Major Webserver Setup Rules: The „must“ do!

If you want to setup a fresh secure Webserver then use this list

  • dont ever upload data, files, images on the Webserver who are classified as „secret“
  • setup daily full backup with Cron
  • view daily the system logs, auth, www, errors …
  • setup a local firewall with less opened ports 80,25 ..
  • setup daily automatic updates by cron
  • reduce the count of users who can login
  • use no logical usernames
  • force long passwords by rules min 15 digits
  • setup a daily load monitor by „uptime“ to log
  • setup a realtime network monitor by „iftop“
  • use „nmap“ as local portscan to test settings
  • remove unneeded software packages and services, less is more..
  • change monthly passwords forced by rules
  • upload only via encrypted SFTP and use Login Keys
  • copy hourly your Logs on /var/log to a other external place (scp/rsync) by cron
  • use ECC-RAM to have save RAM usage againts RAM attacks
  • use 2 HDD’s as Raid 1 and setup mail of root to post failures to your box
  • mount the Webserver root file system readonly, that no one can modify /etc
  • dont use Java, PHP, Tomcat, or other Adminpanels if you really need them!

I hope this rules help you to protect your Server..

 

Linux Bug: Disable Framebuffer Nvidia free Driver Nouveau for hanging xserver-xorg (for Servers)

Problem: Nouveau the free Version of the Nvidia Display Driver crash if you switch to Console or kill the xserver-xorg.Its enabled by default inside the KERNEL!! this WAS NOT DEFAULT at last DECADES!! (DEBIAN 3.0-5.0 never used it!, cause bugs and hanging Servers)

Solution:

echo 'blacklist nouveau' > /etc/modprobe.d/blacklist-nouveau.conf

then edit with $sudo nano /etc/default/grub
# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="noquiet nouveau.nomodeset=0"     #on Ubuntu set "nomodeset noplymouth"
...

update grub Loader with
sudo update-grub2

REMARK: THIS MUST BE USED AT SERVERS FOR STABILITY!! REMOVE / BLACKLIST ALL UNEEDED DRIVER MODULES LIKE SOUND!
(DISABLE ALWAYS UNNEEDED CHIPS AT YOUR BIOS AGAINST PROBLEMS AND ENERGY COSTS)

Fast Debian Server as Live Ram Disk System

http://wiki.debian.org/LiveCD


– to run a debian Server inside RAM you have to download debian live cd
– to change keyboard layout from default US set bootoption at kernel

bootkbd=es 

for example for spain or „de“ for german
– to change the user name set [CODE]username=user[/CODE] at bootoption
– to fix the servername set [CODE]hostname=debian[/CODE]

– you can also recreate the disk or put it on usbstick to get a RAMDisk Server
– or try to remaster a debian live disk see info at knoppix pages
– you can run a webserver with complete readonly mode!

Sun Cobalt Linux „Bluequartz“ renamed to „Blueonyx“ (old Nuonce)

http://www.blueonyx.it

See site above the old known Sun Cobalt Linux (Bluequartz-Webinterface + Sun Cobalt Linux) was redesigned last years by Nuonce, Strongbolt.uk, Solarspeed.net and is now made with:

  1. Centos 5.2
  2. Blueonyx for new Servers x86 and AMD64

For Classic View the old nice Sun Theme is still available and easy to switch at user settings.

To CHANGE the Login Pictures Blueonyx to your loved old View of Sun Cobalt Themes download here the Theme Pictures of old SUN Cobalt and copy it at the folder sausalito see info.txt

http://www.blueonyx.it Free Distribution for your Webservers

Samba Server Browsing Problem Samba Server sporadically hidden

Problem: Inside a Laboratory Farm of 5 Samba Servers sometimes one or more Servers are sporadically hidden at Windows XP Client Neighbourhood (Netzwerkumgebung), but they are still sharing the files and are still online. Or XP Clients hangs up at browsing the Local Network for some minutes.

Solution:

  1. Open
    /etc/samba/smb.conf
    with Editor
  2. set domain master = No
  3. set local master = YES
  4. set preferred master = No
  5. restart samba service with
     /etc/init.d/samba restart

Background: The nmbd service is browsing at your network and if he find the option domain master he will ignore the information of the other server (data communication corruption Port 137)