Log inUsernamePassword
Log me on automatically each visit    
Register
Register
Log in to check your private messages
Log in to check your private messages
SMS Forum Index » Tips, Tricks & Tutorials

Post new topic   This topic is locked: you cannot edit posts or make replies.
Securing and optimizing your SMS Server
View previous topic :: View next topic  
Author Message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Wed Nov 04, 2009 8:40 pm    Post subject: Securing and optimizing your SMS Server Reply with quote

Well you install SMS and all working as you should. What's next?
Either you server will be online or in a local network you should secure you server, from unauthorized access.

First action is to change the default passwords for root and administrator user.
Just type "passwd youruser" e.g. "passwd administrator"
Do the same for ftp users.
Tip: Always use complex passwords, and when adding users for mail or ftp and you are not going to use them for shell login always disable the shell e.g /bin/false or /dev/null

Another mandatory action is to add a password to mysql root user, by default mysql has no root password.
To do that type "mysql -u root mysql"and set password with the command
Code:
mysql>  set password for root@localhost=password('yourpasword');


Webmin needs your attention too, since it has the power to alter your system.
Change the password of admin user and select the networks that allowed to have access to it, you can also change the port which listen to(default :10000.)

If you finished with local users, it's time to handle the web applications
TorrentFlux
WebERP
PhpLDAPAdmin
PHPMyAdmin
HTTP access (.htaccess .htpasswd)
If you are not using any of the above delete their folders or disable their login.
If you have install applications from /extra such as avantfax do the same.

Increasing security you can change samba security from share to user so a login will required for accessing the shares, and add
Code:
hosts allow = 192.168.1. 127. 10.0.0.

for restricting outside networks for accessing your samba shares.

Openldap needs a change of password too.
Just type "slappasswd" enter your password, copy/paste your password in slapd.conf e.g.
Code:
rootpw          {SSHA}CMsEaYBDv2oO0TVpeCr0cwQVfTBm8/pJ

Don't forget to change the password for ldap entries too
cn=Manager
uid=administrator

You have changed all the passwords by now and you server it's secure, what about speeding and lighten our server.
For doing that you must disable the services you are not using e.g mail server or fax server or printing services.
To disable a service make the startup script non executable by changing it's permissions.
e.g. "chmod -x /etc/rc.d/rc.script"
In some cases such as hylafax disabling the service it's not enough.
For disabling Hylafax do:
"chmod -x /etc/rc.d/rc.hylafax"
remove or comment faxgetty dialup line in /etc/inittab manually or with
"sed -e 's/d1:12345:respawn:/#d1:12345:respawn:/g' -i /etc/inittab"
Remove hylafax cronjobs from /etc/cron.hourly & /etc/cron.daily.
Reboot your server.

For Disabling Mail System do:
'chmod -x /etc/rc.d/{rc.postfix,rc.spamd,rc.mailscanner,rc.clamav,rc.dovecot,rc.saslauthd,rc.sqlgrey}'
To disable openldap do:
'chmod -x /etc/rc.d/rc.openldap'
To disable proftpd (ftp server) do:
'chmod -x /etc/rc.d/rc.proftpd'
To disable CUPS (print server) do:
'chmod -x /etc/rc.d/rc.cups'
For disabling Samba do:
"chmod -x /etc/rc.d/rc.samba"
For disabling webserver (HTTPD) do:
"chmod -x /etc/rc.d/rc.httpd"
For disabling mysql do:
"chmod -x /etc/rc.d/rc.mysql"
For disabling SSH server do:
"chmod -x /etc/rc.d/rc.sshd"
For disabling fail2ban server (not recommended) do:
"chmod -x /etc/rc.d/rc.fail2ban"
Tip: For enabling/disabling services you can use "pkgtool" script and select to rerun installation scripts and select services.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    SMS Forum Index » Tips, Tricks & Tutorials All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional