Choose Server

Posted by root on Tuesday Mar 14, 2017 Under Bash, Debian, Linux, Server

Dedicated Server parameters and requirements to consider on choosing a server:

-Price
-Location of the Server
-Hosting Company Reputation
-Managed / Unmanaged Server
-Debian / Centos / Freebsd
-Operating system encrypted?
-connection ssl?
-Certificate ssl ?
-Internet T1 line / bandwidth / unmetered connection
-Memory Ram / ecc amount and type / encrypted ram?
-Type Disk (ssd preferably) / self encrypted drives? / SAS hard drives?
-uptime company
-backups
-brand hardware used (samsung / asus / intel / western digital)
-Datacenter Infrastructure (power, fire detection etc)
-Firewall Iptables / router / ddos protection
-Control Panel- plesk / cpanel / webmin / ajentis / zpanel / ispconfig
-connection ipv4 or ipv6
-type of Raid or lvm chosen
-server hardware dust filters
-cooling type
-remote reboot / wake on wan / remote access
-bios type & brand
-Power / energy consumption
-Software used on server server
-automation-scripts
-technical support response time
-contact company before purchasing services package
-test panel demos

Access to the server using:
-sftp
-ssh v3
-vpn
-file permissions
-sstp

Security
-used protocols
-disable root
-close ports + services
-IDS snort (intrusion detecting system)
-mail filters / spamassassin + failban
-Logs / Backlog
-Password Policy
-Types of Encryption and ciphers used (sha1, md5, des, diffie hellman etc)
-backups
-Access control list
-All passwords different and complex

Plataformas teste Vulnerabilidades:
https://pentesterlab.com
http://vulnhub.com/
https://www.lunarpages.com/uptime/securing-your-linux-dedicated-server

 

Documentação extra ler:
https://en.wikipedia.org/wiki/Server_(computing)
http://uptime.netcraft.com/


http://wikibon.org/wiki/v/Server_Options:_When_to_Lease_vs._When_to_Buy
http://www.cyberciti.biz/faq/data-center-standard-overview/
http://www.cyberciti.biz/tips/linux-security.html

Lista Datacenter internacionais:
http://wiredre.com/international-data-center-list/
http://uptimeinstitute.com/TierCertification/

Empresas Hosting :
https://www.ovh.pt/servidores_dedicados/
https://www.hetzner.de/
http://www.server4you.com/
http://www.online.net/

Observação- sempre comprar no país que oferece  preço mais baixo!

Hosting Companies Extra:
http://english.keyweb.de/products/server/dedicated-server/
https://www.hosteurope.de/en/Server/Root-Server/
http://www.df.eu/

Products


https://www.1and1.co.uk/server-dedicated-l?linkOrigin=dedicated-server&linkId=ct.btn.server-dedicated-l
http://www.webtropia.com/en/root-server/root-server-details.html?pid=RootS
http://www.serversfree.com/server-features/
https://www.copahost.com/en/managed-dedicated-servers

VPS
https://www.linode.com/
https://www.digitalocean.com/
http://contabo.com
https://www.time4vps.eu/cart.php?a=view
http://www.server4you.com/vps/
https://ramnode.com/vps.php

Servidores Dedicados

Análises Seg:
http://www.inguardians.com/
http://www.modzero.ch/en/contact.html
http://www.offensive-security.com/

SOFTWARE
foreman
openstack
puppet
squid
ferm
fail2ban
snort
spam assassin
dnswall
setup dns

Tags : | add comments

#iptables Block Incoming Port

Posted by root on Sunday Apr 17, 2016 Under Bash, Debian, Network

The syntax is as follows to block incoming port using IPtables:

/sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP
 
### interface section use eth1 ###
/sbin/iptables -A INPUT -i eth1 -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP
 
### only drop port for given IP or Subnet ##
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP
Tags : , , , | add comments

Webmin SSL certificate

Posted by root on Monday Nov 11, 2013 Under Bash, Centos, Debian, Linux, SSH

This happens because the default SSL certificate that is generated by webmin is not issued by a recognized certificate authority. From a security point of view, this makes the certificate less secure because an attacker could theoretically redirect traffic from your server to another machine without you knowing, which is normally impossible if using a proper SSL certificate. Network traffic is still encrypted though, so you are safe against attackers who are just listening in on your network connection.

If you want to be really sure that the Webmin server you are connecting to is really your own, the only solution is to order a certificate from an authority like Verisign that is associated with your server’s hostname and will be recognized web browsers. This certificate should be placed in the file /etc/webmin/miniserv.pem and be in the same certifcate+key format as the existing miniserv.pem file.

To request a certificate, follow these steps :


Run the command

openssl genrsa -out key.pem 2048

This will create the file key.pem which is your private key

Run the command

openssl req -new -key key.pem -out req.pem

When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR)
Send the CSR to your certificate authority by whatever method they use. They should send you back a file that starts with —–BEGIN CERTIFICATE—– which can be put in the file cert.pem.

Combine the private key and certificate with the command cat key.pem cert.pem

/etc/webmin/miniserv.pem

Re-start webmin (making sure it is in SSL mode) to use the new key.

Tags : , , | add comments

How to control audio in debian?

