Help on Administering a Linux Server

Keyser Soze

Greetz,
I have a Debian 3r1 Server used mostly as a file server. Since I got in broadband I have allowed my mates to SSH into the server and download files to it.

Its a headless server so I use WebMin and SSH to work on it myself but what I'm looking for is the some advice or links to administering and monitoring the server and the users on it.

Probably some basic Unix admin advice would be best, such as tools such as top, last, who etc.

Thanks in advance

phil

Look at some of the excellent resource viewers that come with most Linux distributions such as top, last, who etc.

Phil.

ssh

if you are particularly security minded, you should consider installing a tripwire database.

It checks the specified parts of the filesystem for changes every night, so you can see if there has been any messing about. It isn't infallable, but it's a darn sight better than not doing anything.

There are a bunch of httpd log analysers, which would also be useful in your case... analog seems to be pretty okay.

Bar that, the tools you mentioned, the "w" command, netstat and lsof are good core utils.

Gerry

You could install a firewall, and only allow people to ssh in from their irish isps, or even better, if they have a static ip. Would just cut down a bit on random login attempts, which aren't a major problem unless you have a vulnerable sshd ( which you shouldn't on debian ) or extremely crap passwords. Perhaps more importantly, make some effort to use strong passwords on the server. ( google for info on what makes a strong password ).
Since you are running debian, make sure you run apt-get upgrade regularly, this upgrades your installed packages to the latest stable versions. Maybe setup a cron job to run it every day or 2.
Other stuff.. well you could run ntop or netsaint or something to monitor who is doing what with your bandwidth.

Keyser Soze

Thanks for the replies and info,
I have a an IPCop firewall running inside my modem/router (which has NAT too). I try to keep the user passwords at least 8 letters long and include a number or too.
But I'll take your advice and limit access to Irish ISPs IP Ranges.
But what damage could a user or an unauthorised user do if with an ordinary login. I've heard about root kits and such but is that possible if they don't have root/su access??

Gerry

They can exploit a service on your machine which is running with root privileges, and get themselves a root shell. Even if you keep your machine well patched up, exploits are found for common programs on a daily basis.

conor-mr2

You have also got to take into account the situation where one of your users may do something nasty to something somewhere else on the net. Its possible that it gets traced back to your computers ip address. Be useful to keep logs on your server or archived on a regular basis for a certain time.