Thread: Debian/Ubuntu Dedicated Server Setup

WOW, this is something i was looking all over the net, and i can't believe i found it here. Awesome work, i'm getting dedicated server soon, and i was thinking about ubuntu distro, and now when i saw your work, i'm one step near it.

Hey guys. Awesome guide. I have the webui and rtorent running in VNC but I cannot add any torrents for some reason and I am getting these errors in the logger:

http://lookpic.com/i/917/0Hztdot.png

I think my .rtorrent.rc file is messed up: when i initially try to run rtorrent it kept giving errors such as:

Error in option file: ~/.rtorrent.rc:6: Variable "max_downloads_global" does not exist.

So i would have to go in and comment out those variables - there were about 5 in total.

Here is my rtorrent.rc info:
http://pastebin.com/m6e6b66c3

Also, a few things went wrong while installing libtorrent and rtorrent I got stuck with these versions:
*** rTorrent 0.6.4 - libTorrent 0.10.4 ***
Is this a problem? For some reason libTorrent wouldnt make install correctly - perhaps because I had an older version?

Yes u are right and your problem is a rtorrent.rc file. Un-comment this line so rtorrent can talk with rutorrent: #scgi_port = localhost:5000. Also u can take out all of the Global Part if u want. Thats not needed. What other errors were u getting? Cause when u copy and paste the example rtorrent.rc file into nano u need to change some lines around cause it doesnt paste it correctly. For some reason it adds extra lines instead of keeping the line all in 1.

Once u do that, im not sure if u did this already, but if u didnt make sure u give read & write access to your directories rtorrent uses. So do this in terminal - chmod 777 /home/yourusername/ -R

A question > did u get that rtorrent version from the repo with the apt-get command? That is a really old version of rtorrent and i believe is available in all distro's. If u did, u need to compile rtorrent with xmlrpc-c for rutorrent to work. I know the error u were getting while trying to compile new version of rtorrent. If u want to try again i can walk u through it with a workaround so u get the updated rtorrent version cause rutorrent wont work without xmlrpc-c.

Or u could just run this command when compiling libtorrent & rtorrent before running the ./autogen.sh command: rm -f scripts/{libtool,lt*}.m4

Make sure u do that with both rtorrent & libtorrent then run the autogen, configure, make, etc.. commands. That should work for u for the new versions of rtorrent.

It looks like someone might have hacked my account. Root password and user1 password has changed. do the files above have any sensitive information in there? this is not cool!

Originally Posted by smok3dodi

It looks like someone might have hacked my account. Root password and user1 password has changed. do the files above have any sensitive information in there? this is not cool!

No, there's no sensitive info in those files. If this is the case and u been hacked the only thing i can tell u is to re-install and start all over. Or make sure your typing everything correctly and try again. Im sorry in advance, but dont worry this actually happens all the time.

TUTORIAL # 4 - SECURING SERVER (PART 1)

NOTE : This Tutorial is for all users, no matter what u chose to install on your Server > Headless with rTorrent, GUI with rTorrent and uTorrent or if u used all Tutorials from this thread. So if u want u can go ahead and do this without any issues.

This Part will be based on Securing your Server. Im not getting into IPtables or any Firewall cause that could really confuse new users. This is just the basic level security every user should do and i recommend everyone, who owns a Server, do it.




PART 16 : Securing SSH

INFO: Securing SSH is vital. The reason why is there are BOTS out there, who's only objective, is to scan servers looking for security flaws & weak passwords on Port 22. Once they find one they then take it over and your data, etc.. is gone & your server will need to be re-installed. These BOTS are setup to automatically scan and continue to scan thousands of servers a day. They use the user name ROOT and look for PORT 22 (SSH).

--First, login through Putty as root user. Now lets open the SSH config file and make some changes.

# nano /etc/ssh/sshd_config

--Make the following changes and change the fields to what i have. However, u can use any uncommon PORT# between 30000-64000. U may have to add some of these lines as they might not be available in the config file. Also, if u see one of the lines commented out with a #, then delete this # to uncomment. Then save and exit when finished:

Port 45722
Protocol 2
LoginGraceTime 30
PermitRootLogin no
StrictModes yes
AllowUsers UserName
PermitEmptyPasswords no

NOTE : U could also use Key authentication to secure it even further. There's no need to unless your really paranoid.These options are good enough to stop a hacker or BOT as long as u keep a strong Password and everyting else is good on default.


--Now restart SSH:

# /etc/init.d/ssh restart

NOTE : Remember, next time u login through SSH, with Putty, u need to use Normal User and on new configured Port#.





PART 17 : Tunneling VNC

**This step is for the users who are using VNC, only. If u are not using VNC, u can skip this part. and move to the next**

INFO : Everyone knows how in-secure VNC is. Well, if u didnt now u do. Hackers continually look for weak VNC passwords to try and inflitrate your server. U can easily tell if someone is running VNC on a server by the default Port's it uses and usually users dont change these Ports. So the best way to lock it down is to Tunnel VNC with SSH.

