New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
I'm about getting system admin job, to control signle VM's server, what's your security advice?
Hi, since I love this forum so much, I want to annoy you with more couple silly questions,
In past ~5 years I start using my own VPS server to host my websites, and I manage these servers without using any Control Panel,
I do most of the time, regular security check, e.g installing fial2ban, setting region lock on sshd port, and ban aggressive bots with iptable, I create backup from other server using rsync .
So what should I do next, what is important threat should I pay attention into ?
Comments
https://alerts.vulmon.com
Can't think of anything else at the moment.
Been swamped and need a power nap.
Still lots of flags? I've been good today :-(
Nah mate but keep it up!
What is the tech stack for the website(s)? I am no expert, but I think you have a good start. I can't stress enough, backups. I manage Wordpress sites, I take backups using Wordpress Plugins along with remote DirectAdmin backups. I can't tell you how many times I have been asked to restore data since someone messed up and deleted stuff and this has saved me.
Another thing I am trying on my personal servers is to use moss.sh. It takes care of security updates as well as restricting root access, separate users for each website etc. There are many features I am still exploring, but I like what I see so far.
Logwatch.
Security updates applied automatically.
Https cert expiry monitors.
Make sure that domain name is renewed on time and before any vacation/ holidays.
Providers node / hdd raid is not backup unless you do have stainless still balls to play with data, so have more just one backup.
Sorry I forgot to mention it on OP, for the moment they had single workstation (server) from HP , they're planning to use it for virtualization, they told me that workstation had custom Virtualization system from HP ( which had ~40 VM's ) , I never heard of, I told them I only use QEMU ( Virt-Manager ) and Virtual box.
I'm using Linux as daily bases, so I’m familiar with most basic command and troubleshooting,
Mine are not stainless because they are well under the 14% chromium mark.
They are, however, sometimes still. And ponderous.
I would add these
Futher SSH hardening
OSSEC or rkhunter installation ( intrusion prevention detecion and intrusion detection software)
Manage Security updates for Linux
Make sure backups are not being pushed but are deployed in a pull manner( if you get hacked the hacker can also delete backups)
Make sure SSL certificate renewal works. Set up a system to send alerts if expiry is less than 1 week
Make sure nothing is set with permission 777.
You mention iptables. Make sure you deny all incoming traffic by default and enable only few ports.
Use something like monit/netda to detect system abnormal usage and take actions if required.
...
The list is quite long TBH.
Don't turn off SELinux. Configure it correctly instead.
Advice?
Don't f it up.
Cheers.
enforce Signed Kernel Modules in GRUB (so rootkits are much harder to insert)
I also use the Linux Kernel Runtime Guard
I know this is applied to all Linux distro, but having the link from Arch Linux wiki give me feel to mess it up, from my first try, I use Arch on my Laptop, but I can't take them seriously on working/business environment, I think from now on I get my self for more reading from Redhat documents and learn all basic from early on like I never work with Linux before.
it's a single kernel command line option - I think you are in the wrong job
Put the server on a "Smart Plug" so you can tell Alexa to "Reboot the server" or "Power off the server"