General Question

gorillapaws's avatar

Resources for learning how to administer Ubuntu Linux servers?

Asked by gorillapaws (22200points) July 22nd, 2010

I bought a small slice at Slicehost.com, and have been playing around with a Ubuntu (hardy) Linux server. I’ve been playing around with setting up a PostgreSQL database, running Apache, and eventually working with Django. None of this is serious, and I’m just doing this to learn.

I’m in the process of teaching myself to program (mostly Objective-C), but I really don’t have any experience with networking or server administration. For example, I’m totally unsure about all of the various ports and what needs to be open, and what needs to be locked down etc. How to recognize/prevent/protect against attacks.

The articles at Slicehost do a great job of telling you what to do, but they don’t really explain WHY you’re doing something. I would really appreciate it if someone could direct me to a book or resource that explains this stuff in a detailed and approachable/friendly way. I’m familiar with the basics of using the bash shell in OSX terminal, so that’s made things a bit easier.

Observing members: 0 Composing members: 0

5 Answers

wgallios's avatar

I dont know of any tutorials online. But I do highly suggest keeping a close copy of this “cheat sheet”

http://fosswire.com/post/2007/08/unixlinux-command-cheat-sheet/

I would say the most important thing to really understand is how to use apt-get to add/remove packages.

Also that how to start and stop services. Deamons are running ”/etc/init.d/” so to restart mysql would be something, “sudo /etc/init.d/mysql restart”.

Most conf files are in ”/etc” folder in their own directories. For example Apaches conf file is under ”/etc/apache/httpd.conf”.

And don’t forget your logs under ”/var/log/”.

Other then that, mess around and get a good feel for running the server. the “man” command is probably going to be your best friend.

Never use the root user, you should use sudo to execute super user commands.

As far as ports though, only open up ones you need, for example 80 if your running a web server, 110 for POP3, and 25 for STMP, 21 for FTP, 22 for SSH (I would suggest switching to something else to stop attacks like port 2995, or 512. People scan for that port to be open and try to ssh in to your box), and 3306 for MySQL.

hope that helps

gorillapaws's avatar

So if I change the port I use to SSH in with to some random, unused port and leave that open, can’t a hacker just scan through all of my open ports using a port scanning utility (like stroke on OSX) and find it open? If they find that open port would I be any more secure having it be on a non-standard port than on one officially designated for SSH? Or is the fact that it’s open all that matters?

Also, are there any incentives to taking over tiny slicehost servers with nothing of real value? Aren’t hackers mostly looking to break into things with interesting data? Or could my little server be a target for something (like being able to route bigger attacks through it or something)?

Thanks for taking the time to answer.

ETpro's avatar

I have a Notebook I’m planning on putting Ubuntu on. My son switched his over, and his advice was to first set up a USB virtual Machine for Ubuntu on my Desktop machine and learn to use Ubuntu there. That is what he did. He could that way learn Linux without taking a machine out of useful service in the process. Here’s one such solution. http://www.pendrivelinux.com/category/virtual-machine/

wgallios's avatar

The reason for changing the SSH port is because by moving it to something else, that port could be anything. Most firewalls will detect a port scan and block it, so if someone were to port scan, they are probably going to check for good ports like 21, 22, 25 etc. before they get stopped and not something random that could potentially be nothing like port 2995. Considering probably most leave SSH on its default port, if 22 is not open on your server, they would probably just goto the next server.

Its not a fool proof method, but it’s just an added security measure.

As far as people breaking into your server, it all depends on what they want to do. If they want your data, then thats a good motive. Perhaps they just want to take over your server to use it as a mail server for spaming. Then they may not be interested at all with your data.

gorillapaws's avatar

@wgallios Thanks for the explanation (it makes a lot of sense). I’ve been playing around a bit more and I took a look at the logs. It seems I’ve got a few assholes who are trying to brute force in (several from China). I installed fail2ban and that seems to have helped a bit. The other thing is I added “tiananmen square massacre” “freedom” and “democracy” in a dummy site’s meta tag. Not sure if the Chinese government will block me or not, but it can’t hurt.

Do you know of any good books on this stuff by the way?

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther