HOWTO Needed: Watch server from hacker intrusion and software malfunction

isputra

Well-Known Member
May 3, 2003
574
0
166
Mbelitar
Hi,

I have some server using cPanel and RH 9. Some server using co-location service and some other dedicated server.

When i buy server, i always use "Server Security Checklist - Secure your box now!!" posted by GetWired on this forum (http://forums.cpanel.net/showthread.php?t=14443&highlight=Server+Security+Checklist)

For daily server check, i do the basic like logon using SSH and tail exim_mainlog, message, secure also pico the .bash_history.

Also i always read on server status email from server like Chkrootkit Result, newmailcgi, LogWatch, Alert: Root Access, Service Monitor, ans SIM Status Warning.

Some guys here maybe have suggestion, why not hire sysadmin to manage server ?
Yes, about 3 months ago i hired someone and he did not do the job well enough. When i decided not hire him anymore, i can't logon to my server anymore and when i ask him about the password he told me that password still the same.

Shortly, i have bad experinece if i must hire someone else.

So please someone here give me the HOWTO to manage server more save from hacker and software malfunction, like what i must do daily to watch the server etc...

Maybe howto about what the sysadmin do daily to watch the server will be appreciated. A lot of cpanel users here will be appreciated too .. i tihink
:D
 

Doctor

Well-Known Member
Apr 26, 2003
180
0
166
isputra said:
Hi,

I have some server using cPanel and RH 9. Some server using co-location service and some other dedicated server.

When i buy server, i always use "Server Security Checklist - Secure your box now!!" posted by GetWired on this forum (http://forums.cpanel.net/showthread.php?t=14443&highlight=Server+Security+Checklist)

For daily server check, i do the basic like logon using SSH and tail exim_mainlog, message, secure also pico the .bash_history.

Also i always read on server status email from server like Chkrootkit Result, newmailcgi, LogWatch, Alert: Root Access, Service Monitor, ans SIM Status Warning.

Some guys here maybe have suggestion, why not hire sysadmin to manage server ?
Yes, about 3 months ago i hired someone and he did not do the job well enough. When i decided not hire him anymore, i can't logon to my server anymore and when i ask him about the password he told me that password still the same.

Shortly, i have bad experinece if i must hire someone else.

So please someone here give me the HOWTO to manage server more save from hacker and software malfunction, like what i must do daily to watch the server etc...

Maybe howto about what the sysadmin do daily to watch the server will be appreciated. A lot of cpanel users here will be appreciated too .. i tihink
:D
Here's my advice:

1. Change your server password before sacking the admin (this is common sense).
2. Stay away from one-man-show admins (no pun intended).
3. Read more books on Server Admin.
 

isputra

Well-Known Member
May 3, 2003
574
0
166
Mbelitar
Doctor said:
Here's my advice:

1. Change your server password before sacking the admin (this is common sense).
2. Stay away from one-man-show admins (no pun intended).
3. Read more books on Server Admin.
Advice # 1 already done after reinstall all over again by DC tech support.
Advice # 2, like DG i don't know waht you mean
Advice # 3, yes i read a lot of book about linux. My fav book is "Linux - The Advanced Reference by Walnut Creek"

Maybe some admin here can give me some tips step by step on how to watch the server daily using cPanel :)
 

Doctor

Well-Known Member
Apr 26, 2003
180
0
166
One-man-show admin = freelancer earning a few quick bucks. No-go. Look for companies offering such services. At least you know where to throw eggs when they suck! :D
 

verdon

Well-Known Member
Nov 1, 2003
922
14
168
Northern Ontario, Canada
cPanel Access Level
Root Administrator
Doctor said:
One-man-show admin = freelancer earning a few quick bucks. No-go. Look for companies offering such services. At least you know where to throw eggs when they suck! :D
I know what you're trying to say, but companies can be all smoke and mirrors too. Due diligence is part of any hiring/tendering process whether you're dealing with a 'company' or an individual free-lancer. Be sute to do your homework and check references first ;)
 

dgbaker

Well-Known Member
PartnerNOC
Sep 20, 2002
2,531
9
343
Toronto, Ontario Canada
cPanel Access Level
DataCenter Provider
Very true, how many "big" companies are only a couple of guys out to make a quick buck? Hey come to think of it isn't that what business is all about? Making money?

I though will always look to the individual hire as opposed to using a company especially for server admin. I much prefer to train one, then trust some else to train people I do not know. Nothing beats a good resume and references.
 

verdon

Well-Known Member
Nov 1, 2003
922
14
168
Northern Ontario, Canada
cPanel Access Level
Root Administrator
dgbaker said:
I though will always look to the individual hire as opposed to using a company especially for server admin.
I've also found that the best sys admins I know often don't fit well in the company mold. They (good sys admins) are often too blunt and honest for what companies like to hear. I have more than one sys admin friend who have been fired by bigger companies for essentially being honest and un-politic in thier delivery of truth.
 

lostinspace

Well-Known Member
Jul 19, 2003
122
1
168
Colorado Springs, CO
verdon said:
I know what you're trying to say, but companies can be all smoke and mirrors too. Due diligence is part of any hiring/tendering process whether you're dealing with a 'company' or an individual free-lancer. Be sute to do your homework and check references first ;)
Pay no attention to the man behind the curtain!
 

jeffheld

Active Member
Jan 7, 2004
26
0
156
financial capital
change your password to:
login123
that will keep hackers away for the afternoon.
 

Doctor

Well-Known Member
Apr 26, 2003
180
0
166
jeffheld said:
change your password to:
login123
that will keep hackers away for the afternoon.
How about not booting the server at all? Now I'd say that is the PERMANENT solution... at least for idiots! ;)