|
Ettiqute note: I posted to the main cobalt group
(although slightly off-topic for there) and didn't any response. Don't know
if its because I am being too theoretical, people don't know (or care), don't
have time, or they hate me.. :) Anyhow, I figured I would try a repost here as
it seems to me a critical topic, especially for anyone who is starting out and
wading through all the possibilities.
So, I have had quite a time battening down the
hatches on my new "toy". Now that I have all this stuff running, I have a couple
of questions that are somewhat troubling me. Sorry if they come from all ends of
the spectrum, but I plan to post a summarization of what I have learned over the
last few weeks as a ad-hoc FAQ from which we can build a real newbie "how-to"
for the cobalt as it seems that something like that would be REALLY useul - it
would have been for me. Of course, I will expect help from the public as I am no
braintrust - everything I know I learned because someone else figured it out
first and was good enough to help.
1) If I have SSL enabled and am logging into the GUI via http://domain.com/admin - does Cobalt ask for my password through the SSL server, or is it plain-text? If plain-text, how can I SAFELY use the GUI - what else do I need to do? ** Update - I think its secure, but I'm still not positive ** 2) I installed SSH, but realized that it isn't used when posting with FrontPage. So, the FrontPage password appears in plain text, correct? And is there anything I can do about it? It appears that it probably is a minimal risk as the webmaster isn't really even a "real" user, but perhaps I am being naive too. 3) Now that I have SSH installed, I should be able to disable telnet all together and still get into the system via a SSH "telnet" session, or will disabling telnet lock me out of SSH also? I am presuming that they are separate and unrealated - correct or incorrect? *** Update/Answer - correct - SSH still works with
telnet disabled - I got brave and tried it :) ***
4) I installed iXplorer to do FTP type sessions through the SSH, but when logging in as admin, I cannot go above the admin user directory... Any ideas what I should do, or what alternate program would be better? 5) I tried to install the Laurie Duncan's CGI-Wrap modifications that she put on ftp.cobaltnet.com (referred from message 023300.html of October 2000), put received several file conflict error messages. It appears that the latest patches to the system must have newer versions - any idea if they incorporated her modifications or if they have now just rendered her efforts useless in running cgi through a shared SSL? 6) FrontPage posts sites as the user "nobody". In several of my sites, I have imported cgis into the site and post them to the site. In order to get my cgi's to work, I had to chown them to the site admin's username. However, if I make a configuration change and repost my site, it goes back to nobody. Other than the obvious - remove them from the FrontPage site, anybody know of a way to force the permissions to stay as the user and not "nobody"? 7) it seems like standard "locking down" of a cobalt server includes several things - anybody want to suggest anything else that one should do as "standard operating procedure"? They include: SSH; SSL; IPChains; PortSentry; LogCheck; Trip Wire; disabling telnet, FTP, and other unused services; not giving any users any REAL priveledges, creating a new account to serve as admin and killing priviledges for admin; and GOOD, LONG passwords? 8) Do you bother to write to the ISP of attackers,
asking them to take action against their hacker client?
9) Anyone recommend a GOOD book on using linux, for
those who need to learn how to do stuff the GUI doesn't cover, particularly with
respect to linux use (i.e. crons, rc files, config files, basic commands,
etc.). I think this would probably be a good recommendation for a "newbie" to
get before venturing into the command line mode, at least for a basic
understanding.
Remember I plan to eventually post a FAQ of some sort, or at least a link to a small site with all the info I learned in one place. Thanks, in advance, for your brain cycles and work. Rick Ewart |