I recently rented my first vServer (Ubuntu, LAMP + Webmin preinstalled). I need it because of a Java app I wrote that should run as a game server on it. I'm familiar with Ubuntu as I'm using it as my primary OS since 2 years. I'm also fimiliar with some basic "linux"/shell, networking stuff and also run my own LAMP on my notebook before. So I thought I would be able to administrate a vServer. But there a few things I'm not sure about. What I did so far is changing ports of webmin and ssh and took a look in the apache2.conf file (seems allright). I changed the root password and tried to change the mysql root password to. Here I got my first issues:
I could not set any password for mysql root user. Neither per ssh/mysql nor within webmin. How can I do that?
Why are there so many mysql users (mysql-sys, debian-sys-maint)?
I've run netstat for open ports and as excpected it shows ssh, apache and webmin. But when I make a portscan with Zenmap I see also 5 more (filtered) ports (msrpc, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds). When I make a udp scan there seem to be even more ports opened. How's that coming?
My Java app needs to open udp/tcp sockets dynamically at runtime. So it would be nice to declare some firewall rules that deny all incoming/outcoming sockets except those from/for a given program (basically ssh, apache, webmin and my java app). How can one do this?
Does it make sense to install an ips like snort?
Is it sufficient to let webmin check/install updates on a daily basis to keep the system up to date? ( I guess I have to update Java manually, since I have to install it manually too)
Is there something else I need to do for security?
Lets suppose my server gets hacked and someone starts doing illegal stuff with it. I know that I'm liable for the server but what would be the worst case consequences for me?
It would be nice if someone has the time to answer my questions or give some links on the topic for further reading. thx and regards