[Resolved] Being Overly Ambitious?
My Linux skills are limited to some basic CLI usage and some desktop distros, so I'm not at all confident with Linux and I use windows at home. I do have a reasonably good understanding of networks, I'm about to sit my CCNA exam and I need another project to eat up my free time once I've got that out the way, I am reasonably at home with a CLI so the lack of GUI wont be an issue, but my linux knowledge is close to null.
My plan is to setup a LAMP server, hosting a small personal website, OpenVPN, SSHd, maybe play about a bit with Python and to do my best to lock down and secure the server.
My main concern is security, I have no experience with securing Linux and while it looks simple enough to setup the linode initially and disable any unused services I'm concerned I wont be able to spend enough time monitoring and securing the server as I'm currently working full time in an (unfortunately) non-IT role. How much time would I realistically need to invest in keeping my linode up to date and secure?
I know the FAQs say linode is an excellent learning environment, but realistically would I be better off putting together a basic linux box to get myself up to speed then look into getting a linode?
The linode library looks great so I'm hoping that will get me started, but I'm just a little worried about what happens once I get through the initial setup, has anybody else here got into Linux through linode or did most of you come to linode with a good understanding of Linux?
Thanks
David
10 Replies
Do your best, see what happens. Worse case your site gets hacked and you can start over. From your description, it's not like you're going to host company secrets or a eCommerce site.
On the other hand, if you don't need a online public presence, it's way easier to just load up VirtualBox, and learn locally on a VM.
You will find the Linux CLI to be very powerful (especially with the programs that come by default) and has a lot more uses than you'd think possible (robotics, remote control, communications). As for security, Linux by default closes all ports that programs do not request (unlike certain flavours of Windows), and the iptables firewall is integrated into the kernel (not difficult to learn to use).
Having a Linux box would definitely help you learn the operating system (and expose you to a lot of the common programs and design paradigms), but having a top of the industry-class Xen VPS (do not be deceived by OpenVZ and the like) that sits on a globally-peered line is better if you want to do networking.
Have a lot of fun!
You will have to occassionally update it and maybe tinker around with a few things, but it's not vastly time consuming.
One nice feature of using a Linode - or other VPS system - is that it's very quick and easy to re-install a different OS. So if you find that you've accidentally borked your set-up, it's only a matter of a minute or two to reinstall it again.
Try a VPS and see how you get on - you can find cheaper VPS hosts than Linode, but the speed and stability of Linode are the reason I stick with them
My girlfriend's going away for a weekend in a weeks time so I'll have a weekend to myself so that seems like a good time to take the plunge and get into things!
Even if linode aren't the cheapest they seem to have a lot of praise and excellent documentation, a good service is more than about just cost so I'm happy to go with them
Regarding securing my linode, I'm not worried about them accessing my data or defacing a page, I just don't want to be responsible for yet another insecure box on the internet to be used as a launching ground for any sort of attack, that and I don't fancy footing the bandwidth bill for somebody's seedbox, FTP or (D)DoS attack.
@vonskippy:
If it's just a play project - does it really matter how secure it is?
Well… unless it figuratively blows up sending figurative shrapnels all over the literal but virtualized network neighborhood.
@Azathoth:
@vonskippy:If it's just a play project - does it really matter how secure it is?
Well… unless it figuratively blows up sending figurative shrapnels all over the literal but virtualized network neighborhood.
:mrgreen: I'm hoping that doesn't happen!
Disabled root logins, SSH running on a high up port to try and stop any automated attack, Fail2Ban setup, Apache running under its own user and not much else running on it so far.
Speaking of "virtualized network neighborhood" when I do netstat I see 4 foreign addresses that I don't recognise , are these likely to be my virtual neighbours?
@TIA568B:
Speaking of "virtualized network neighborhood" when I do netstat I see 4 foreign addresses that I don't recognise , are these likely to be my virtual neighbours?
Nope. Those are remote machines connected to yours for whatever reason. You can see the port they're connected to, or use flags -npl –inet to check wht is listening on your machine.
@Azathoth:
@TIA568B:Speaking of "virtualized network neighborhood" when I do netstat I see 4 foreign addresses that I don't recognise , are these likely to be my virtual neighbours?
Nope. Those are remote machines connected to yours for whatever reason. You can see the port they're connected to, or use flags -npl –inet to check wht is listening on your machine. I was being a newb
:oops: , I looked at them again and realised they all seem to be time servers, I was just a bit confused at first as one of them is a Tor exit node and two are also http servers.