security on servers with Centova

Read 16885 times
Which settings should be made after hiring a new server settings to make the server more secure.
Hello Livehost,

This is a very broad topic, which varies heavily depending on many factors such as use cases and active services.

If you want to learn about linux security, the OS documentation is usually a good place to start.

Here are the links for the basic security recomendations, for both Centos and Debian.

https://www.debian.org/security/
http://wiki.centos.org/HowTos/OS_Protection


HTH
I world love to see some sort of basic Firewall built into Centova, which would let you block access on some ports or only allow port access to some IP addresses/hostnames, kinda like CSF does...
I world love to see some sort of basic Firewall built into Centova, which would let you block access on some ports or only allow port access to some IP addresses/hostnames, kinda like CSF does...

I seriously doubt this will ever be considered, as Centova Cast is not a system administration tool, besides, something like CSF will always do a better job as it is specialized on firewall administration.

Actually, CSF and Centova Cast play really well together, you can even set LDF to protect cc-ftp from brute force attacks and cc-web from http hammering.

Regards.
I seriously doubt this will ever be considered, as Centova Cast is not a system administration tool, besides, something like CSF will always do a better job as it is specialized on firewall administration.

Actually, CSF and Centova Cast play really well together, you can even set LDF to protect cc-ftp from brute force attacks and cc-web from http hammering.

Regards.

Actually the past couple days we have been installing CSF on all of our Centova servers.  Just had to make a couple adjustments for FTP and such, but its working out very well thus far.  We still have a couple more servers to install it on.  But the ones CSF is currently on helped with DDoS attacks we recently had on one of our servers.
CrossFire-Hosting LLC.
Co-Owner
Every Linux distro comes with an excellent firewall (iptables) built in, so building one into Centova Cast would be rather redundant. Firewall management is another topic but unless we one day decide to make Centova Cast a complete server management tool instead of a stream hosting control panel, its probably not likely.
Actually, CSF and Centova Cast play really well together, you can even set LDF to protect cc-ftp from brute force attacks and cc-web from http hammering.

Regards.
Actually the past couple days we have been installing CSF on all of our Centova servers.  Just had to make a couple adjustments for FTP and such, but its working out very well thus far.  We still have a couple more servers to install it on.  But the ones CSF is currently on helped with DDoS attacks we recently had on one of our servers.

I'd love to see some sort of documentation or info on how to do this, if someone has some time to share...
Thanks.
You can install csf via SSH... and you can edit either using vi  or pico (probably more on vi as not a lot have pico installed).  If you can access via FTP, you can edit the csf.conf that way as well.

Depending on what all is on the server (webmin, cPanel, plesk), you would need to allow some ports through for those panels. as well as Centova Cast ports.   Other than getting info on which ports, it is a pretty simple installation.
CrossFire-Hosting LLC.
Co-Owner
I have a server with only Centova panel, which ports should I set? you could post an example of your configuration?

how was your setup?

# Allow incoming IPv6 TCP ports
TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,7000:9999"

# Allow outgoing TCP ports
TCP6_OUT = "20,21,22,25,53,80,110,113,443,7000:9999"

# Allow incoming UDP ports
UDP6_IN = "20,21,53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP6_OUT = "20,21,53,113,123"
If you only have Centova Cast on the server, then those settings there should be fine, assuming that your streaming ports are 7000:9999.

If anyone is using a "relay" for their stream using a completely different port, you would possibly need to add their port(s) thats being used, or it wont be able to relay out.

We dont use IPv6, just IPv4, so all of our settings on on IPv4.  If you have just the normal port set for FTP for Centova (21), Then all is good.
CrossFire-Hosting LLC.
Co-Owner
I have a server with only Centova panel, which ports should I set? you could post an example of your configuration?

how was your setup?

# Allow incoming IPv6 TCP ports
TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,7000:9999"

# Allow outgoing TCP ports
TCP6_OUT = "20,21,22,25,53,80,110,113,443,7000:9999"

# Allow incoming UDP ports
UDP6_IN = "20,21,53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP6_OUT = "20,21,53,113,123"

There are several issues with this configuration:

1.- All this rules are for IPv6 only, which is both unnecessary and irrelevant as both Shoutcast and Icecast's support for IPv6 is limited to none. You'll need to move this changes to the regular TCP rules.

2.- Unless you are running cc-panel on port 80, you'll also need to add ports for the web interface, and any other alternative ports that you might be using.

3.- Make sure to set your Centova Cast port pool to match your firewall settings.


HTH