Darren Mansell wrote:
Hi all.
Ive been running various LAN servers on HL for a while but Ive just been
able to get the server accessable through the NAT on the router and I have
some questions.
1. my server is insecure - how do I make it secure and what does this
actually do?
Security is as much or as little as you want to make of it - ultimately
the effort you put in must be relevant to the value of the system you
are securing (unless you just want to go learn for the sake of it).
Security simply prevents people doing or accesssing things that you
don't want them too, whilst allowing legitimte users to get on with
whatever.
The fact that you are NAT'd is a good thing for security - it means that
you have to do port forwarding from your router to your linux box before
people can access your server. As long as you don't place your box in a
DMZ then you benefit as the NAT acts like a basic firewall.
As for "actual" security rather than incidental security; Go read up on
iptables from the netfilter [ http://www.netfilter.org/documentation/ ]
site - thats your primary linux firewall kit, also tools like snort [
http://www.snort.org/ ]( a network intrusion detection system) can be
used. Finally there is a useful tool called Tripwire that can be setup
to check file integrity on your linux box. All the above are comlex
tools that will be need to be understood to be used properly - dont
expect to get them up in a day. Those three alone will give you fairly
good security. Also DONT run half life as root - thats a common mistake
that people make.
Finally a general list of security tools can be found at:
http://www.nmap.org/tools.html - check them out and see if any fit
things you need to secure then use them.
2. my linux box is only running the one service - HL server so that's
pretty secure and I have no X etc, just a kernel, shell and networking
support. I am running 3.1.1.1 (on a celeron400!!) is there any security risk
from this version?
Yes there is a bug in 3.1.1.1. that allows the potential for your system
to be used to denail of service other machines. Update to 3.1.1.1d to
fix this issue - further details here:
http://www.pivx.com/luigi/adv/hl-adv.txt
3. how do I stop cheating to about the best level possible these days?
I don't really want to use CD but is there any other good way?
Cheating Death is a good alternative if VAC isn't applicable i.e. for
running Natural Selection servers.
Also there is HLGuard from United Admins - it comes with a heavy CPU
overhead but actively detects cheaters - CD just blocks cheats and
doesnt detect. On a celeron 400 I would use as few (read none!!!)
plugins as possible - its going to be running slow enough anyway that
using these plugins will just make it unplayable.
4. is there anything else I should know about admin'ing a good HL
server?
Get plenty of admins and make sure they are honest - get a good set of
rules displayed on the consgreet page as people join your server.
Cheers all -sorry if these seem simple Q's
Daz
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
