5 Cups of Ubuntu
I run ubuntu 8.04 server, 'crontab -l' returns 'bash: crontab: command not found' and lastly 'sudo dpkg --configure -a' doesnt do anythingOriginally Posted by dejitarob
After following this tutorial "http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p6" I was able to setup server manually, then disabled suexec and set the document folder to /home/user/public_html but keep getting " You don't have permission to access / on this server." now.
Last edited by brack; March 9th, 2009 at 10:14 AM.
5 Cups of Ubuntu
new try of installation of virtualmin returns the same errors:The virtualmin interface starts on port 10000 and checking configuration returns this:Code:Displaying the last 15 lines of /root/virtualmin-install.log to help troubleshoot this problem: Configuring resolv.conf to use local DNS server Enabling status monitoring Error: An error was detected in the new Cron configuration : <pre></pre> <pre>0,5,10,15,20,25,30,35,40,45,50,55 * * * * /etc/webmin/status/monitor.pl </pre> Error ----- An error was detected in the new Cron configuration : <pre></pre> <pre>0,5,10,15,20,25,30,35,40,45,50,55 * * * * /etc/webmin/status/monitor.pl </pre> ----- dpkg: error processing virtualmin-base (--configure): subprocess post-installation script returned error exit status 1 Processing triggers for libc6 ... ldconfig deferred processing now taking place Errors were encountered while processing: virtualmin-baseBut the very next time I login there I requires me to check configurations. Basically the only thing that I can do is to check configurations.Code:The status of your system is being checked to ensure that all enabled features are available, that the mail server is properly configured, and that quotas are active .. BIND DNS server is installed, and the system is configured to use it.
'sudo dpkg --configure -a' now goes through setting up virtualmin-base but hangs on the line 'Configuring resolv.conf to use local DNS server' Dont know how to skip this or something.
5 Cups of Ubuntu
Ok, even I get all errors above I could manage to use webmin and setup virtual server through Webmin, (not through Virtualmin) and looks like everything is working. there where some permission problems but I fixed everything manually. specially this is the only xen machine that I had problems to install stuff via install.sh script, other machines setup perfectly fine, even on the same pc. Dont have much time to sort this problem, will do it next month.
Frothy Coffee!
I honestly don't know what to say. If you don't have crontab there might be something really messed up with your Ubuntu install. Do you get these errors on a clean install? I've used the script about 20 times for installing OpenVZ VPSs at my work and never had a problem.
"We do not want a world in which the guarantee that we will not die of starvation is bought by accepting the risk of dying of boredom." -Vaneigem
5 Cups of Ubuntu
Ok, the problem is solved. When I was creating this xen machine I used buggy script - it didnt make swap so there was only virtual memory. Now I fixed the script, and I have swap and virtualmin installed without single problem.
5 Cups of Ubuntu
If you are using the installation script on a VPS with a fresh install of Ubuntu 8.x do you still have to manually take steps to secure the server or does the installation script handle this?
Frothy Coffee!
Good question. I think it depends on how secure you want your server and what you are using your server for. The Virtualmin installer script does a pretty good job of providing a base level of security I believe--it won't leave your server as an open relay for example. But it's not going to setup a firewall for you, or SSH restrictions, suphp, etc.
Last edited by dejitarob; June 15th, 2009 at 03:35 AM.
"We do not want a world in which the guarantee that we will not die of starvation is bought by accepting the risk of dying of boredom." -Vaneigem
5 Cups of Ubuntu
cheers
Can you point to a good step by step Howto tutorial for setting up a decent level of security in ubuntu 8?
First Cup of Ubuntu
"setting up a decent level of security in ubuntu 8"
It should have a "decent level of security" out of the box.
Firewalls have limited utility in a virtual hosting environment...the services you want to use need to be available to everyone, so you can't firewall them. Services that you don't need shouldn't even be running, so firewalling the port is meaningless. You can make use of stateful firewall rules to do clever things like block large numbers of new connections on important ports like ssh (the connection will be "ESTABLISHED" or "RELATED" once a session is started with a user, so lot of new connections is suspicious and might indicate a brute force attack, for example). But, this isn't necessarily the most important use of your time when it comes to security.
The most important security concepts are very simple, but a lot of people get them wrong:
1. Keep your system up to date. In a system with many services running, there will occasionally be security issues discovered. So, you need to update immediately when fixes for security issues arrive. This is the leading attack vector used against servers. You cannot run out of date software on your system. Ubuntu provides apt-get, and has a good security response history, so as long as you stay on top of Ubuntu-provided updates (and you're taking advantage of the Virtualmin.com apt-get repository for those packages), you'll be way ahead of the game on security.
2. Strong passwords. Never use weak passwords, even for low-powered accounts. A strong password is 8+ characters in length, has numbers and letters and optional punctuation and is not based on dictionary words.. Gaining low-level shell access is the first step in an escalation attack, and so even a simple account can be dangerous (particularly if you forget to update your system, and a new local exploit is discovered).
3. Don't run unnecessary services. Every piece of software running on your system is a potential attack vector. The less you run, the safer you are. So, figure out what services you need, and make sure any you don't have been shut down.
There's all sorts of snake oil security advice out there, but a lot of it is just distraction from the important stuff. If you do those three things...then you can look around for other hardening advice. But don't get distracted from the core security principles.
For Virtualmin specific advice, if you'll be sharing your box with other users, you'll want to switch to running all scripts under suexec. This is the default for regular CGI scripts in Virtualmin GPL, but PHP still runs under mod_php (which means as the Apache user), so switching to suexec+FastCGI is recommended. If you don't share your box, or only with trusted users, then this isn't a very big deal. suexec makes web applications run as the user that owns the virtual host in which they run, which prevents them from snooping on other virtual hosts data, among other things.
We've covered this process a few times in our forums at Virtualmin.com, and this is the mostly definitive thread with a HOWTO:
http://www.virtualmin.com/node/8462
Frothy Coffee!
Thanks for the informative post Joe. The exploits I've seen and fixed in my limited experience as a sysadmin were nearly all due to #1 and #2. Then there's always the problem with end users getting their passwords stolen due to trojans on their own boxes but not much you can do about that besides having some damage control in place, which you also outline.
Last edited by dejitarob; June 15th, 2009 at 09:07 PM.
"We do not want a world in which the guarantee that we will not die of starvation is bought by accepting the risk of dying of boredom." -Vaneigem
Posting Permissions
Adv Reply
Bookmarks