Re: [libreplanet-discuss] Hello, and setting up a server
Thanks to everyone for their replies to my question last week. It may be a while before I get a chance to set up a server, but I'll keep your answers in storage, and if I run into problems you might hear from me. If I'm successful I'll document what I did so other non-experts can repeat it. Jim Garrett
Re: [libreplanet-discuss] Hello, and setting up a server
On 04/26/15 02:36, Jim Garrett wrote: Am I correct in thinking that running a server for this purpose requires a static IP address? No. You can enlist the aid of a dynamic dns service. I use DNSexit. The catch of this solution is that you must run a script on your server that periodically checks its IP address and updates the dns server when it changes. Sound simple but the biggest gotcha is when the update script stop working. For myself, I use a bash script wrapper around the perl updater to detect when it has lost the plot, then restart it. Lots of inexperienced people running servers sounds like a large-scale security disaster waiting to happen. Is there any way this could be managed? I just started a high security project at work this year. How far you need to go depends on the sensitivity of the data and services you want to protect. Here is some low hanging fruit: * Do not use SSH, or enable SSH on a non-standard port. * Use SSHGuard to detect and stop brute forcing attempts (works for more than just SSH btw). * Use IPTables, or similar firewall, to block ports other than those being used. * Install Snort to detect network intrusion attempts. * Install AIDE to detect intrusion (and rootkits) at the filesystem level. -- 0xE1A91299.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: [libreplanet-discuss] Hello, and setting up a server
Server/Client is a false dichotomy designed to make you think of yourself as helpless and to make people afraid of sharing. Attaching any computer to a network opens that computer to attack but a person running a free software social network is safer than someone simply browsing with malicious software like Microsoft Windows which is already an ongoing security disaster. It should be no more difficult to provide high quality social network software with reasonable default settings than it is to provide desktop software and my own experience says that's true. I'm an ordinary user but I've been able to run server software for more than a decade without problems. http://50.80.140.55/photo_album/chron/desktop/gateway_index.html I have no security illusions. Skilled crackers could easily break my computers, but they can do that no matter what I run. The worst they can do is what software owners already do to non free software users - they can take over my computer, invade my privacy, keep me from being able to share, and otherwise use my computer against me and my neighbors. My best protection is the free software community and multiple backups of things I consider important. Make yourself a full citizen of the internet today! Share with your friends, family and strangers. Your computer can do it. On Saturday 25 April 2015, Jim Garrett wrote: Lots of inexperienced people running servers sounds like a large-scale security disaster waiting to happen. Is there any way this could be managed?