Extra Security

Discussion in 'Server Operation' started by Tastiger, Mar 15, 2017.

  1. Tastiger

    Tastiger Member

    Perfect Server 16.4 apache etc
    Been running perfect server setups for years now with minor problems which are usually fixed by help from these forums.
    However a few days ago I started to get huge amounts of upload traffic ( 672 GB in 8 days ) and that certainly isn't the norm for this server.
    I have gone through and changed every password I can think of, found that a NAS had opened itself to the world so shut that down, won't know until I watch the figures today to know if I have stemmed the flow or not

    Are there any other security packages that you can recommend that will harden the system a bit more against intrusion? I did notice Tripwire and wondered if anyone had any experience with it?

    Also I have been running the server successfully on a DMZ but it may be time to lock that down a bit more more, so can someone give me a list of the essential ports that should be open on my router for a Perfect Server Ubuntu 16.04 to function smoothly? I know the basic ones but want to make sure I don't miss any.

    Also just noticed that in ISPC Monit and Munin are showing
    And I'd like to add a big thanks to these forums for all the help they have given me over the years.
     
    Last edited: Mar 15, 2017
  2. ahrasis

    ahrasis Active Member

    I would prefer port forwarding rather than putting my server on DMZ.
     
  3. Tastiger

    Tastiger Member

    I guess I was just being lazy when I got my new router and found it had a DMZ.
    So looking for a list of necessary ports then..........
    Prior to that I was using Smoothwall but it involved bridging the modem / router and lost access to it's web interface which was bit of a pain.
    If I follow this list of my port scan - should I need any others open?
     
    Last edited: Mar 16, 2017
  4. ahrasis

    ahrasis Active Member

    21,25,26,53,80,110,143,443,465,587,993,3306,8080,8081
    You might want to change your ssh port from default and add it in there too.

    For munin and monit, did you install them separately because they are not written together in the perfect server guide?
     
  5. Tastiger

    Tastiger Member

    munin and monit were installed as per the guide
    Thanks for the list will get onto that - they are all TCP?
     
  6. ahrasis

    ahrasis Active Member

    Last edited: Mar 16, 2017
  7. Tastiger

    Tastiger Member

    Just found them - it's not mentioned in tutorial
    thanks for the link
     
    ahrasis likes this.
  8. Tastiger

    Tastiger Member

    I can't find any clear instructions on the format of the URL's for monit/munin - can you give me a clue?
     
  9. Tuumke

    Tuumke Member

    System > Server Config > Server tab
    At the bottom:
    Monit: https://[SERVERNAME]:2812/
    Munin: https://[SERVERNAME]:8080/munin
    The [SERVERNAME] doesnt have to be replaced, only if it doesnt work.
    Don't forget to fill in username + password. Might not work with https if not set.

    And for the port forwards: https://www.faqforge.com/linux/whic...g-3-server-and-shall-be-open-in-the-firewall/

    For extra security, you could install CSF+LFD (1 package) and only setup LFD. Webmin has a nice interface for it if you have that installed as well. ISPc doesnt work with CSF yet :(
     
    ahrasis likes this.
  10. ahrasis

    ahrasis Active Member

    I am just using UFW as per the guide for the time being. I am also not so worry about concurrent access as I am using nginx instead of apache. And I would use different port for SSH.
     
  11. Tastiger

    Tastiger Member

    Some real good information in your post - thanks for that it's exactly what I was looking for.
    So from what I see CSF+LFD actually replace ufw, so it's a deviation from the Perfect Server tutorial? - and should not come back to bite me - right?;)
     
  12. Tuumke

    Tuumke Member

    Hm not entirely sure..
    I don't know if you need to disable UFW somehow in ISPC.. Maybe @till @falko or @florian030 can shed some light on that?
     

Share This Page