Hello crunchers,
I'm trying to build a secure Ubuntu 12.04 server only using the BOINC-client and LM-sensor.. Nothing else, no graphical stuff or anything...
The only reason I'm asking now, is because I need to make the servers safe, because my plan is to make the servers reachable from outside the LAN. This because I want to be able to contact the servers via SSH from outside at all times and because I've been testing a program from in here, AndroBOINC. Works directly on the boinc-client, and is a pretty good piece of software ;)
I'm running my own nameservers, webservers mailservers etc. and use a fixed IP for my router. Just to give you an idea of the system I use.
I gathered some inputs from other guides - from when I setup webservers and from the ubuntu forum network, but, I'm still not that good a building servers using the Linux OS. This is the reason for these questions.
Here's what I found. First I'll show my idea, and then I'll show the complete guide's (without the text defining the commands/setups)
My idea:
Building a secure Linux/Ubuntu 12.04 Server --> BOINC-client, LM-sensor ONLY!
Running a "monitor CPUtemp" shell script & using AndroBOINC from outside and in
1a. Running a shell script which monitors CPUtemp. Need a mailprogram to send/smtp alert mails from the CPUtemp shell script. Sendmail? Postfix? Included in Ubuntu Server!?!
1b. Need some kind of protection program due to the use of a SMTP program???
2. Need some kind of program to view log-files or make an intranet site to view server status!?! Any ideas?
#1 Install and configure Firewall - ufw
#2 Secure shared memory - fstab
#3 SSH - Disable root login and change port
#4 Protect su by limiting access only to admin group
#5 Harden network with sysctl settings
#6 Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban
#7 Intrusion Detection - PSAD
#8 Check for RootKits - RKHunter and CHKRootKit
#9 Scan open Ports - Nmap
#10 Analyse system LOG files - LogWatch
#11 SELinux - Apparmor
#12 Audit your system security - Tiger
#13 Amavisd-new,
#14 SpamAssassin,
#15 Clamav
Sources:
SOURCES:
FROM "How to secure an Ubuntu 12.04 LTS server. Part 1 The Basics" - WHICH IS A GOOD IDEA TO USE?
http://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
Install and configure Firewall - ufw
Secure shared memory - fstab
SSH - Disable root login and change port
Protect su by limiting access only to admin group
Harden network with sysctl settings
Disable Open DNS Recursion and Remove Version Info - Bind9 DNS
Prevent IP Spoofing
Harden PHP for security
Restrict Apache Information Leakage
Install and configure Apache application firewall - ModSecurity
Protect from DDOS (Denial of Service) attacks with ModEvasive
Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban
Intrusion Detection - PSAD
Check for RootKits - RKHunter and CHKRootKit
Scan open Ports - Nmap
Analyse system LOG files - LogWatch
SELinux - Apparmor
Audit your system security - Tiger
FROM "The Perfect Server - Ubuntu 12.04 LTS" - WHICH IS A GOOD IDEA TO USE?
http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3-p3
Change The Default Shell --> /bin/bash
Disable AppArmor??? Due to complications !?!?
Install rkhunter, binutils
Install Amavisd-new, SpamAssassin, And Clamav
FROM "Monitor critical temperatures in Ubuntu Server - Lucid/Karmic" - I MADE A SHELL SCRIPT BASED ON THIS
http://www.havetheknowhow.com/Configure-the-server/Monitor-server-temperatures.html
Project Headless CLI Linux Multiple GPU Boinc Servers
Ubuntu Server 14.04.1 64bit
Kernel 3.13.0-32-generic
CPU's i5-4690K
GPU's GT640/GTX750TI
Nvidia v.340.29
BOINC v.7.2.42