Blog <-> Facebook

So I finally got around to getting Facebook to automatically impoort my blog entries. Was easily done technically, all I had to do was decide if I wanted them to end up in the news feed or as status updates. Both had their advantages, but I decided going with news feeds because they provide better formating.

Now I’m back to moving my website and email server to new hardware (websites are easy, email is a bit of a pain).

Free vServer during beta phase

I just stumbled accross this website: https://ssl.euserv.de/produkte/vserver/betatest.php where you can order a vServer for free during the beta phase. The beta phase is planned to last till the end of 2009. For more details, have a look at the link (there are a few thing not allowed to use the server for, mainly high traffic and illegal stuff).

An order key is required, just have a look at the tags of this posting …. one of them is a bit “strange” 😉

Gaming & Tech

Yeah I know,  I haven’t posted in quite a while. Have been pretty busy with all kinds of stuff lately. so here is a short update on the more technical stuff I’ve been up to in the last few weeks:

– I moved most of the services from my old server to my new server (actually to one of my vmware guests on my new server, si-ka.net is still missing, and I need to forward dopefish.de to www.dopefish.de)
– I set up a gameserver host on a separate vmware guest. While this may not be the best solution performance-wise, it is defiantly the best solution security wise since gameservers require all kinds of strange library crap. And because it is easy, I also set up a Left 4 Dead dedicated server and assigned it to the -si.ka- steam group.

I also started playing a few new games. I got talked into getting “Left 4 Dead”, which is fun in coop and multi-player (solo kind of lacks smart bots on your own team). Then I got GTA4, but haven’t had time to play it yet. And yesterday I had a look at “Runes of Magic” a free MMORPG. It is currently in open-beta, and large parts of it still require translation (in the starting areas, most of the quests are a mix of German/English, if you get in some seldom visited areas, quests and NPC are sometimes in Asian lettering).

Climbing has been coming a bit short lately, I’ll try to get back to that more regularly.

save the forest (or something like that …)

I can’t be the only person who finds it bothersome burning a cd just to install linux. What a waste (it’s not like you use the cd all to often afterwards, except as a coaster). So here are the quick and dirty instructions for making a debian linux install usb stick (adjust /dev/sdb accordingly, failure to do so can pretty must kill any data on a harddisk):

  • wget ftp://ftp2.de.debian.org/debian/dists/etch/main/installer-i386/current/images/hd-media/boot.img.gz
  • wget http://cdimage.debian.org/debian-cd/4.0_r5/i386/iso-cd/debian-40r5-i386-netinst.iso
  • zcat boot.img.gz > /dev/sdb
  • mount /dev/sdb /mnt
  • cp debian-40r5-i386-netinst.iso /mnt
  • umount /mnt

Basic Server Hardening

Ok, here is a list of a few programs I’d advise anyone to use who is running a server on the internet (or thinking of doing so).

  • aide or tripwire (they can check and report if files on your system get changed, configurable levels). If you use tripwire, don’t forget a “tripwire –check -I” after you do any updates.
  • logcheck will check your system logs, and report anything out of the ordinary (“ordinary” is defined by a list of ‘normal’ rules, and anything you add)
  • tiger goes farther than logcheck, it actively checks your system and reports anything strange (files not belonging to packages, users or groups that got added, …)
  • grsecurity adds more security features to your kernel (at least use the basic features and the possibility to turn off module loading after boot)
  • rkhunter, chkrootkit scan the system for signs of rootkits or other malware. just install, make sure they are executed daily by cron, possibly tweak rkhunters config a bit (I had problems with unhide and current kernel versions)

I’m not saying that setting up and tweaking all this software and actually reading the emails they generate will make your server super-duper secure, but they will reduce the risk of running a server open to the internet and alarm you if somthing strange is happening. It is important to read and understand what theese programs mail you. Yes, you will get false positives from time to time. And yes, you will have to adjust the config now and then due to package updates; but I get about 3-4 mails a week, and that is definatly ok considering the amount of data that gets checked.