Difference between revisions of "Post-Install Configuration"

From MineOS Wiki
Jump to navigation Jump to search
Line 24: Line 24:
  
 
Remember, any usernames listed in the passwords file will be accessible, so be sure to remove the existing admin:password line no matter what.
 
Remember, any usernames listed in the passwords file will be accessible, so be sure to remove the existing admin:password line no matter what.
 +
 +
=== Using RSA-key to log into SSH/SFTP ===
 +
 +
For additional security, or to employ password-free SSH/SFTP logins, you can generate a public/private [[Rsa-key|RSA-key pair]]
  
 
== Other configuration ==
 
== Other configuration ==

Revision as of 09:30, 18 August 2011

A few configurations must occur after the first reboot, and some are not implemented to greatly simplify the setup. These steps, however, are important for the securing of the server.

Password changing

MySQL root password

The password is unset by default, and can only be set when the MySQL daemon is running (after first boot). To set the password, use the following command as root:

  1. ln -s /var/www/tmp/mysql.sock /tmp/mysql.sock
  2. mysql_secure_installation

Changing the web-ui password

The default admin:password to the web-ui is admin:minecraft If you would like to change this, (either the username and/or password), open up /etc/hiawatha/passwords in your favorite text editor and replace the existing line.

Since the password is encrypted, you must first generate it. You can do so with the help of an online htpasswd generator. Fill in the username to whatever you like, set the password and choose CRYPT as the password--it is essential to choose CRYPT.

For example:

nano /etc/hiawatha/passwords

Replace the one existing line with the generated line, such as: will:/ZU9ss0WcLwmE Save and exit. The password will take effect on reboot or on hiawatha restart (/etc/rc.d/hiawatha restart).

Remember, any usernames listed in the passwords file will be accessible, so be sure to remove the existing admin:password line no matter what.

Using RSA-key to log into SSH/SFTP

For additional security, or to employ password-free SSH/SFTP logins, you can generate a public/private RSA-key pair

Other configuration

iptables

iptables filters inbound and outbound traffic by a sequence of rules. These rules are to prevent undesired traffic from being responded to, helping defend against DOS attacks and to prevent unauthorized access (such as permitting SSH connections only from an IP address/range).

The default rules include inbound connections for SSH (22), Minecraft (25565), HTTP (80), and HTTPS (443) though it is fully customizable.

Crontabs

Minecraft related cron-jobs can be managed from the web-ui, such as backup, archiving, mapping, as well as [onreboot] restoring and server starting. For any other tanks, you will need to create a cron script yourself. For your benefit, however, the process has been greatly simplified. The directory /etc/cron/ has several sub-directories, (hourly, daily, weekly, etc). Instead of having to learn standard crontab syntax, each sub-directory (and its contained files) gets executed at its respective interval.

For example, if you want to gzip your server log every week, you can create a script as 'root':

  1. touch /etc/cron/weekly/gzipserverlog
  2. chmod +x /etc/cron/daily/gzipserverlog
  3. nano /etc/cron/daily/gzipserverlog

(backupscript contents)

cd /usr/games/minecraft
./mineos_console.py log_archive servername

Remember, these crontabs are usable for any purpose, not just Minecraft maintenance!

Hosting a Website

The most common web-language on Linux servers is PHP. With Hiawatha webserver and PHP, you can easily host forums, image galleries, and countless other website features to your server. Provided are instructions to enable PHP.