holdika
10-16-2003, 12:32 PM
Hi
I am getting a dedicated server for hosting my sites. I will have help configuring the server for the start, but after that I would like to do this myself. I have downloaded a lot of help during the past few days but I do have some questions from those who knows a lot about dedicated servers.
-How often Kernel and Firewall needs to be updated?
-When do I know a hacker hacked into my server?
-What are the basics on the server has to be checked often?
-I will use RedHat Linux 9, Plesk6
I would appreciate any help you can give
Thanks
wKkaY
10-16-2003, 12:59 PM
How often Kernel and Firewall needs to be updated?
as often as needed , to respond to emerging threats .
When do I know a hacker hacked into my server?
you could install an Intrusion Detection System which may alert you in advance . hacker-ish activities may also leave suspicious entries in the logs .
What are the basics on the server has to be checked often?
logs , hardware resources (cpu utilization , memory utilization , disk space , etc)
holdika
10-16-2003, 09:23 PM
Thanks for the advise, it's great to know that I have to update Firewall often.
Do I have to check APF websites for updates or it will pop and says updateds available like norton :)
I have downloaded a lot of DOCs from RedHat 9 site, since I am a new user with Linux, but I think in a month could learn some about it :)
2uantuM
10-16-2003, 09:56 PM
no it probably won't do that. and secondly. why are you running X on a server?
holdika
10-16-2003, 10:54 PM
X??
Could you be more specific? :stickout:
Thanks
sprintserve
10-17-2003, 07:07 AM
You don't really have to update firewall. His comment on updates is more towards kernel. You need to patch it every time a new exploit is found.
sometimes you may never know that a hacker is in... of course it will help to have things like chkrootkit, tripwire, logwatch, and other IDS installed. But those are not 100% guaranteed.
But usually something will tell you something is amiss for example:
- large unexplained data transfers
- your servers responding slow or has high loads
- suspicious processes running
- large number of failed ssh logins in the log from unknown ips
Obviously the better the hacker, the less sign they are going to leave you.
holdika
10-17-2003, 12:16 PM
Thanks for your reply. This certainly helps me what to watch out for.
For now I just learn the use of the server before I ready to run any website.
If I need help I will just come back to WHT and ask for advise again :)
Thank you
