Topic: Help Please

[bron]

Hi all,

I need to get a web server online by the end of the weekend, if anyone has time to help me get it setup and working in a secure way i'd appreciate the help.

Below are the things I am trying to achieve and I would appreciate any other suggestions for stuff that I have missed.

I'd like to setup so that there is no anonymous ftp to the site but users can ftp in via name/password to various sections of the site such as ibays.

I'd like eMail to work.

I'd like the site to be as secure as possible but it will be hosted away from where I am so i'll need access to the site and the server from where I am.  The server will be hosted by the same ISP so I suspect I can set myself up as a local subnet.

Does it offer a DNS option or should I see if my ISP will put the DNS information I need into their server?  

I need to add a tape backup unit to the machine (HP DDS2 C2983D) and setup backups as well as database dumps on a regular basis.

Currently when I connect to the box and enter mysql I am not prompted for a name/password, is this an insecurity that needs to be addressed?

Any advice/assistance would be appreciated.

Thanks




Bron

[Cyrus Bharda]

Bron,

bron wrote:
>
> Hi all,
>
> I need to get a web server online by the end of the weekend,
> if anyone has time to help me get it setup and working in a
> secure way i'd appreciate the help.

When you install SME it is a web server as a standard install. (I _think_ 75% sure )
 
> Below are the things I am trying to achieve and I would
> appreciate any other suggestions for stuff that I have missed.
>
> I'd like to setup so that there is no anonymous ftp to the
> site but users can ftp in via name/password to various
> sections of the site such as ibays.

Easy setup a couple of ibays and users after installation.
 
> I'd like eMail to work.

Again it is an email server from the standard install.

> I'd like the site to be as secure as possible but it will be
> hosted away from where I am so i'll need access to the site
> and the server from where I am.  The server will be hosted by
> the same ISP so I suspect I can set myself up as a local
> subnet.

Well the security all depends on whoever is hosting the site then, not SME.
I also have our website hosted elsewhere, do a search as there a couple of different ways to setup your SME, I did it in the hostnames and addressses, but there are other ways of achieveing this.
 
> Does it offer a DNS option or should I see if my ISP will put
> the DNS information I need into their server?

I use our SME here as the main DNS and then have entered in my ISP's DNS servers as backups, never had a problem with SME's though.

> I need to add a tape backup unit to the machine (HP DDS2
> C2983D) and setup backups as well as database dumps on a
> regular basis.

Setup the flexbackup in the server-manager to backup whenever you would like to.

> Currently when I connect to the box and enter mysql I am not
> prompted for a name/password, is this an insecurity that
> needs to be addressed?

I have no idea on that one sorry, have not played around with mysql at all.

> Any advice/assistance would be appreciated.

Well admittedly it wasnt much but hope it helped a little bit ,

Cyrus Bharda

[Dan Brown]

bron wrote:

> I'd like to setup so that there is no anonymous ftp to the
> site but users can ftp in via name/password to various
> sections of the site such as ibays.

    By default, anon ftp can read, but not write.  Users can write to their own home directories, and whatever else you give them access to.

> I'd like eMail to work.

    It's set up as an email server out of the box.  Are you having problems?

> I'd like the site to be as secure as possible but it will be
> hosted away from where I am so i'll need access to the site
> and the server from where I am.  The server will be hosted by
> the same ISP so I suspect I can set myself up as a local
> subnet.

    You should be able to do your server admin tasks via SSH.

> Does it offer a DNS option or should I see if my ISP will put
> the DNS information I need into their server?

    It doesn't do public DNS by default, and if you don't really know what you're doing, it's best to not attempt to host it yourself.  Check with your ISP or somebody like zoneedit.com.

> I need to add a tape backup unit to the machine (HP DDS2
> C2983D) and setup backups as well as database dumps on a
> regular basis.

    The scheduled daily tape backup includes database dumps, and AFAIK SME would support this drive.

> Currently when I connect to the box and enter mysql I am not
> prompted for a name/password, is this an insecurity that
> needs to be addressed?

    No; this is the case only for the root user.  There actually is a password, and a long one at that.  More information can be found at http://www.familybrown.org/howtos/mysql-password-howto.html.

[Doug M.]

>> Currently when I connect to the box and enter mysql I am not
>> prompted for a name/password, is this an insecurity that
>> needs to be addressed?

> No; this is the case only for the root user. There actually is a password, and a
> long one at that. More information can be found at
> http://www.familybrown.org/howtos/mysql-password-howto.html.

Just to further note on this that by default root is the only account that can log into the console. So no this is not a problem.

[bron]

Hey thanks for all the help.  Just to fill you in, it's not on the net yet.  For about a year i've had a couple of web sites hosted by someone else who can no longer afford to host them for me.  Apparently my sites nearly exceeded 5Gb of bandwidth last month which is costly for them.  So i've got to move the sites by the end of the weekend.  

I downloaded 5.6 SME as i've used an older version as my "development server" here for a while but have never bothered with correct configuration or security as my development server is little more than a place to park Apache.

The server itself will be hosted at my parents house as they have cable and I cannot get cable where I live but my mother is computer illiterate so i'll not be able to rely on her helping me with it (although she is proudly boasting about being a webmaster .

I really know nothing about Linux or anything like so I feel like this task is quite daunting especially considering the timeframe i've been given to complete the task.  If no one minds i'll get some more questions together when I get home tonight about the server-manager configuration and how i'll need to set that up to achieve what i'm after with regards to eMail configuration etc.  My main requirement is not to lose any eMails as my hubby's business runs on one of the sites.

My biggest concern is to ensure that the site isn't hacked and that the eMail is received and no one uses it to bounce spam.



Bron

[dave]

SME is the perfect tool for you based on your requirements.  I have a SME installation at home as my internet gateway sharing internet connections to all computers in my home.  I also host a number of public web sites, not a tremendous amount of activity but it's important to those the sites represent.  It also acts as my email system with remote web mail access (this is one of it's best features for me).  

SME has a built in firewall and is a pretty secure installation, it only loads the minimal amount of modules that's required to perform the specific tasks.  By default, SME is NOT a public email relay so you shouldn't have any problems with that either.

I have a static IP from my ISP so once my domain names were registered (my ISP doesn't provide DNS services so I use a 3rd party service), I don't have to worry about changes.  I have ADSL because our cable provider wouldn't allow a static IP and they block all port 80 traffic locally so to stick with cable, I'd have to use something like TZO that not only does dynamic DNS but transparent non - standard port use for web hosting.

SME is extremely easy to set up so you shouldn't have any problems getting it online.  

Good luck!!!

[bron]

Thanks Dave, I have obviously made the right choice.  I'm struggling with the concepts and the configurations but I think i'll get there in the end.

Unfortunately I have to have it online this weekend as I'm losing my other hoster so i'm getting a little stressed .. later on i'll probably be able to sit back and laugh about this





Bron