For hosting irc and shells i heard that the best choice for OS is the FreeBSD..
I would like to know if there are any toturials or if someone can write one.. (or give some tips) of how can i secure a machine running FreeBSD and used for irc + shells!
For example how can i install a firewall, a rootkit etc etc..
Also what about putting users at jail? (not allowing them see other dirs except theirs) how can i do that?
Also what about dont allow users use some commands like dmesg, ping, traceroute, and also how can i make them when they do ps -aux to only see their processes (to not be able see the other processes from other users..)
I've enabled ssh one of my account in WHM, so I went to cpanel of this account and tried the SSH/Shell Access, but what I got is:
For security reasons, shell access is not enabled by default. In order to activate shell access on your account, you will need to fax or mail a copy of your driver's license, passport or other photo id to customer service.
is this something about SSH Key? do I have to generate a key so I can use the SSH/Shell Access?
i have a dedicated server i get server for study unix manage i have a problem by SHELL FILES ( hacker shell file ) other Site can Upload Shell file and get Access for edit other Site in server i set tweak scurity in CPANEL and Disable Function and i give not Shell access to all site but hacker can hack me by Shell access Hacker can not hack me by c99 Shell but can hack by New shell i upload this shell in my server Link: [url]
I know there are so many similar threads related to this issue in this forum, I know but my situation is a bit different from other guys, please read the following lines,
I've got a forum with approximately 100 users concurrently, now I'm looking for a shared hosting with relatively high simultaneous MySQL connections number at least 50 and also allows Shell access to dump or restore the MySQL database. but the main problem is lots of US hostings do not host Iranian I dunno US government has problem with Iran's government but I can't understand what's my guilt in this debate?
transfer a client's site files (over 220 MB) to my server. The client does not use cPanel or have SSH access.
FTP is horribly tedious. I have created the account on my server and have SSH enabled. I have a feeling I can use wget to download the files to the account's home directory, but I am not sure of the correct syntax to recursively download all the directories and the files.
I'm thinking about creating a limited platform for my employees to access my hosting servers
I wish they can create certain types of directories for users, set permissions on some directories, list users accounts, etc.
but although I don't think they would want to abuse this kind of access, I not only like the Trust-No-One premisse, but I also find it not very unlikely that the computer they're using get compromised or something like that
so I'd like to get technical ideas on how to develop this system and to know if anyone is interested and would like to contribute to the code
what I've considered so far is that I should either create a special user for that which would be on all users group, or should give it "root" access... the latter seems more reasonable for me considering the implementation and compatibility between systems and control panels
but with "root" access I mean "running MY INTERFACE to the employee as root"... this interface would have limited options like "create directory for user X", "list content of user X", etc. (taking a lot of care on input validation)... and would enforce some limits to prevent abuse (for example, can't list the content of more than 10 users per hour, or something like that... and alert me)
my main doubt is how you think that should be implemented? as a special server or as a webservice? with webservice I have the advantage of being capable of using SSL in a simple way and I don't need a special client (since any browser is a client) then that could be PHP or Perl... but running as UID 0 (I don't even know if apache allows that, or if there's a workaround like SUID)
I have recently picked up a CentOS5 server running on an OpenVZ box. Going thru various guides, I have seen repeatedly the importance of securing the /tmp partition. However, I am running into trouble when I try to follow the usual commands 
# mount -o nosuid,noexec /media/tmpFS /tmp mount: /media/tmpFS is not a block device (maybe try `-o loop'?) If I check for the presence of loop, it is missing:
# ls -ltr /dev/loop* ls: /dev/loop*: No such file or directory
If I try and create loop using /sbin/makedev loop and re-execute the mount command, I get a new error
mount: no permission to look at loop The nearest I have found so far is this thread , which suggests using
mount -t tmpfs tmpfs /tmp I believe the above will not persist across a reboot, so that defeat's the purpose.
Can you advise on how to mount /tmp in noexec,nosuid mode within the VPS environment?
I have windows servers that I'll be co-locating very soon. I have purchased a Dell 2161ds-2 and an APC remote boot power strip. Could someone please tell me the best way to secure remote access to these products. Do I put them on public IP's and allow them through the firewall or do I put them behind the firewall and access them after I authenticate through the firewall.
I found a great little app called ID Shutdown Manager which bascially lets you do stuff like wake on LAN, Shutdown, Log Off etc.
The App also has a cgi script which you can call from a web server so you get a web interface to the program.
This is exactly my reason for getting the app as I just wanted to host a web page where I could login from the internet and wake on lan my media PC.
The app gives you all the iis or apache setup instructions and tells you to place the cgi script which is actually a .exe into the scripts folder and then enable basic authentication for it.
So if I navigate to <SERVER>/scripts/sdmancgi.exe its supposed to give me a user / pass prompt and then when login successful I see the app and can wake on lan etc.
ok I have got this to work
on the actual machine where server is running I can access it in IE7 by localhost etc.. and it works
However when I try to access from another PC in my lan by typing <SERVER>/scripts/sdmancgi.exe I get a nice little message saying the content cannot be displayed you may require to insall a program or something to display it.
If I try to access the page from firefox on same remote PC, it works!
I can also access page from outside my LAN, it works on my N95 browser.
Also I have had friends try it from firefox from the Internet and they say it works as well.
Forgot to mention I am running on port 8081 as I already have other servers running on 8080 and 80 (one is my router and the other server installed itself from setup.exe and I dont know what server its using)
I have also tried latest apache server as well as some other free one. Both have the same effect. Ok in firefox, not in IE.
One would think its a problem with the cgi file not compatible with IE7 however, I even tried to go to default page setup in IIS <SERVER>:8081 and I get the same message. So at this point the server hasnt even tried to access CGI or prompt for Basic Authentication.
I tried googling and not much luck. I read something about CSS and when I view source of failed web page from IE7 it mentions something about CSS so dont know if this is it?