About my server...




This is a stabdalone home gateway linked to ADSL. It is running few services. Click on pictures to enlarge them.



Piracy :
- server has been cracked on July 2004 with hoacd by compromising the kernel and some system files. I got the same problems than the Debian servers compromise. I think the guy has exploited a break in wu-ftpd. Server has been re-installed from scratch and I replaced wu-ftpd by proftpd.
- an accound has been cracked (probably by brute-force ssh logging) on August 2004. The guy installed SuckIt, egg and psybnc in the local account. A backdoor was installed by a background process (httpd) but fortunately he did not manage to gain root access. Server has been cleaned-up and all passwords have been changed for strong passwords. I installed an IDS and make the system Read-Only on FLASH disk.
- an account has been cracked on Fri the 27th, 2005. The guy locally installed BindShell (rootkit). Two backdoors were installed and a program was running (doremap). I have installed a scp client on my father's machine for regular backup and the the password was written in a script. I assume that my father's PC has been scanned and the password found. BTW, I have changed passwords again and this account is disabled.

Link :
- Free's IP-ADSL 8192/1024 kbits/s

Hardware :
- Shuttle's mini-PC: Athlon XP 2200+, 512MB DDR-SDRAM
- disks: 512MB USB Flash Disk (Read Only), 2x80GB (software RAID1), 160 GB, 500 GB
- MGE's UPS Pulsar Ellipse Premium 500VA Line-Interactive (USB/serial)

Software :
- OS: GNU/Linux on Debian
- DNS server: Bind
- WEB server: Apache
- TIME server: Ntp for the pool
- FILE sharing server for Windows : Samba
- MAIL server (POP3/IMAP w/ SSL) : DoveCot
- MAIL relay (SMTP) : Postfix
- MAIL filter : MailScanner (spam/av front-end)
- SPAM filter : Spam Assassin (because spam sucks !)
    - antivirus filter : ClamAV
    - webmail : SquirrelMail
- FIREWALL + traffic shapper : Arno's IPTABLES Firewall Script
- TRAFFIC grapher : MRTG
- Intrusion Detection System : AIDE
- Address Book management: LDAP

Availability :
- in theory : full
- practically : up to 204 days

Access :
GPG key : here
Domain certificate : here
Webmail : here
Traffic stats : here
Pool stats : here

Debian Apache


Romain Liévin