Go Down

Topic: OT: just ordered a hard-drive for my 1U server (Read 2889 times) previous topic - next topic

MattS-UK

I am sure i will have to do a custom re-install, as the out-of-the-box general install is a little limp on packages.
You are right your Linux is a bit rusty and Linux has moved on a long way.

Your Linux Bible is probably going to be more distracting than useful.

What I would do is...

Download the CentOS7 Minimal ISO, burn to a bootable USB stick and run the install.
Getting the network up can be a bind the first time you do it, you could always ask here though..
Once you have internet access,
yum install nano
yum install wget
Then, hop over to webmin.com, import the pgp key, create the repo
yum install webmin
systemctl start webmin
Point your browser at htps://server_ip:10000
And it all get's a lot easier from there on in.


MattS-UK

i have been researching Snort IPS. i used it in the past, though i am sure it has changed since then (it used to be just a IDS). anybody use it? is it still relevant?

~Travis
If you really want IDS / IPS you may want to take a look at
https://suricata-ids.org

Sort of a Snort++

All these things need ongoing management to be effective though. The rule of KISS (keep it simple stupid) being that the more complex the system, the more likely a component will fail [primarily due to human error].  Often it is better to manage one thing well than two things poorly.


travis_farmer

linux ain't what used to be... everything i remember is outdated, so everything i want to do is apparently far more difficult than i remember.

all i want to do is install Apache (with perl, PHP), MySQL, and a simple SMTP server. perhaps my frustration level is just way too high right now.  >:(

~Travis
Currently trying to build a DIY CNC machine.

MattS-UK

all i want to do is install Apache (with perl, PHP), MySQL, and a simple SMTP server.
See post #30

Should take you less than an hour to get webmin up

It all gets a lot easier from there




travis_farmer

See post #30

Should take you less than an hour to get webmin up

It all gets a lot easier from there




... waiting for CentOS iso to download... could take a while, as it hasn't even started yet.

~Travis
Currently trying to build a DIY CNC machine.

travis_farmer

Currently trying to build a DIY CNC machine.

travis_farmer

CentOS kept failing on the download (tried various mirrors). i am trying Debian at the moment (net install CD ISO).

~Travis
Currently trying to build a DIY CNC machine.

MattS-UK

Not sure why you are having so much trouble downloading CentOS

We have the UK mirror service over here and it is always solid.

https://www.mirrorservice.org/sites/mirror.centos.org/7.3.1611/isos/x86_64/CentOS-7-x86_64-Minimal-1611.iso

Or you could try this little server in Austin, Texas.  Download is rate limited but the server is usually reliable and on your side of the pond.
http://emscom.net/download/centos7/CentOS-7.0-1406-x86_64-Minimal.iso

Filesize is ~500MB
 
Don't worry about the minor version.  Yum can sort that out later.

travis_farmer

I got it this time. :D i also finished Debian, just in case (all 8 CDs  :o ). didn't really take long, once started. maybe 15 minutes per disk (just a low grade DSL). i tried the net install version of Debian, but that version didn't seem to like my network. bad/incorrect driver i think. but anyway, i won't have time to install until after work, after i burn the disks.

at least i have time to tests various OS's before i my 2TB drive arrives. that way i can see what "flavor" of Linux i like the best.

I have used Webmin, many years ago, BTW. but i couldn't install it on my version of Fedora, as it didn't even come with PERL. heck, it didn't even come with the compile tools to install PERL from source.

~Travis
Currently trying to build a DIY CNC machine.

travis_farmer

installed CentOS 7 :D

Quote
Then, hop over to webmin.com, import the pgp key, create the repo
import the pgp key? create the repo?
i am downloading the RPM, if that is what you mean.

~Travis
Currently trying to build a DIY CNC machine.

MattS-UK

You don't need to download the RPM.  Yum can do that for you.
Code: [Select]

#import the pgp key
wget http://webmin.com/jcameron-key.asc
rpm --import jcameron-key.asc

#create the repo
nano /etc/yum.repos.d/webmin.repo
[webmin]
name=webmin
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
#eXit nano

#install webmin
yum install webmin -y

travis_farmer

ok, webmin is running... but it refuses my connection.

if i recall, webmin access defaults to localhost, but i don't remember if i can change that without logging in to webmin...

~Travis
Currently trying to build a DIY CNC machine.

MattS-UK

ok, webmin is running... but it refuses my connection.
On the server
Check the firewall is not blocking you
systemctl stop iptables

Check webmin is started
systemctl restart webmin

From your workstation
Connect from a browser
https://<server_ip>:10000

If https doesn't work try http.  Think it's https as default these days but I tend to forget the settings I change on auto-pilot.

Obviously the server and browser need to be on the same LAN and subnet
ping <server_ip>


Webmin is most useful as an aide-memoire for a headless server.  So no, you do not need to install X and the rest of the GUI bloat on the server before you can login remotely.  There is a restriction on localhost but not one you need worry about just yet.


travis_farmer

Quote
On the server
Check the firewall is not blocking you
systemctl stop iptables
it says it is not running.

Quote
Check webmin is started
systemctl restart webmin
done (verified using wget, both http and https accepting localhost).

Quote
From your workstation
Connect from a browser
https://<server_ip>:10000
still no go (both http and https)

Quote
Obviously the server and browser need to be on the same LAN and subnet
ping <server_ip>
ping works fine. (so does SSH console, BTW)

~Travis
Currently trying to build a DIY CNC machine.

travis_farmer

#44
Mar 02, 2017, 07:03 pm Last Edit: Mar 02, 2017, 07:03 pm by travis_farmer
notice at the end

Code: [Select]

[root@blahblahblah etc]# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_public
-N FWDI_public_allow
-N FWDI_public_deny
-N FWDI_public_log
-N FWDO_public
-N FWDO_public_allow
-N FWDO_public_deny
-N FWDO_public_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_public
-N IN_public_allow
-N IN_public_deny
-N IN_public_log
-N OUTPUT_direct
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i eno1 -g FWDI_public
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -o eno1 -g FWDO_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -i eno1 -g IN_public
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT


i think the only port allowed is 22. though when i gave the command to stop iptables, no change.

just thought it was interesting.

~Travis
Currently trying to build a DIY CNC machine.

Go Up
 


Please enter a valid email to subscribe

Confirm your email address

We need to confirm your email address.
To complete the subscription, please click the link in the email we just sent you.

Thank you for subscribing!

Arduino
via Egeo 16
Torino, 10131
Italy