About my server...




This is a stabdalone home gateway linked to ADSL. It is running a few services. Click on pictures to enlarge them.


Piracy :
- server has been cracked on July 2004 with hoacd by compromising the kernel and some system files. I got the same problems than the Debian servers compromise. I think the guy has exploited a break in wu-ftpd. Server has been re-installed from scratch and I replaced wu-ftpd by proftpd.
- an accound has been cracked (probably by brute-force ssh logging) on August 2004. The guy installed SuckIt, egg and psybnc in the local account. A backdoor was installed by a background process (httpd) but fortunately he did not manage to gain root access. Server has been cleaned-up and all passwords have been changed for strong passwords. I installed an IDS and make the system Read-Only on FLASH disk.
- an account has been cracked on Fri the 27th, 2005. The guy locally installed BindShell (rootkit). Two backdoors were installed and a program was running (doremap). I have installed a scp client on my father's machine for regular backup and the the password was written in a script. I assume that my father's PC has been scanned and the password found. BTW, I have changed passwords again and this account is disabled.

Link :
- Free IP-ADSL 1024/128 kbits/s (down/up stream) => 16KB/s available for download.

Hardware :
- Shuttle's mini-PC
- Duron 800MHz
- 256MB DDR-SDRAM
- 512MB USB Flash Disk (Read Only)
- 2xMaxtor 120GB (software RAID1)
- ADSL SpeedTouch Home Ethernet modem.
- MGE's UPS Pulsar Ellipse Premium 500VA Line-Interactive (USB/serial)

Software :
- GNU/Linux : Debian
- DNS server : Bind
- WEB server : Apache
- file sharing server for Windows : Samba
- VPN (bridged) : OpenVPN
- IP translation (DNAT) : NetFilter
- firewall + traffic shapper : Arno's IPTABLES Firewall Script
- mail relay (SMTP) : Postfix
- mail server (POP3/IMAP w/ SSL) : DoveCot
- mail filter : MailScanner (spam/av front-end)
- spam filter : Spam Assassin (because spam sucks !)
    - antivirus filter : ClamAV
    - webmail : SquirrelMail
- timer server : ntp for the pool
- traffic grapher : MRTG
- Intrusion Detection System : AIDE

Availability :
- in theory : full
- practically : up to 204 days

Access :

GPG key : here
Domain certificate : here
Webmail : here
Traffic stats : here
Pool stats : here
WebCam: test

Debian Apache


Romain Liévin