An experiment in Linux administration

fukawi2 · 2009-09-10 06:30:44

pacman -S postfix
vi /etc/postfix/main.cf

It's well commented.

ataraxia · 2009-09-10 14:14:34

Since you appear to have bad guys taking advantage of you, I'd suggest taking a good look at the IRC bots people are running (or want to run). One of the most common uses of IRC bots is to DOS someone.

If someone is really a jerk, and they signed up for their access here in this thread, you could always get your revenge by calling them out here. I don't think you'd be doing anything wrong by exposing the identity of someone you know to be doing something wrong, and it's quite possible you might make the culprits unwelcome on these forums.

genisis300 · 2009-09-10 14:37:20

exposing them is probably a good idea. Although even with people dicking around you did say you wanted to learn about being an adminstrator.

with the bandwidth problem your having could you not set up a bandwidth load balancer? might help when the server peaks.

found this if it helps

http://www.linux.com/archive/feature/148000

Last edited by genisis300 (2009-09-10 14:38:40)

atordo · 2009-09-10 17:49:12

ataraxia wrote:

Since you appear to have bad guys taking advantage of you, I'd suggest taking a good look at the IRC bots people are running (or want to run). One of the most common uses of IRC bots is to DOS someone.

Yes, because you totally need a bot when you can just log in and issue whatever commands you like! Thanks for lowering my chances of getting an account, though

To the OP I'd recommend installing a grsecurity patched kernel (it's available in AUR). This by itself should improve security a bit, but to really fit user capabilities to an acceptable level some tweaking and time investment is needed (which should be ok if the purpose of the experiment is to learn administration).

wuischke · 2009-09-10 18:50:55

Mail server: I personally use postfix + dovecot (on Debian, that is). Both work great for me and the configuration is pretty sane, too.

Another issue: I can read for instance the web server logs. I'm no surely professional admin, but I don't think it's a good thing.

arch0r · 2009-09-10 20:08:15

thx for creating an account :>
im still trying to login over ssh for 2 days now but i'am always receiving a time out

ugkbunb · 2009-09-11 02:17:33

ZankerH wrote:

Wow, had to delete and restrict a ton of accounts. People are dicks.
ssh now operating on a whitelist, if I missed anyone let me know.
Looking on the bright side, I've now installed the full LAMP stack.
I'd love to put a mail server on it, but I don't even have the slightest idea on where to start, and can't find anything relevant on the wiki. Point me in the right direction?

seems like my roark account was missed or deleted. I was only planning on using this as a SSH proxy... so really if you would like to give my spot to a more experienced user feel free. I had only logged in once... tried to make a proxy with the ssh -D command but for some reason my firefox would not work with it.

Anyways -- thanks again

Last edited by ugkbunb (2009-09-11 02:17:53)

okplayer02 · 2009-09-11 08:54:45

good work the proxy working good for me

ZankerH · 2009-09-13 05:04:04

Hello again,

I would like to thank everybody for contributing to the experiment (even the guys who made me learn about locking down the system by doing nasty things to it, so I won't be calling any names), but due to several factors I'll be doing a fresh install today or tomorrow. More specifically, due to the /tmp and /var being on the root partition, someone managed to dd zeroes all over the root partition. It wasn't erased entirely, but the system will lock up at random. Also, someone apparently found a way to move users to and from groups - namely, move them out of the group that's restricted to 200 processes, allowing them to run forkbombs again - which they did. Due to these circumstances, I will be re-installing and changing the address of the server, and if I ever decide to give out accounts again it will be on a personal, invitation-only basis.

zowki · 2009-09-13 11:16:00

ZankerH wrote:

Hello again,
I would like to thank everybody for contributing to the experiment (even the guys who made me learn about locking down the system by doing nasty things to it, so I won't be calling any names), but due to several factors I'll be doing a fresh install today or tomorrow. More specifically, due to the /tmp and /var being on the root partition, someone managed to dd zeroes all over the root partition. It wasn't erased entirely, but the system will lock up at random. Also, someone apparently found a way to move users to and from groups - namely, move them out of the group that's restricted to 200 processes, allowing them to run forkbombs again - which they did. Due to these circumstances, I will be re-installing and changing the address of the server, and if I ever decide to give out accounts again it will be on a personal, invitation-only basis.

That is such a shame that there are such horrible people on the forums. Good luck on your next shell server.

FeatherMonkey · 2009-09-13 11:35:01

I'm intrigued so did you find out the how or rather whether it was via suid escalation etc?

How would you stop the same thing happening again?

jwwolf · 2009-09-13 11:59:52

I don't see how any of this can be a negative effect that would make you want to restrict it(testing).You said you wanted to learn about linux administration,in a multi-user enviornment.This is exactly what happened.You now have experience with how people are,and how to counter it if/when it happens.If you ever do move in to a more commercial/enterprise grade administration position.Are you just going to write a memo to your CEO saying "BAD BAD people did BAD things,im shutting down your servers"? No you wouldnt(unless you wanted a new job).You now have experience with how to maintain a server.Was it a hassle? Yes.
Did you learn nothing from it? I hope not.
You now know what people will do and how to prevent/counteract it.

Last edited by jwwolf (2009-09-13 12:00:57)

ZankerH · 2009-09-13 14:11:58

I've learned a lot, I said so, and I thanked people for participating. I said so in my post, did you misread it?

I've also grown tired of herding cats for free. I'm not shutting it down because I can't handle it, I'm doing a fresh install because this one is screwed beyond repair.

zen3 · 2009-09-26 14:31:51

delete me.
asdf_jkl

Last edited by zen3 (2009-10-02 18:53:14)

zowki · 2009-09-26 15:11:15

If you read the last page you would have noticed that the admin shut down the server...

Arch Linux

#101 2009-09-10 06:30:44

Re: An experiment in Linux administration

#102 2009-09-10 14:14:34

Re: An experiment in Linux administration

#103 2009-09-10 14:37:20

Re: An experiment in Linux administration

#104 2009-09-10 17:49:12

Re: An experiment in Linux administration

#105 2009-09-10 18:50:55

Re: An experiment in Linux administration

#106 2009-09-10 20:08:15

Re: An experiment in Linux administration

#107 2009-09-11 02:17:33

Re: An experiment in Linux administration

#108 2009-09-11 08:54:45

Re: An experiment in Linux administration

#109 2009-09-13 05:04:04

Re: An experiment in Linux administration

#110 2009-09-13 11:16:00

Re: An experiment in Linux administration

#111 2009-09-13 11:35:01

Re: An experiment in Linux administration

#112 2009-09-13 11:59:52

Re: An experiment in Linux administration

#113 2009-09-13 14:11:58

Re: An experiment in Linux administration

#114 2009-09-26 14:31:51

Re: An experiment in Linux administration

#115 2009-09-26 15:11:15

Re: An experiment in Linux administration

Board footer