Building a secure Linux/Ubuntu 12.04 Server --> BOINC-client, LM-sensor ONLY!


log in

Advanced search

Questions and Answers : Unix/Linux : Building a secure Linux/Ubuntu 12.04 Server --> BOINC-client, LM-sensor ONLY!

Author Message
DanHansen@Denmark
Volunteer tester
Avatar
Send message
Joined: 14 Nov 12
Posts: 162
Credit: 2,048,091
RAC: 12,517
Denmark
Message 1431313 - Posted: 21 Oct 2013, 4:34:38 UTC

Hello crunchers,

I'm trying to build a secure Ubuntu 12.04 server only using the BOINC-client and LM-sensor.. Nothing else, no graphical stuff or anything...

The only reason I'm asking now, is because I need to make the servers safe, because my plan is to make the servers reachable from outside the LAN. This because I want to be able to contact the servers via SSH from outside at all times and because I've been testing a program from in here, AndroBOINC. Works directly on the boinc-client, and is a pretty good piece of software ;)

I'm running my own nameservers, webservers mailservers etc. and use a fixed IP for my router. Just to give you an idea of the system I use.

I gathered some inputs from other guides - from when I setup webservers and from the ubuntu forum network, but, I'm still not that good a building servers using the Linux OS. This is the reason for these questions.

Here's what I found. First I'll show my idea, and then I'll show the complete guide's (without the text defining the commands/setups)

My idea:


Building a secure Linux/Ubuntu 12.04 Server --> BOINC-client, LM-sensor ONLY!
Running a "monitor CPUtemp" shell script & using AndroBOINC from outside and in

1a. Running a shell script which monitors CPUtemp. Need a mailprogram to send/smtp alert mails from the CPUtemp shell script. Sendmail? Postfix? Included in Ubuntu Server!?!
1b. Need some kind of protection program due to the use of a SMTP program???
2. Need some kind of program to view log-files or make an intranet site to view server status!?! Any ideas?

#1 Install and configure Firewall - ufw
#2 Secure shared memory - fstab
#3 SSH - Disable root login and change port
#4 Protect su by limiting access only to admin group
#5 Harden network with sysctl settings
#6 Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban
#7 Intrusion Detection - PSAD
#8 Check for RootKits - RKHunter and CHKRootKit
#9 Scan open Ports - Nmap
#10 Analyse system LOG files - LogWatch
#11 SELinux - Apparmor
#12 Audit your system security - Tiger

#13 Amavisd-new,
#14 SpamAssassin,
#15 Clamav


Sources:


SOURCES:

FROM "How to secure an Ubuntu 12.04 LTS server. Part 1 The Basics" - WHICH IS A GOOD IDEA TO USE?
http://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics

Install and configure Firewall - ufw
Secure shared memory - fstab
SSH - Disable root login and change port
Protect su by limiting access only to admin group
Harden network with sysctl settings
Disable Open DNS Recursion and Remove Version Info - Bind9 DNS
Prevent IP Spoofing
Harden PHP for security
Restrict Apache Information Leakage
Install and configure Apache application firewall - ModSecurity
Protect from DDOS (Denial of Service) attacks with ModEvasive
Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban
Intrusion Detection - PSAD
Check for RootKits - RKHunter and CHKRootKit
Scan open Ports - Nmap
Analyse system LOG files - LogWatch
SELinux - Apparmor
Audit your system security - Tiger


FROM "The Perfect Server - Ubuntu 12.04 LTS" - WHICH IS A GOOD IDEA TO USE?
http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3-p3

Change The Default Shell --> /bin/bash
Disable AppArmor??? Due to complications !?!?
Install rkhunter, binutils
Install Amavisd-new, SpamAssassin, And Clamav


FROM "Monitor critical temperatures in Ubuntu Server - Lucid/Karmic" - I MADE A SHELL SCRIPT BASED ON THIS
http://www.havetheknowhow.com/Configure-the-server/Monitor-server-temperatures.html


____________
Keep On Crunching!

Project RACK Linux Boinc Servers
Ubuntu Server 12.04.4 64bit
Intel i5/8Gb/P8H77-M
Asus GeForceGT640 2Gb
Nvidia v.nvidia-linux-x86_64-331.38
LM-Sensors v.3.3.1 with libsensors version 3.3.1
BOINC v.7.2.33 x86_64-pc-linux-gn

Questions and Answers : Unix/Linux : Building a secure Linux/Ubuntu 12.04 Server --> BOINC-client, LM-sensor ONLY!

Copyright © 2014 University of California