Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


I'm about getting system admin job, to control signle VM's server, what's your security advice?
New on LowEndTalk? Please Register and read our Community Rules.

I'm about getting system admin job, to control signle VM's server, what's your security advice?

JustPfffJustPfff Member

Hi, since I love this forum so much, I want to annoy you with more couple silly questions,

In past ~5 years I start using my own VPS server to host my websites, and I manage these servers without using any Control Panel,
I do most of the time, regular security check, e.g installing fial2ban, setting region lock on sshd port, and ban aggressive bots with iptable, I create backup from other server using rsync .
So what should I do next, what is important threat should I pay attention into ?

Comments

  • jarjar Member, Patron Provider
  • DPDP Member, Moderator, The Domain Guy

    @JustPfff said: what is important threat should I pay attention into ?

    1. Your invoices.
    2. Signs of your provider deadpooling.

    Can't think of anything else at the moment.

    Been swamped and need a power nap.

  • NekkiNekki Member

    @DP said:

    Been swamped and need a power nap.

    Still lots of flags? I've been good today :-(

    Thanked by 2Frameworks cadddr
  • DPDP Member, Moderator, The Domain Guy

    @Nekki said:

    @DP said:

    Been swamped and need a power nap.

    Still lots of flags? I've been good today :-(

    Nah mate but keep it up! :lol:

    Thanked by 1Frameworks
  • What is the tech stack for the website(s)? I am no expert, but I think you have a good start. I can't stress enough, backups. I manage Wordpress sites, I take backups using Wordpress Plugins along with remote DirectAdmin backups. I can't tell you how many times I have been asked to restore data since someone messed up and deleted stuff and this has saved me.

    Another thing I am trying on my personal servers is to use moss.sh. It takes care of security updates as well as restricting root access, separate users for each website etc. There are many features I am still exploring, but I like what I see so far.

  • Logwatch.
    Security updates applied automatically.
    Https cert expiry monitors.

  • WebProjectWebProject Member, Host Rep
    edited June 1

    Make sure that domain name is renewed on time and before any vacation/ holidays.

    Providers node / hdd raid is not backup unless you do have stainless still balls to play with data, so have more just one backup.

  • JustPfffJustPfff Member
    edited June 2

    @abytecurious said: What is the tech stack for the website(s)?

    Sorry I forgot to mention it on OP, for the moment they had single workstation (server) from HP , they're planning to use it for virtualization, they told me that workstation had custom Virtualization system from HP ( which had ~40 VM's ) , I never heard of, I told them I only use QEMU ( Virt-Manager ) and Virtual box.
    I'm using Linux as daily bases, so I’m familiar with most basic command and troubleshooting,

  • raindog308raindog308 Administrator

    @WebProject said: unless you do have stainless still balls

    Mine are not stainless because they are well under the 14% chromium mark.

    They are, however, sometimes still. And ponderous.

    Thanked by 1WebProject
  • noamannoaman Member

    @JustPfff said:
    Hi, since I love this forum so much, I want to annoy you with more couple silly questions,

    In past ~5 years I start using my own VPS server to host my websites, and I manage these servers without using any Control Panel,
    I do most of the time, regular security check, e.g installing fial2ban, setting region lock on sshd port, and ban aggressive bots with iptable, I create backup from other server using rsync .
    So what should I do next, what is important threat should I pay attention into ?

    I would add these

    Futher SSH hardening
    OSSEC or rkhunter installation ( intrusion prevention detecion and intrusion detection software)
    Manage Security updates for Linux
    Make sure backups are not being pushed but are deployed in a pull manner( if you get hacked the hacker can also delete backups)
    Make sure SSL certificate renewal works. Set up a system to send alerts if expiry is less than 1 week
    Make sure nothing is set with permission 777.
    You mention iptables. Make sure you deny all incoming traffic by default and enable only few ports.
    Use something like monit/netda to detect system abnormal usage and take actions if required.

    ...

    The list is quite long TBH.

  • Alex_LeoAlex_Leo Member

    Don't turn off SELinux. Configure it correctly instead.

  • WolfWolf Member

    Advice?

    Don't f it up.

    Cheers.

    Thanked by 1WebProject
  • enforce Signed Kernel Modules in GRUB (so rootkits are much harder to insert)

    I also use the Linux Kernel Runtime Guard

  • JustPfffJustPfff Member

    @itoffshore said: enforce Signed Kernel Modules in GRUB

    I know this is applied to all Linux distro, but having the link from Arch Linux wiki give me feel to mess it up, from my first try, I use Arch on my Laptop, but I can't take them seriously on working/business environment, I think from now on I get my self for more reading from Redhat documents and learn all basic from early on like I never work with Linux before.

  • it's a single kernel command line option - I think you are in the wrong job

  • edited June 4

    Put the server on a "Smart Plug" so you can tell Alexa to "Reboot the server" or "Power off the server"

Sign In or Register to comment.