Security Measures

[kizer]

version: 4.5.4

 

Just playing with a fresh memory stick last night and parts are being gathered I figured I would start to figure out the need for security for a build. I'm aware of a few things so I'm asking because this is a bit different than a stand install since things are not installed after a reboot.

 

1. First notice there is no password set at console. I'm guessing you would use the command "passwd" to establish a root password or is that setup from within the http://tower login? I'm guessing you could change tower to something else as well just to confuse somebody.

 

2. FTP is enabled by default does it use the same password as the root login? Also how do you go about disabling it. Would you edit /etc/inetd.conf/. Would you simply comment it out? Looking at the files on the USB stick that one doesn't exist. LOL. As well I'd rather use sFtp via WinSCP

 

3. Disable Telnet and install SSH. I really like SSH over Telnet any day of the week. As well you would think normally you would edit the /etc/inetd.conf file, but then again its not on the USB stick, but I though I saw it in Midnight commandar so I'm guessing its within the compressed bzroot file.

 

4. Normally I have SSH setup with deny and allow so that would be another thing to figure out how it works

 

5. Also a common practice of mine has always been not to allow root to login via ssh without loging in as a regular user first.

 

Now even thou those are set how to insure they are configured so when you preform a reboot they are well the way you left them? I was thinking you would tinker with the go script, but I haven't got that far figuring out exactly how it works.

 

Did I miss any? I don't plan on having my unRAID server haning out in a bad part of my network or anything, but I'd rather lock it down some so if some Yahoo got past my router or heck somebody on one of my own machines on a guest account knew what I was running decided to tinker with things I could at least deter them some what. I guess all of this nothing stays until after you reboot has my head spinning some. LOL

[Joe L.]

Set the root password from within the web-management user-interface.  It will be persistent since a copy of the passwd file is stored on the flash drive and put into place the next time you reboot.

 

For any other "config" file, all you need to do is put a copy on the flash drive and add a line in the config/go script to copy it into place when you next reboot.

 

Joe L.

[kizer]

In the go script would you use something like this?

 

cp example.conf /etc/

[kizer]

I did find this thread and I was trying to figure out what the heck is going on. LOL

http://lime-technology.com/forum/index.php?topic=5976.0

[Joe L.]

In the go script would you use something like this?

 

cp example.conf /etc/

Exactly... 

 

You might need to re-start whatever is using the .conf file, but that is exactly the type of thing you see in that thread describing what people have put in their "go" scripts.

 

[kizer]

Ok, thanks

 

This is just a bizarre setup, but I'm finding it to be a bit of fun. Kinda like Playing a game you haven't played in years to find out the rules have changed or your just getting old and forgot the rules. LOL

 

I'm trying to get some hunkly, clunky drives pre-cleared so I can play around before laying out the cash for some gear and really go for it. Your Preclear script is pretty cool I might say. 

[Joe L.]

I'm trying to get some hunkly, clunky drives pre-cleared so I can play around before laying out the cash for some gear and really go for it. Your Preclear script is pretty cool I might say. 

Thanks... It just makes do with the programs available on the server.  Trickiest part is in the writing of the partition table in the MBR.  Took a bit of work to figure out how to do it using a shell script.