Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › centos VPS monitoring software
New Posts  All Forums:Forum Nav:

centos VPS monitoring software - Page 2

post #11 of 34
Thread Starter 
when its crashing we cant ssh in... its running feed the beast.. which is about 60 mods..

at this time.. there was 6 or 7 people on...

it averages around 35% constant accross the cores... sometimes going up to 70 if someone does something...

but anyway the performance of it isnt the issue.. its the part where the host seems to think when their nodes go down... there isnt a problem..
Phenom
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 9600BE GIGABYTE GA-MA78GM-S2H Biostar 8800GT 2X2GB Ballistix 
Hard DriveOptical DriveOSMonitor
RaptorX Samsung DVD burner Win 7 20" Samsung 204BW 
  hide details  
Reply
Phenom
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 9600BE GIGABYTE GA-MA78GM-S2H Biostar 8800GT 2X2GB Ballistix 
Hard DriveOptical DriveOSMonitor
RaptorX Samsung DVD burner Win 7 20" Samsung 204BW 
  hide details  
Reply
post #12 of 34
Quote:
Originally Posted by Plan9 View Post

The server I used to play Minecraft on was an old iMac PowerPC. It was something like 512MB RAM and a slow single core CPU. Amazingly Minecraft ran pretty well on that. However the recommended specs are a dual core with 4GB RAM (as your box was). And as top doesn't give any indication of the (virtual) CPUs -only memory usage and CPU load- I had to ask smile.gif
That was my line of thinking too.

The issue is only further blown out of proportion by the fact that Java incorrectly reports memory usage via TOP. Similar to many wine processes it says it's reserved roughly "16tb of memory". Obviously this isn't possilbe in almost any case. The only way to know how much memory the JVM actually has access to is to look at the command line, or run a plugin that reports memory usage via an in-game command. Anyways, my inclination is probably running out of ram... But not because the VM doesn't have enough, but because you aren't passing the java max and min memory values via command line at start.
    
CPUMotherboardGraphicsRAM
Core i7 920 D0 4.2ghz HT (1.3625v) Asus R3E 2xGTX 460 (non SLi, no overclock) 6x2gb G.skill @ 6-8-6-24-1T 
Hard DriveOptical DriveOSMonitor
WD-VR 300GBx1, 2xWD 1tb,2x60gb Agility Some crappy combo burner... Arch x64 3xDell U2410f rev A02 
KeyboardPowerCaseMouse
X-Armor U9BL TT Toughpower 1200w (NTB more efficient) Mountain Mods Pinnacle 24 CYO Roccat Kone (R.I.P. A4Tech x7) 
Mouse Pad
Steelpad Experience I-1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 920 D0 4.2ghz HT (1.3625v) Asus R3E 2xGTX 460 (non SLi, no overclock) 6x2gb G.skill @ 6-8-6-24-1T 
Hard DriveOptical DriveOSMonitor
WD-VR 300GBx1, 2xWD 1tb,2x60gb Agility Some crappy combo burner... Arch x64 3xDell U2410f rev A02 
KeyboardPowerCaseMouse
X-Armor U9BL TT Toughpower 1200w (NTB more efficient) Mountain Mods Pinnacle 24 CYO Roccat Kone (R.I.P. A4Tech x7) 
Mouse Pad
Steelpad Experience I-1 
  hide details  
Reply
post #13 of 34
Quote:
Originally Posted by Plan9 View Post

Cool, here's a list of bullet points - some of which you might already have done but I want to cover all bases. I'll go into more detail on each and every point if you need me to, but if I do an overview here then there's a reference for you and others for what needs to be done to secure a box:
  • create a user account, check you can "su" from that and if so, disable root SSH log ins.
  • either disable password logins and/or install fail2ban and enabled SSH rules to prevent brute force attacks
  • check that your mail server and any database servers are only listening on localhost (127.0.0.1).
  • check that your game server, voice server and web server (and everything else that you run on that box) runs as a user and not as root. (this should be default)

I think those are the main things.

One thing that I also did to help protect on my VPS was changing the SSH port to something random (for instance 38697). Most brute force attacks from people just trying to get in to anything (like china) will try 22 and if they can't get in they move on. I do allow mail from external on my VPS, only because I host my own mail. That has been locked down however, with user auth and ip acceptance from the places needed.
post #14 of 34
Quote:
Originally Posted by herkalurk View Post

One thing that I also did to help protect on my VPS was changing the SSH port to something random (for instance 38697). Most brute force attacks from people just trying to get in to anything (like china) will try 22 and if they can't get in they move on.
Technically that's security through obscurity and is not actually offering any protection. In fact I'd go further and say it's actually pretty bad advice (though a very common suggestion)

It only takes a cursory port scan to highlight which port you have SSH open on (SSH responds in clear text). What's more, system daemons should be kept on ports below 1024 as only root can open those ranges. This means that someone cannot replace your daemon with their own fake process without gaining root access (less of an issue with SSH though because that's quite a good service to keep open if you've already broken into a system - but it's worth baring in mind for those who like to run HTTP, SMTP or FTP services on non-standard ports).

