Or use fail2ban, works well. And set the bantime to 0. On Sat, Nov 15, 2008 at 7:13 AM, Joseph Laws <[EMAIL PROTECTED]> wrote:
> Easiest thing to do is create a regular user with a difficult > username/password to hack and make it be the only SSH allowed user. > That way someone would need that account...then also they would need the > root password to SU to root. To go even further, put SSH on a > non-default port (something high in the ip range) and you will get about > 0 SSH scan/hack attempts. > > Crazy Canucks wrote: > > Well, I login as root via ssh. I don't have a keyboard or mouse > > connected to my server box, and the server is located in my house. I'm > > basically the only person that has physical access or even ssh access, > > as the ssh is only accessible on my lan. > > > > I'm afraid I got into the bad habit of logging in as root when I didn't > > know anything about Linux and haven't moved away from that. If I was in > > a public or corporate environment I certainly wouldn't operate this way, > > but basically, if anyone is in a position to gain root access to my > > server, my house has been broken into and the whole issue becomes moot. > > > > It's just my sister and I in the house, and there are no trust issues > > with my sister. And the cats haven't learnt how to use a computer yet - > > although one of them is working on it... ;) > > > > Drek > > > > Joseph Laws wrote: > > > >> Same with me. > >> > >> Root console = keyboard/mouse in front of system (or KVM/IP). > >> > >> Using root within SSH I'd consider su root...nobody allows root login > >> via SSH and typically people force a su to root, sudo or something else > >> to get root privileges. > >> > >> My setup is symlinked for all files except those which clients need the > >> ability to write/update to. So I would give them write access to quite > >> a few folders but not allow overwrite on anything linked. The symlink > >> ownership really doesn't seem to matter but the launch scripts are > >> chowned to root.root w/ 755 chmod so the user can execute the script in > >> their environment. We typically have a start/stop script..the start > >> script simply sets the SCREEN variables and launches the actual server > >> script. If I ever want to debug the console I will launch the server > >> script as user...I don't mess around with intercepting and closing > >> screens. Anything that is going to happen is going to happen live on a > >> re-execute. > >> > >> J T wrote: > >> > >> > >>> Depends on what terminology you're using. The root console usually > means > >>> that you're logged in as root on the console "keyboard and mouse". If > you're > >>> on the console, you haven't logged in and have to login as root with > your > >>> login and password. > >>> > >>> On Fri, Nov 14, 2008 at 2:21 PM, Crazy Canucks < > [EMAIL PROTECTED]>wrote: > >>> > >>> > >>> > >>> > >>>> Just out of curiosity, if you have access to the root console, is that > >>>> the same thing as having root access? > >>>> > >>>> Drek > >>>> > >>>> J T wrote: > >>>> > >>>> > >>>> > >>>>> There is a reason why the tty is owned by the user and with specific > >>>>> permissions. Changing this is basically allowing any user on the > system > >>>>> access to the screen. > >>>>> > >>>>> If you do make these changes, there will be security implications. > >>>>> > >>>>> On Fri, Nov 14, 2008 at 1:33 PM, Crazy Canucks < > [EMAIL PROTECTED] > >>>>> wrote: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>> I figured out what my problem was. I needed to "screen -r xxx" as > the > >>>>>> user I started the screen as. Anyway, I wrote a simple script that > >>>>>> chmods /dev/pts/0 to 666 then su's the "screen -r" command. Works > >>>>>> perfectly. > >>>>>> > >>>>>> Had nothing to do with su, as usual with my problems with Linux, it > was > >>>>>> permissions and ignorance.... :) > >>>>>> > >>>>>> Drek > >>>>>> > >>>>>> Anthal wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Why not just create a user, like l4d, and run the process from that > >>>>>>> account. Whenever you need to re-attach, just su to l4d, and > 'screen -r > >>>>>>> $game' (whatever $game may be) > >>>>>>> > >>>>>>> Crazy Canucks wrote: > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>> I use su to run screen to run my servers under a different user, > and I > >>>>>>>> nice the process. It works well, but when I do this I am unable > to > >>>>>>>> reattach to the console. Does anyone have any suggestions on how > I > >>>>>>>> could get around this problem? > >>>>>>>> > >>>>>>>> These are the relevant lines from my startup script: > >>>>>>>> > >>>>>>>> server_command="screen -A -m -d -S $game ./$game"_run" -tos -game > $mod > >>>>>>>> +map `cat ./$mod/starting_map` +maxplayers $server_size -heapsize > >>>>>>>> $heap_size +ip 192.168.0.101 -pidfile $game.pid > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> -debug$extra_config_options" > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> nice -n -20 su -c "$server_command" cc-server > >>>>>>>> > >>>>>>>> It may look a bit complicated, but I think the variable names make > it > >>>>>>>> pretty clear what is going on. > >>>>>>>> > >>>>>>>> Drek > >>>>>>>> > >>>>>>>> P.S.: I'm a Linux nub, so go easy on me... ;) > >>>>>>>> > >>>>>>>> Ronny Schedel wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>>> Hi, i am now using screen to start my server as daemon. > >>>>>>>>>> But i know that professional hosters uses diferent ways. > >>>>>>>>>> > >>>>>>>>>> i have reasons to think that screen is freezing my servers. > >>>>>>>>>> > >>>>>>>>>> so... How do you start your server? > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>> With screen. No, screen does not freeze your servers, plugins do. > >>>>>>>>> > >>>>>>>>> _______________________________________________ > >>>>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>> archives, > >>>> > >>>> > >>>> > >>>>>> please visit: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> _______________________________________________ > >>>>>>>> To unsubscribe, edit your list preferences, or view the list > archives, > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> please visit: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> To unsubscribe, edit your list preferences, or view the list > archives, > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> please visit: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> _______________________________________________ > >>>>>> To unsubscribe, edit your list preferences, or view the list > archives, > >>>>>> please visit: > >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>>> > >>>>> > >>>> _______________________________________________ > >>>> To unsubscribe, edit your list preferences, or view the list archives, > >>>> please visit: > >>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>> > >>>> > >>>> > >>>> > >>> > >>> > >>> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> > >> > >> > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > -- --------- [EMAIL PROTECTED] _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
