Go Down

Topic: OT: just ordered a hard-drive for my 1U server (Read 7548 times) previous topic - next topic

msssltd

...and then back on topic...

Don't disregard the various "Pi"s for a server.
That's the plan for my DC monitoring upgrade.  Model III Pi running probes against the production boxes with mrtg/rrdtool rolling up the reports on a web page.  

The I/O on the production boxes is a bit more than I would want to trust to a Pi ;)


Chagrin

i have been researching Snort IPS. i used it in the past, though i am sure it has changed since then (it used to be just a IDS). anybody use it? is it still relevant?

~Travis
Snort has its uses but there's a lot of time involved in implementing it -- not just in cleaning up rulesets but also integrating it with a firewall so that it's useful. A better place to start would be to install Nessus and use it to run scans against your network.

Chagrin

I am sure i will have to do a custom re-install, as the out-of-the-box general install is a little limp on packages. yes, i could manually install the packages i want, but rather than having to chase dependencies, i will let the software do it.
Geez, you are rusty. On RPM-based distributions you just need to "yum search something" to find the name of the package, then "yum install something" to install it. It works out all the dependencies for you.

I'm sure there's also some kind of GUI thingy too, if you're into that sort of thing.

msssltd

I am sure i will have to do a custom re-install, as the out-of-the-box general install is a little limp on packages.
You are right your Linux is a bit rusty and Linux has moved on a long way.

Your Linux Bible is probably going to be more distracting than useful.

What I would do is...

Download the CentOS7 Minimal ISO, burn to a bootable USB stick and run the install.
Getting the network up can be a bind the first time you do it, you could always ask here though..
Once you have internet access,
yum install nano
yum install wget
Then, hop over to webmin.com, import the pgp key, create the repo
yum install webmin
systemctl start webmin
Point your browser at htps://server_ip:10000
And it all get's a lot easier from there on in.


msssltd

i have been researching Snort IPS. i used it in the past, though i am sure it has changed since then (it used to be just a IDS). anybody use it? is it still relevant?

~Travis
If you really want IDS / IPS you may want to take a look at
https://suricata-ids.org

Sort of a Snort++

All these things need ongoing management to be effective though. The rule of KISS (keep it simple stupid) being that the more complex the system, the more likely a component will fail [primarily due to human error].  Often it is better to manage one thing well than two things poorly.


msssltd

all i want to do is install Apache (with perl, PHP), MySQL, and a simple SMTP server.
See post #30

Should take you less than an hour to get webmin up

It all gets a lot easier from there




msssltd

Not sure why you are having so much trouble downloading CentOS

We have the UK mirror service over here and it is always solid.

https://www.mirrorservice.org/sites/mirror.centos.org/7.3.1611/isos/x86_64/CentOS-7-x86_64-Minimal-1611.iso

Or you could try this little server in Austin, Texas.  Download is rate limited but the server is usually reliable and on your side of the pond.
http://emscom.net/download/centos7/CentOS-7.0-1406-x86_64-Minimal.iso

Filesize is ~500MB
 
Don't worry about the minor version.  Yum can sort that out later.

msssltd

You don't need to download the RPM.  Yum can do that for you.
Code: [Select]

#import the pgp key
wget http://webmin.com/jcameron-key.asc
rpm --import jcameron-key.asc

#create the repo
nano /etc/yum.repos.d/webmin.repo
[webmin]
name=webmin
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
#eXit nano

#install webmin
yum install webmin -y

msssltd

ok, webmin is running... but it refuses my connection.
On the server
Check the firewall is not blocking you
systemctl stop iptables

Check webmin is started
systemctl restart webmin

From your workstation
Connect from a browser
https://<server_ip>:10000

If https doesn't work try http.  Think it's https as default these days but I tend to forget the settings I change on auto-pilot.

Obviously the server and browser need to be on the same LAN and subnet
ping <server_ip>


Webmin is most useful as an aide-memoire for a headless server.  So no, you do not need to install X and the rest of the GUI bloat on the server before you can login remotely.  There is a restriction on localhost but not one you need worry about just yet.


msssltd

#24
Mar 02, 2017, 07:37 pm Last Edit: Mar 02, 2017, 07:38 pm by MattS-UK
That is the default rule set.  If you have stopped the firewall, the rules are not loaded.


Try
netstat -nlvp4
See if there is anything listening on 10000.


Check selinux policy and disable enforcement temporarily
yum install policycoreutils -y
sestatus
setenforce 0


Probably selinux

msssltd

The DVD contains the same packages as yum downloads, except the DVD packages may not be the latest release.  Webmin is an aide memoire, not a GUI.  Applications do not come pre-configured like a Windows desktop.  The best way to work is step by step, doing one thing At a time, and getting it right, before moving on.  I realise this could be a challenge for you but If you don't work methodically you will tie yourself in a knot.

Webmin, network, firewall, perl modules, mysql, php, Apache. Is the order I have settled on.


msssltd

Getting late over here.  Will take a look in the morning

Chagrin

Try
netstat -nlvp4
Don't forget he's using CentOS 7. All the perfectly good network utilities we'd been using for the past umpteen years have now being replaced and are no longer default.

Stupid jerks. :(

msssltd

#28
Mar 03, 2017, 12:15 pm Last Edit: Mar 03, 2017, 12:15 pm by MattS-UK
Good point Chagrin

I tend to forget the things I do on autopilot
yum whatprovides netstat
yum install net-tools -y

Travis.  If I can persuade you to blow away what you have done and start again with a clean install of CentOS minimal,  I have a web server to prepare for a customer so we could go through it step by step.



msssltd

Once you have the network up, bring the OS up to date with
yum update -y

Then you will want some basic utilities
yum install nano wget curl telnet bind-utils net-tools mailx deltarpm -y

And time services
yum install ntp sntp ntpdate

Go ahead and start the time services
systemctl start ntpd
systemctl enable ntpd

SE Linux is going to prove a distraction, so set it to permissive
nano /etc/selinux/config
Code: [Select]

#SELINUX=disabled
#SELINUX=enforcing
SELINUX=permissive

#SELINUXTYPE=minimum
#SELINUXTYPE=mls
SELINUX=targetd


systemctl reboot

Create the webmin repo
nano /etc/yum.repos.d
Code: [Select]

[Webmin]
name=Webmin
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1


Import the pgpkey
wget http://www.webmin.com/jcameron-key.asc
rpm --import jcameron-key.asc

Install webmin
yum install webmin -y

Finally, you can start webmin - I gave you a bum steer here yesterday.  
Webmin does not have a service file for systemd, so we fall back to the old sysv
service webmin start
chkconfig webmin

Login to webmin from your browser, and that should really be
https://<server_ip>:10000

Head over to Hardware, System Time, Time Server Sync
Code: [Select]

Servers. 0.pool.ntp.org, 1.pool.ntp.org
[x] set hardware time
Sync on webmin startup: yes
Sync on schedules: yes
Schedule: once every hour


Feel free to check your network settings but don't be tempted to turn on the firewall just yet.

A good time for a reboot, check webmin comes up as it should.

Next step will be to install perl and some of the modules webmin uses.


Go Up