So regardless of whether you use a non-standard port or not, you'd still need to lock your port down with either keys and disabled password logins; or with rate limiting like with fail2ban. So you actually gain nothing by changing in the port number.
Edited by Plan9 - 5/13/13 at 9:20am
post #15 of 34
Thread Starter 
so does anyone have any turtials on how to do secure a server like this..

i am not having a problem with performance or java.. or minecraft... its just the OS i dont know that much how to use and i have to follow turtials.
Phenom
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 9600BE GIGABYTE GA-MA78GM-S2H Biostar 8800GT 2X2GB Ballistix 
Hard DriveOptical DriveOSMonitor
RaptorX Samsung DVD burner Win 7 20" Samsung 204BW 
  hide details  
Reply
Phenom
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 9600BE GIGABYTE GA-MA78GM-S2H Biostar 8800GT 2X2GB Ballistix 
Hard DriveOptical DriveOSMonitor
RaptorX Samsung DVD burner Win 7 20" Samsung 204BW 
  hide details  
Reply
post #16 of 34
Quote:
Originally Posted by Ace_001 View Post

so does anyone have any turtials on how to do secure a server like this..

i am not having a problem with performance or java.. or minecraft... its just the OS i dont know that much how to use and i have to follow turtials.

I'd still feel happier if we can prove what the fault is, but I think you would need real time help for that. Sadly it's gone 1am here, but if youre happy to trust an internet random on your server, pm me the details and I can have a look to your problems in the morning . I can also secure your box too. However I completely understand if you'd rather not trust a random OCN member with root access to your box :-)
post #17 of 34
Quote:
Originally Posted by Plan9 View Post

Technically that's security through obscurity and is not actually offering any protection. In fact I'd go further and say it's actually pretty bad advice (though a very common suggestion)

It only takes a cursory port scan to highlight which port you have SSH open on (SSH responds in clear text). What's more, system daemons should be kept on ports below 1024 as only root can open those ranges. This means that someone cannot replace your daemon with their own fake process without gaining root access (less of an issue with SSH though because that's quite a good service to keep open if you've already broken into a system - but it's worth baring in mind for those who like to run HTTP, SMTP or FTP services on non-standard ports).

So regardless of whether you use a non-standard port or not, you'd still need to lock your port down with either keys and disabled password logins; or with rate limiting like with fail2ban. So you actually gain nothing by changing in the port number.

As true as that is, just saying the people who are just running through a list of IPs won't get through. A directed attack would always break through that like you've said. For instance, my work previewed a firewall and during that time, in an average hour, the firewall received over 10K ssh attempts on port 22 from china to a ranging number of the IPs owned by my company (a /16 subnet, so 65536 addresses), including IP spaces we're not even using. Again, just a down the list attack from a script. So yeah, if someone wants in, moving the port does nothing, but it stops the generic user just tossing a giant net hoping to find an open server.
post #18 of 34
Quote:
Originally Posted by herkalurk View Post

As true as that is, just saying the people who are just running through a list of IPs won't get through. A directed attack would always break through that like you've said. For instance, my work previewed a firewall and during that time, in an average hour, the firewall received over 10K ssh attempts on port 22 from china to a ranging number of the IPs owned by my company (a /16 subnet, so 65536 addresses), including IP spaces we're not even using. Again, just a down the list attack from a script. So yeah, if someone wants in, moving the port does nothing, but it stops the generic user just tossing a giant net hoping to find an open server.
I'm aware about the number of ssh attacks that happen like that - i secure and manage Linux and Solaris infrastructures for a living smile.gif

However you're still missing my point. Changing the port number doesn't change the fact that you'd still need rate limiting or other preventive measures in place. So changing ports literally has no impact on security - it's a completely wasted exercise.

Plus if your box is really that high profile that you receive over 10K hits an hour (I sense that's a huge overstatement because I average at around 5 per day per box on my personal systems and they would have the same degree of hits if we're talking purely about blind IP sweeping - such as you are) then you really should be either IP white listing on your firewall or putting your SSH behind VPN. There's no excuse to have that many successful connections on SSH (read: TCP/IP handshakes, not successful logins) from unauthorized sources.
Edited by Plan9 - 5/14/13 at 3:49pm
post #19 of 34
Quote:
Originally Posted by Plan9 View Post

What's more, system daemons should be kept on ports below 1024 as only root can open those ranges. This means that someone cannot replace your daemon with their own fake process without gaining root access

Never thought of it like that, I always changed my SSHd to 55xxx/TCP (just to thwart the script kiddies doing root@ip:22) but your comment is a very good one against doing it +REP

@OP as far as security these are the first things I do when I get a VPS spun up

1: Create myself a new account in the sudoers group
2: Disable root login
3: Disable password login for SSH (private key only)
4: Change the SSH port if you want and restrict which IP's can get in
5: Enable iptables and close all ports but the ones I need
6: Disable any services I don't need and configure separate accounts for the ones I do
7: Delete any accounts the VPS provider has setup on the server
8: Update everything and schedule a cronjob for future updating

You can install Fail2Ban, but I don't as in my case, SSH access is restricted to a few IP's rendering it pointless

PS: I'm tired so I probably forgot something off the list, I actually have a checklist I've put together with a lot more stuff on it that I might be able to post up here.

PPS: There's a lot more you can do (and probably need to), but these are the basic essentials
Edited by dushan24 - 5/15/13 at 5:46am
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
post #20 of 34
Quote:
Originally Posted by dushan24 View Post

You can install Fail2Ban, but I don't as in my case, SSH access is restricted to a few IP's rendering it pointless
To be fair, disabling password authentication like you suggest also mitigates the need for SSH rate limiting as well. But the nice thing about fail2ban is that you can use it for Apache, SMTP and all sorts. It's not just limited to SSH.

That a good list you've posted though. I probably wouldn't have suggested the last two points but there's no harm in them either. (it's a case that theres as many reasons for as there are against). But a nice check list all the same smile.gif
Edited by Plan9 - 5/15/13 at 6:30am
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › centos VPS monitoring software