Best advice ever given. There is absolutely no reason to run any software under a root/Administrator account. In both Linux and Windows, security policies are *very* customisable. It's not too hard to create a gameadmin account, with network binding access policies. The only thing you should ever need root/Admin for is local installation, and even then that can always be worked around.
On 3/03/2010 8:01 AM, Mike Stiehm wrote: > I don't want to give the impression i'm trying to flame anyone or anything I > just don't want to leave people with TCAdmin thinking they are SOL because > they are not. > > Anyone that leaves anything at default settings is not security aware and is > going to be at risk no matter what you run. If you run a GSP it's your job > to be aware and security conscious. > > However people have to know they the only option is not linux with custom > software. We don't want everything thinking they need to run out and hire a > programmer to reinvent the wheel. We run windows with TCadmin and have never > once had an issue (2+ years) I would say stick with what you know and make > sure you know everything you can about security. You're always going to have > the linux guys po poing windows and visa-versa with the windows guys. > > None of the listed exploits would have worked on our servers not because we > run windows or because we run tcadmin. It's because we what treats are out > and about and we know how to secure ourselves agents them. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Steven Crothers > Sent: Tuesday, March 02, 2010 4:45 PM > To: 'Half-Life dedicated Win32 server mailing list' > Subject: Re: [hlds] Eventscripts - Creating Windows Account > > Well this can easily turn into a "Flame TCAdmin" thread, but I'll simply > leave it with this: > TCAdmin is NOT a secure panel, people who are reading this that are running > TCAdmin - if you haven't gone above and beyond with your setup, you ARE at > risk everyday to losing 100% of your machines. Let's not forget that that > many GSPs run games on their master server, which means their entire > database is at risk. > > Gameserver security can only truly be obtained with a proper custom control > panel, nothing off the shelf provides any type of security, and this thread > is a great example of that. > > When was the last time a server at Gameservers.com was hacked? I can't > recall once when it ever happened. Gameserver hosting should be done on > Linux with SELinux + GRSEC. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Mike Stiehm > Sent: Tuesday, March 02, 2010 5:28 PM > To: 'Half-Life dedicated Win32 server mailing list' > Subject: Re: [hlds] Eventscripts - Creating Windows Account > > This is true for the default setting. However TCAdmin can be set to use a > specific user for all game servers created from that point on and you can go > back in the windows services control panel and change the user that the > service executes under. It's really easy and didn't take me much more than > 20 min for 20 servers and I have no issues (well over a year running like > this) > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Lane Eckley > Sent: Tuesday, March 02, 2010 4:11 PM > To: 'Half-Life dedicated Win32 server mailing list' > Subject: Re: [hlds] Eventscripts - Creating Windows Account > > That is a simple solution to the problem. > > However if you are a GSP or otherwise using TCAdmin like many do, there are > some side issues that go along with setting a game server to use a limited > access. (Important note on TCAdmin: TCAdmin runs as system and so do all the > services it powers - FYI in case you are unaware.) > > This was mainly a warning going out before anyone got completely hacked and > lost access to their machines. > > -Lane > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Saul Rennison > Sent: Tuesday, March 02, 2010 5:03 PM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] Eventscripts - Creating Windows Account > > If you run the server as a limited user, then it can't touch the registry or > create other users... simple :/ > > Thanks, > - Saul. > > > On 2 March 2010 20:51, ics<[email protected]> wrote: > > >> What do you mean by upload mods? If _anyone_ can upload files to the >> server without having access to the machine itself, then there is >> nothing mod makers can do if someone can overwrite the files that their >> mods have. >> >> -ics >> >> 2.3.2010 22:44, Steven Crothers kirjoitti: >> >>> The answer isn't to stop people from being able to upload mods... the >>> >> answer >> >>> is for mod makers to make their mods secure. >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of w4rezz >>> Sent: Tuesday, March 02, 2010 3:14 PM >>> To: Half-Life dedicated Win32 server mailing list >>> Subject: Re: [hlds] Eventscripts - Creating Windows Account >>> >>> Nothing new, Everybody can upload files to your server, becouse Valve >>> dont wanna to use whitelist system, to allow only specific file >>> extensions to be downloaded to only specific game directories. >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> >> please visit: >> >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > __________ Information from ESET Smart Security, version of virus signature > database 4910 (20100302) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > > __________ Information from ESET Smart Security, version of virus signature > database 4910 (20100302) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