NOTE : If u are running a torrent client, seeding torrents then i suggest stopping them and exiting your torrent client. This will terminate VNC, which will in return kill torrent client without sending info to the trackers.

--First we need to be normal user cause u NEVER want to run anything as root. Then we need to kill our VNC thats running on PORT 5901. I showed u how to do this in Tutorial #1, but if u forgot:

# exit

--Now lets kill VNC:

$ vncserver -kill :1

--Now lets start VNC with local host. This will only allow connections from your computer, which is good for security and your mind.

$ vncserver -localhost :1
New X is Starting on, etc.....

--Now since VNC is started we need to use Putty to create the Tunnel. So exit out of Putty and close your server session. Here comes the hard part > Open up Putty, but dont connect to your server. Just leave it on the first screen, where u need to put in your Server's IP. Now do this :

STEP 1 : Enter your Server IP & new Port# in the fields, but dont connect.
STEP 2 : Next, on the left side of the Putty window u will see the Putty Options. Go to this > Connections > SSH > Tunnels
STEP 3 : Once under Tunnel options u will see the fields > "Source Port", "Destinations". Now u need to fill these fields in.
STEP 4 : For "Source Port" - 5900 and "Destinations" - localhost:5901. Then click ADD. If u started VNC on Display 2 or 3 then u would put localhost:5902 and so on.
STEP 5 : Now we need to go back to the left Putty options and back to the "Sessions" option. Its the option where Putty starts and where u entered your Server IP.
STEP 6 : Next, we will save our settings so we can always use an SSH Tunnel with VNC. Under your Server IP u will see the field "Saved Sessions". Choose a name for your connection then press "Save".
STEP 7 : Thats it and u created a SSH Tunnel for VNC. To connect to your server with VNC u need to open up Putty and double click on your "saved session name" and connect through SSH first.
STEP 8 : Once u connect to your server through SSH open up VNC and instead of putting your IP u need to put "localhost" and u will connect through VNC as normal.

NOTE : Now u need to do this each time u want to connect through VNC. Also, if u close Putty then VNC will drop connection. If u close VNC, Putty may drop connection. To take the Tunnel off just kill vnc and start vncserver normally and it will bring it back to default.






PART 18 : Securing FTP

NOTE : If u want extra security and to lockdown FTP, then i suggest doing this part of the tutorial. In this part we will setup ssl/tls with Vsftpd, but also keep FTP connection as well. Also, it is a good idea, if u are setting up a shared server, to chroot jail your users to there home dir's for extra security.

--The biggest change we will make here is the FTP port #. U need root to do this:

$ su
Password:

--Next make a securtiy certificate for Vsftpd to use:

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/vsftpd.pem -out /root/vsftpd.pem

--Now open the config file:

# nano /etc/vsftpd.conf

--Next u want to enable the chroot jail. Look for the following line and uncomment it by deleting the # sign to enable.

chroot_local_user=YES

NOTE : To allow certain users to bypass chroot, u can enable the chroot list in the vsftpd config file and add the users u want to this list.


--Now add this at the very end of file then save + exit:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
listen_port=43421
rsa_cert_file=/root/vsftpd.pem

--Now restart Vsftpd:

# /etc/init.d/vsftpd restart

NOTE : Remember to connect with your FTP client with what u choose and the new Port #'s. Sftp will need to connect with your SSH port#.

INFO : There are other ways to secure your Server as well. Like using IPTables, Firewall and yes even an Anti-Virus Scanner. Like i said im not gonna get into any of that cause it can be confusing to some users. If u followed all these steps then your secure enough with these settings and should have no problems working.



V. TUTORIAL # 5 > Proxy. irssi > FOUND HERE


**This tutorial, like the rest of them, was solely written by me (MikeD). However, i did learn this through various sources, authors and through trial & error, so thanks to all those that helped me crash, get locked out, close my connections and setup numerous amounts of servers over time, lol. Your greatly appreciated! If u have any questions or found a mistake, please post here and i will either help u or give u credit.**

This is such a wonderful tutorial MikeD. Thanks so much. I will get a dedi server once my current seedbox plan expires and follow this tut step by step.
Do you know how to setup this server as a proxy? :P

Originally Posted by theXader

This is such a wonderful tutorial MikeD. Thanks so much. I will get a dedi server once my current seedbox plan expires and follow this tut step by step.
Do you know how to setup this server as a proxy? :P

First, let me say thanks for the compliment and your welcome for making this tutorial. Anyway, yes i do know how to setup your server or seedbox to act as a proxy. Its very easy to do and i can walk u right through it in no time. It literally takes minutes. Just let me know when u need the help or if u wanted me to do anything else. Ill be happy to help.

hey miked, would it be possible to write this up as a tutorial, since I am also interested.