Tuesday, April 29, 2008

DEDICATED GAME SERVER



I've found this article on the net..

General Introduction to Dedicated Servers:

A dedicated server is a single computer on a web hosting network that is leased or rented, and dedicated to just one customer. A service provider monitors the computer’s hardware, network connectivity, and routing equipment, while the customer generally controls and maintains the server software. Dedicated servers are usually used for websites who have outgrown their standard hosting account and require something more powerful, they are also used by larger companies that require seperate servers for mail, web, and database servers. Web hosting companies may have their sites spread of one or several servers. Dedicated servers are housed in data centers, where service providers can monitor them close-up and have hands-on access to them.

The primary advantage of using a dedicated server over a typical shared hosting account is the sheer amount of resources and control available to you, the customer. In many cases, the client is at liberty to install whatever software they desire, giving them greater flexibility and administrative options. Custom software can be installed whenever required, and also leaves less chance for a hacking attempt because only one site is being hosted and not several hundred, hence providing less targets. Dedicated server clients do not share resources, as those with shared hosting plans do; but rather, are at liberty to use all the resources available to them.


Installing and Configuring CSF Firewall

This article demonstrates how to install and configure the CSF (configserver) firewall. CSF can be used on a wide range of Linux systems, including those running cPanel.

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar zxf csf.tgz
cd csf
sh install.sh

If you have APF + BFD you will need to disable it, you can use the following to do so:

sh disable_apf_bfd.sh

To configure CSF modify the config files in /etc/csf/ - or if you are running WHM you can modify the CSF settings in there. By default CSF opens the standard cPanel ports.


Changing APF log for TDP/UDP drop's

If you’re tired of seeing your /var/log/messages log file full of dropped traffic from APF firewall then we have a solution! We’ll create a separate log file for TCP/UDP OUTPUT and drops which will leave your messages log nice and clean for easy browsing!

Requirements:

APF Firewall 0.9.3 or above. It may work on previous versions but we haven’t tested. If you’re using an older version you should upgrade anyways. Install APF by following our firewall tutorial.

Changing APF’s configuration:

1) Login to your server and su to root shell.

2) Create a new log file just for the TCP/UDP output/drops from APF.
touch /var/log/iptables

Set user permissions to restrict access.
chmod 600 /var/log/iptables

3) Change the syslog so it will tell iptables to use your new log file.
First lets make a backup to be safe:
cp /etc/syslog.conf /etc/syslog.conf.bak

pico /etc/syslog.conf

4) Add the following line at the bottom

# Send iptables LOGDROPs to /var/log/iptables
kern.=debug /var/log/iptables

5) Save the changes, ctrl + X then Y

6) Reload the syslogd service for the change to take effect.
/sbin/service syslog reload

7) Open APF and edit the firewall configuration.
First lets make a backup to be safe:
cp /etc/apf/firewall /etc/apf/firewall.bak

pico /etc/apf/firewall

Find the following: DROP_LOG

You should see this:

if [ "$DROP_LOG" == "1" ]; then
# Default TCP/UDP INPUT log chain
$IPT -A INPUT -p tcp -m limit --limit $LRATE/minute -i $IF -j LOG --log-prefix "** IN_TCP DROP ** "
$IPT -A INPUT -p udp -m limit --limit $LRATE/minute -i $IF -j LOG --log-prefix "** IN_UDP DROP ** "

Replace with the following:

if [ "$DROP_LOG" == "1" ]; then
# Default TCP/UDP INPUT log chain
$IPT -A INPUT -p tcp -m limit --limit $LRATE/minute -i $IF -j LOG --log-level debug
$IPT -A INPUT -p udp -m limit --limit $LRATE/minute -i $IF -j LOG --log-level debug

Find the following one more time: DROP_LOG

You should see this:

if [ "$DROP_LOG" == "1" ] && [ "$EGF" == "1" ]; then
# Default TCP/UDP OUTPUT log chain
$IPT -A OUTPUT -p tcp -m limit --limit $LRATE/minute -o $IF -j LOG --log-prefix "** OUT_TCP DROP ** "
$IPT -A OUTPUT -p udp -m limit --limit $LRATE/minute -o $IF -j LOG --log-prefix "** OUT_UDP DROP ** "

Replace with the following:

if [ "$DROP_LOG" == "1" ] && [ "$EGF" == "1" ]; then
# Default TCP/UDP OUTPUT log chain
$IPT -A OUTPUT -p tcp -m limit --limit $LRATE/minute -o $IF -j LOG --log-level debug
$IPT -A OUTPUT -p udp -m limit --limit $LRATE/minute -o $IF -j LOG --log-level debug


8) Save the changes to firewall.
Ctrl + X then Y

9) Restart apf for the changes to take effect.

/etc/apf/apf –r

10) Make sure the new log file is getting written to:
tail –f /var/log/iptables

You should see things like:

Aug 27 15:48:31 fox kernel: IN=eth0 OUT= MAC=00:0d:61:37:76:84:00:d0:02:06:08:00:08:00 SRC=192.168.1.1 DST=192.168.1.1 LEN=34 TOS=0x00 PREC=0x00 TTL=118 ID=57369 PROTO=UDP SPT=4593 DPT=28000 LEN=14

Also check the messages log to make sure APF still isn’t writing to it.
tail –f /var/log/messages

Final notes:
APF is written by R-fx Networks: http://www.rfxnetworks.com/apf.php


Rkhunter Installation

Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other security problems. This tutorial will touch on installing and setting up a daily report for rkhunter.
Installing:

wget -c http://downloads.rootkit.nl/rkhunter-1.1.1.tar.gz
tar -zxvf rkhunter-1.1.1.tar.gz
cd rkhunter-1.1.1
./installer.sh

Now you can run a test scan with the following command:

/usr/local/bin/rkhunter -c
How to setup a daily scan report?

pico /etc/cron.daily/rkhunter.sh

add the following replacing your email address:

#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report" email@domain.com)

chmod +x /etc/cron.daily/rkhunter.sh
I just got a false positive!! What do i do?

False positives are warnings which indicates there is a problem, but aren't really a problem. Example: some Linux distro updated a few common used binaries like `ls` and `ps`. You (as a good sysadmin) update the new packages and run (ofcourse) daily Rootkit Hunter. Rootkit Hunter isn't yet aware of these new files and while scanning it resports some "bad" files. In this case we have a false positive. You could always have your datacenter or a system administrator check out the server to verify that it is not compromised.

More information on rkhunter can be found here: http://www.rootkit.nl

Labels:

Posted by abeng at 8:34 AM  

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)