DreamHost PS Hardening and Management

From DreamHost
Jump to: navigation, search

VPS

Overview of Hardening and Managing a DreamHost PS

Intent of article is to help new admins with general information on hardening (securing) and managing their virtual server. Since there are are already articles about managing PS using DreamHost's web panel, this article will attempt to show other, third party viable solutions and how they may interact with DreamHost's default server setup. Initial draft centers on a basic Apache web server setup, with Webmin management augmenting DreamHost's panel.


Hardening a DreamHost PS

Hardening, or securing, your PS is critical to the security of the server and your data. There are many resources on the web with regards to hardening a Linux installation. The base PS Operating System is Debian Linux 5.0 'Lenny' making Securing Debian Manual the most relevant documentation to read first, specifically the section on services, since DH has set most of the system up already.

Firewall

Debian would normally include a kernel with compiled support for the iptables firewall. However, due to limitations with the virtualization software, Linux-VServer, utilized to create each DreamHost PS, there is currently (June, 2010) no functioning iptables or other firewall program. At this time, Linux-VServer does not support network namespaces (as would be needed when using a guest OS iptables firewall).

You could install another firewall package... but with a basic web server setup, and limited service ports open, it may be overkill. We'll concentrate on hardening the ports you need to leave exposed for remote management and turning off all services that you don't need. Certainly, if you feel a firewall is necessary, you should install one.

Managing a DreamHost PS

Webmin

You can use directions at the following link to download and install webmin.

http://www.webmin.com/deb.html

After

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.710_all.deb
dpkg --install webmin_1.710_all.deb

works fine but;

You will see an error about libauthen-pam-perl and apt-show-versions packages. (November, 2014)

You can also follow instructions at the link below to enable port 10000 to access webmin interface, http://yourserver:10000/ .

http://www.webmin.com/firewall.html

Dreamhost VPS returns an error to command; (November, 2014)

sudo iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT

Error:

FATAL: Could not load /lib/modules/3.1.9-vs2.3.2.5vs2.3.2.5+/modules.dep: No such file or directory
 iptables v1.3.6: can't initialize iptables table `filter': Permission denied (you must be root)
  Perhaps iptables or your kernel needs to be upgraded.

You can use

dpkg -r webmin

to uninstall webmin from your VPS



See also


External link