0

I recently rented my first vServer (Ubuntu, LAMP + Webmin preinstalled). I need it because of a Java app I wrote that should run as a game server on it. I'm familiar with Ubuntu as I'm using it as my primary OS since 2 years. I'm also fimiliar with some basic "linux"/shell, networking stuff and also run my own LAMP on my notebook before. So I thought I would be able to administrate a vServer. But there a few things I'm not sure about. What I did so far is changing ports of webmin and ssh and took a look in the apache2.conf file (seems allright). I changed the root password and tried to change the mysql root password to. Here I got my first issues:

  1. I could not set any password for mysql root user. Neither per ssh/mysql nor within webmin. How can I do that?

  2. Why are there so many mysql users (mysql-sys, debian-sys-maint)?

  3. I've run netstat for open ports and as excpected it shows ssh, apache and webmin. But when I make a portscan with Zenmap I see also 5 more (filtered) ports (msrpc, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds). When I make a udp scan there seem to be even more ports opened. How's that coming?

  4. My Java app needs to open udp/tcp sockets dynamically at runtime. So it would be nice to declare some firewall rules that deny all incoming/outcoming sockets except those from/for a given program (basically ssh, apache, webmin and my java app). How can one do this?

  5. Does it make sense to install an ips like snort?

  6. Is it sufficient to let webmin check/install updates on a daily basis to keep the system up to date? ( I guess I have to update Java manually, since I have to install it manually too)

  7. Is there something else I need to do for security?

  8. Lets suppose my server gets hacked and someone starts doing illegal stuff with it. I know that I'm liable for the server but what would be the worst case consequences for me?

It would be nice if someone has the time to answer my questions or give some links on the topic for further reading. thx and regards

user2224350
  • 111
  • 4
  • How many books would you like me to write to answer these? :) Please consider significantly reducing the scope of your questions, and only ask one or two related questions in a single post. – EEAA Aug 27 '16 at 15:09

1 Answers1

1

That's a lot of questions, so I'll give you brief answers

  1. The mysqladmin command
  2. Your system was probably preconfigured that way and who knows... they shouldn't be needed and aren't part of the default mysql packaging, but maybe the OS or provider does something with them, so perhaps leave them alone.
  3. Ignore udp ports, they may not actually be open though nmap catches them properly. Just trust nmap. What are the other open/filtered ports? Anything to worry about?
  4. I have no idea how your provider deals with firewall stuff if they do at all. If they don't you can use the ufw package (Uncomplicated Firewall) or iptables directly. I'm sure there are many other options.
  5. Not unless you're paranoid and have lots of time on your hands
  6. I wouldn't touch a UI like that with a 10 foot pole, up to you. If it works, go for it. Ubuntu has it's own facilities for that.
  7. fail2ban is helpful. I think you're ok.
  8. I think you'll be fine if you respond appropriately
Ryan Babchishin
  • 6,160
  • 2
  • 16
  • 36