OT: just ordered a hard-drive for my 1U server

[msssltd]

I am sure i will have to do a custom re-install, as the out-of-the-box general install is a little limp on packages.

You are right your Linux is a bit rusty and Linux has moved on a long way.

Your Linux Bible is probably going to be more distracting than useful.

What I would do is...

Download the CentOS7 Minimal ISO, burn to a bootable USB stick and run the install.
Getting the network up can be a bind the first time you do it, you could always ask here though..
Once you have internet access,
yum install nano
yum install wget
Then, hop over to webmin.com, import the pgp key, create the repo
yum install webmin
systemctl start webmin
Point your browser at htps://server_ip:10000
And it all get's a lot easier from there on in.

[msssltd]

i have been researching Snort IPS. i used it in the past, though i am sure it has changed since then (it used to be just a IDS). anybody use it? is it still relevant?

~Travis

If you really want IDS / IPS you may want to take a look at
https://suricata-ids.org

Sort of a Snort++

All these things need ongoing management to be effective though. The rule of KISS (keep it simple stupid) being that the more complex the system, the more likely a component will fail [primarily due to human error].  Often it is better to manage one thing well than two things poorly.

[travis_farmer]

linux ain't what used to be... everything i remember is outdated, so everything i want to do is apparently far more difficult than i remember.

all i want to do is install Apache (with perl, PHP), MySQL, and a simple SMTP server. perhaps my frustration level is just way too high right now. 

~Travis

[msssltd]

all i want to do is install Apache (with perl, PHP), MySQL, and a simple SMTP server.

See post #30

Should take you less than an hour to get webmin up

It all gets a lot easier from there

[travis_farmer]

See post #30

Should take you less than an hour to get webmin up

It all gets a lot easier from there

... waiting for CentOS iso to download... could take a while, as it hasn't even started yet.

~Travis

[travis_farmer]

and still waiting...

~Travis

[travis_farmer]

CentOS kept failing on the download (tried various mirrors). i am trying Debian at the moment (net install CD ISO).

~Travis

[msssltd]

Not sure why you are having so much trouble downloading CentOS

We have the UK mirror service over here and it is always solid.

https://www.mirrorservice.org/sites/mirror.centos.org/7.3.1611/isos/x86_64/CentOS-7-x86_64-Minimal-1611.iso

Or you could try this little server in Austin, Texas.  Download is rate limited but the server is usually reliable and on your side of the pond.
http://emscom.net/download/centos7/CentOS-7.0-1406-x86_64-Minimal.iso

Filesize is ~500MB
 
Don't worry about the minor version.  Yum can sort that out later.

[travis_farmer]

I got it this time. i also finished Debian, just in case (all 8 CDs  ). didn't really take long, once started. maybe 15 minutes per disk (just a low grade DSL). i tried the net install version of Debian, but that version didn't seem to like my network. bad/incorrect driver i think. but anyway, i won't have time to install until after work, after i burn the disks.

at least i have time to tests various OS's before i my 2TB drive arrives. that way i can see what "flavor" of Linux i like the best.

I have used Webmin, many years ago, BTW. but i couldn't install it on my version of Fedora, as it didn't even come with PERL. heck, it didn't even come with the compile tools to install PERL from source.

~Travis

[travis_farmer]

installed CentOS 7

Then, hop over to webmin.com, import the pgp key, create the repo

import the pgp key? create the repo?
i am downloading the RPM, if that is what you mean.

~Travis

[msssltd]

You don't need to download the RPM.  Yum can do that for you.

Code: [Select]


#import the pgp key
wget http://webmin.com/jcameron-key.asc
rpm --import jcameron-key.asc

#create the repo
nano /etc/yum.repos.d/webmin.repo
[webmin]
name=webmin
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
#eXit nano

#install webmin
yum install webmin -y


[travis_farmer]

ok, webmin is running... but it refuses my connection.

if i recall, webmin access defaults to localhost, but i don't remember if i can change that without logging in to webmin...

~Travis

[msssltd]

ok, webmin is running... but it refuses my connection.

On the server
Check the firewall is not blocking you
systemctl stop iptables

Check webmin is started
systemctl restart webmin

From your workstation
Connect from a browser
https://<server_ip>:10000

If https doesn't work try http.  Think it's https as default these days but I tend to forget the settings I change on auto-pilot.

Obviously the server and browser need to be on the same LAN and subnet
ping <server_ip>


Webmin is most useful as an aide-memoire for a headless server.  So no, you do not need to install X and the rest of the GUI bloat on the server before you can login remotely.  There is a restriction on localhost but not one you need worry about just yet.

[travis_farmer]

On the server
Check the firewall is not blocking you
systemctl stop iptables

it says it is not running.

Check webmin is started
systemctl restart webmin

done (verified using wget, both http and https accepting localhost).

From your workstation
Connect from a browser
https://<server_ip>:10000

still no go (both http and https)

Obviously the server and browser need to be on the same LAN and subnet
ping <server_ip>

ping works fine. (so does SSH console, BTW)

~Travis

[travis_farmer]

notice at the end

Code: [Select]


[root@blahblahblah etc]# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_public
-N FWDI_public_allow
-N FWDI_public_deny
-N FWDI_public_log
-N FWDO_public
-N FWDO_public_allow
-N FWDO_public_deny
-N FWDO_public_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_public
-N IN_public_allow
-N IN_public_deny
-N IN_public_log
-N OUTPUT_direct
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i eno1 -g FWDI_public
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -o eno1 -g FWDO_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -i eno1 -g IN_public
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT


i think the only port allowed is 22. though when i gave the command to stop iptables, no change.

just thought it was interesting.

~Travis