This Nerd Heard…

The servers are all set up.  I even tested myself to make sure my outgoing mailserver is not susceptible to spam relaying attacks (http://www.abuse.net/relay.html).  It’s good to know that I won’t be making the world’s spam problem even worse.

 I’m in the process now of probing my ports (www.grc.com).  I’ve only had to open a few ports up, thankfully.  I still need to add a cronjob that checks for package updates on a daily basis though.  I can’t believe the security vulernerability that Microsoft released an update for today.  They had a flaw in XP Service Pack 2 (and probably every other OS they make) that allowed a remote attacker to gain control over the box using DHCP!  That means that if I wanted to, I could set up a rogue DHCP server at work tomorrow and potentially exploit this flaw if I wanted to.  This is obviously a huge problem.  I’d rather not have any of my home computers hacked, so I need to be careful.

 Anyway, big thanks to srippee for providing me with some of his server setup experience.

 Edit- Oh and I looked through my access_log and within hours of getting my http site up, I was already getting hit by robots! It’s amazing.  Those automated robots have too much time on their hands.

Well, I think I have all my servers set up.  I just haven’t tried A) a pops or imaps connection or B) an authorized smtp connection.  I’ve locked down smtp really tight so that I don’t have to worry about ending up on the RBL.  Wouldn’t want to lose my brand new domain name’s ability to send email in just a few days.  That would be a travesty.

 Oh and as for the whole house fan, well it wasn’t exactly a smashing success last night either.  Of course, after looking at a minute by minute graph of the temperature last night, I can see why.  It didn’t really cool off much until well after 2am.  Though I did see some literature on the company’s website that indicates it ought to cool off a house almost twice as large as mine in as little as 15 minutes.  We’ll see about that.

So I’ve been working on getting Apache all set up on here and also getting a mailserver going.  It’s just not a fun task.  After spending hours trying to figure out why my virtual servers weren’t working in Apache, I found out that it was the “SELinux” garbage that I installed that was causing me problems.  It completely changes all the permissions rules for Apache so that only files owned by ‘root’ can be read.  Now why would I want root to own everything?  I suppose you could argue that it keeps an arbitrary user from being able to run content that might cause your box problems.  But if I setup the box properly, then only certain people can access my virtual web servers anyway.  I can also setup Apache to run pages as the specified user and control how much CPU time, memory and other resources they get.  So why would I want everything owned by root? I thought the best way to secure a box is to do as little as the root user as possible?

The mailserver setup is tedious also.  I haven’t finished that yet.  I think I can receive incoming mail on it now, but I haven’t even tried.  I suppose today I just don’t have the patience for it.  I think that is why Microsoft products are popular with some.  They don’t have the patience to take care of all the tiny details that one might have to worry about in Linux.  Maybe I’ll finish that up tonight, but most likely I will not even bother.