Posted by root on Tuesday Aug 20, 2013 Under Bash, Debian, Linux

PulseAudio Volume Control (pavucontrol) is a simple GTK based volume control tool (“mixer”) for the PulseAudio sound server. In contrast to classic mixer tools this one allows you to control both the volume of hardware devices and of each playback stream separately.

 

apt-get install pavucontrol

 

Tags : | add comments

sshfs – failed to open /dev/fuse: Permission denied

Posted by root on Saturday Jul 27, 2013 Under Bash, Debian, Linux, Ubuntu

 

Problem:

fusermount: failed to open /dev/fuse: Permission denied

Solution:

usermod -G fuse <your-username>
reboot

Depending on your setup you may need to prefix the solution commands with sudo although this isn’t specific to any platform and many user su. You may not need to reboot but it could save you some hassle in the long run if the problem still persists.  It’s common sense but just in case you didn’t get it, replace <your-username> with the username you use.

Tags : | add comments

VNC Server on KDE and Lubuntu

Posted by root on Wednesday May 22, 2013 Under Bash, Debian, Linux, Remote Access, Ubuntu

To run a fast desktop manager over slow internet connection use LXDE Desktop Manager or Lubuntu.

The file “~//.vnc/xstartup” must be changed such way:

#!/bin/sh
xrdb $HOME/.Xresources
xsetroot -solid black
lxterminal &amp;
/usr/bin/lxsession -s LXDE &amp;

For Lubuntu:

#!/bin/sh
[ -r HOME/.Xresources ] &amp;&amp; xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &amp;
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &amp;

/usr/bin/lxsession -s Lubuntu -e LXDE &amp;
Tags : | add comments

Remove History on SVN

Posted by root on Saturday Jun 4, 2011 Under Bash, Centos, Debian, Remote Access

Version control systems like CVS or Subversion are designed for keeping track of the changes of a project and for having the possibility to revert to old revisions if something goes wrong. In contrast to regular relational databases, these systems are made only for adding new content to a repository, and not for removing data from it. In fact, deleting old content is not a built-in functionality in SVN, and mostly requires removing entire revisions from the repository or even creating a new one.

But what happens if you accidentally commit a password or other sensitive information to a repository? This post explains how to remove this confidential data permanently from the repository by simply overwriting it in old revisions, i.e. without having to remove revisions or create a new repository.

First create a local repo where you’ll download googlecode’s repo to:

<code>svnadmin create /tmp/your_local_repo
</code>

create file /tmp/isd_gc/hooks/pre-revprop-change with contents

<code>#!/bin/bash
exit 0
</code>

make it eXecutable:

<code>chmod +x /tmp/isd_gc/hooks/pre-revprop-change
</code>

if you fail on this section you most likely will see an error: Revprop change blocked by pre-revprop-change hook (exit code 255) with no output.

now you can init the svn sync from code.google.com

<code>svnsync init --username yourname@youremail file:///tmp/your_local_repo https://yourproject.googlecode.com/svn 
</code>

and start downloading all history:

<code>svnsync sync --username  yourname@youremail file:///tmp/your_local_repo
</code>

Committed revision 1.

Copied properties for revision 1.

Transmitting file data …………………..

Copied properties for revision 87.

Now we create a dumpfile which will be fed to svndumpfilter to remove unwanted files.

<code>svnadmin dump . &gt; /tmp/tst_dump_gc.dmp
</code>

use svndumpfilter to remove first unwanted file from it.

<code>svndumpfilter exclude /trunk/unwanted file_1.jsvg &lt; /tmp/tst_dump_gc.dmp &gt; /tmp/tst_dump_clean1.dmp
</code>

Dropped 1 node:

‘/trunk/unwanted file_new.jsvg’

remove second unwanted file:

<code>svndumpfilter exclude /trunk/unwanted file_2.jsvg &lt; /tmp/tst_dump_clean1.dmp &gt; /tmp/tst_dump_clean2.dmp
</code>

recreate “old temp repo”

<code>rm -rf /tmp/your_local_repo

svnadmin create /tmp/your_local_repo
</code>

load filtered dump into repo

<code>[/tmp]$svnadmin load --ignore-uuid your_local_repo &lt; /tmp/tst_dump_clean2.dmp
</code>

Check that everything is ok in a svn client (doing a history check on the trunk only shows 25 first results in my svn client).

<code>svnsync sync --username yourname@youremail https://yourproject.googlecode.com/svn
</code>
Tags : , , , , , | add comments

virt-viewer Remote Access

Posted by root on Friday Apr 22, 2011 Under Debian, MySql, PHP, Remote Access

Virt-viewer has the capability to run locally and connect to a remote server, either directly to the libvirt daemon, or via an SSH tunnel. To do the latter, the following command will work for KVM (qemu) based hypervisors:

 

virt-viewer --connect qemu+ssh://user@host.example.com/system vmnamehere

With the above, you’ll have to enter your SSH password twice – first to establish the connection to the hypervisor and secondly to establish a tunnel to the VM’s VNC/SPICE session – you’ll probably quickly decide to get some SSH keys/certs setup to prevent annoyance.

Tags : , | add comments