrator and two ftp users, webftp and ftpuser.
By checking the box "delete user" and pressing apply you delete the user(s).

If you don't want to alter anything click next.



Manage OpenLDAP Users

Here you can change passwords for openldap's root and cn=Manager which should be the same.
The method used to change password for root is the same as resetting the password so it should work for older installations too.
Also you can change password for uid=Administrator,ou=virtualusers,o=virtualmail,dc=[yourhost],dc=[yourdomain]

If you don't want to alter anything click next.



Manage MySQL Users

Here you can change mysql's root password and alter default database passwords for sqlgrey, weberp and torrentflux.
weberp and sqlgrey are by default disabled, unless database passwords are the defaults so they will be enabled.
Changing passwords for weberp and sqlgrey update their configs too with new password.
Torrentflux's database by default runs by root, so by selecting a password, the wizard, create a user and grant privileges to him for torrentflux database, and update it's configuration.
Changing mysql's root password is mandatory, for altering weberp,sqlgrey and torrentflux databases, as it uses the new mysql's root password.
The method for changing mysql's root password is the same as resetting so it should work in older installations too.

If you don't intend to use weberp or torrentflux unchecked them, and later in the wizard, you will be prompt to delete them.

If you don't want to alter anything click next.



Manage Webmin Login

Here you can change password for default Webmin admin and restrict service to private network.
The method for changing the password is the same as resetting.
Script only look for user admin, so if have added other administrators use sms_tools for changing their passwords.

If you don't want to alter anything click next.



Manage Web apps

If you intend to not use webERP or Torrentflux check them and click apply to delete their directories and mysql databases.
You can also delete other web apps in /var/www/htdocs/

If you don't want to alter anything click next



Manage Samba & CUPS Network Access

Here you can limit access of samba shares to your private network only, by default samba listen to all subnets.
This is intend to work in clean installations only or if default smb.conf is present.

CUPS is also listen to all subnets by default (Allow All), this will work only if default cupsd.conf is present.

If you don't want to alter anything click next.



Manage Services

Here you can manage which services you want to start at boot (chmod (-+)x rc.script).
Dovecot, postfix, cyrus-sasl, spamassassin, mailscanner, sqlgrey and clamav are part of Mail service.
Clamav has an option of it's own, if you intend to use it with samba.
Even if you enable some services, such as NFS or TightVNC if they aren't configured they will not run.
Also by disabling hylafax you will delete all hylafax cron jobs, so if you want to enable it later on, you will have to reinstall the package.

If you don't want to alter anything click next.



Configuration Completed

Well you don't have to do anything here, unless you want to go back.
Just click finish and reboot your server.




If you experience any issues, or you found a bug, let me know.
A similar wizard is available in smsconfig by entering "smsconfig secure"

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    SMS Forum Index » Tips, Tricks & Tutorials All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional