Changing passwords and securing the server

apitsos

apitsos

Verified User
Joined
Dec 30, 2009
Messages
75
Location
Athens, Greece
Dear Friends,

I have a question, related with the security of the server and the DA control panel. I firstly installed the DA on a new server for testing purposes, but finally I decided to purchase a lifetime license and use this server as my main webserver. So, I am about to migrate all my websites to this server and delete get of rid of the previous one. Before do that, I need to be sure that I have secured the new server with NEW passwords.

So, coming to the issue, if I change the password for the "admin" user of the DA control panel, the "root" password for the server and the "root" password for the mySQL, am i covered? Meaning, do I miss something that maybe need to be updated, appart these three critical passwords?

Finally, I would like to ask one more thing, regarding the same issue. Is there a command or any other way that can list all the created users in the server and in mySQL as well?

Thanks a lot in advance for your assistance.
 
Last edited:
i think you changed all necessary passwords.
you can see all your users with this command:
cat /etc/passwd | cut -d: -f1
 
BestBoard, thank you so much for your prompt reply. ;)

I did what you advised, and I received a list with 31 users. I am wondering which of them should be "standard" and which of them are created by human actions!

Would it be useful if I post the list with the results, here?

Thanks again,
Angelos
 
post the output of cat /etc/passwd here (without cut -d:...)
and I'll tell you if there is something suspicious
 
Note: Don't post your /etc/passwd file. While it shouldn't contain any actual passwords, I'd still consider it a security risk to show it to anyone who can google.

Instead send it to BestBoard in a PM if you feel you need to.

Generally you can tell which users are system generated because except for root they won't have passwords. But to see that you'd have to look not in /etc/passwd but in /etc/shadow. Do not ever send, show or give the contents of /etc/shadow to anyone unless you have a good reason. A very good reason. And trust the recipient explicitly.

Jeff
 
well i didn't got any p.m from you so i'll post here /etc/passwd of centos + directadmin clean install

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
diradmin:x:101:102::/usr/local/directadmin:/bin/false
mysql:x:102:103:MySQL server:/var/lib/mysql:/bin/false
webapps:x:500:500::/var/www/html:/bin/false
majordomo:x:103:2::/etc/virtual/majordomo:/bin/false
dovecot:x:104:105::/home/dovecot:/bin/false
admin:x:502:502::/home/admin:/bin/bash
Click to expand...
 
Hello my friends,

First of all I would like to thank you for your posts and also to apologize for not replying, as I forgot to register this thread for notifications on new posts and I didn't have it in my mind to come back and check the next days. Now, I have registered! :)

jlasman, thanks for your advices. Really helpful for someone who is not very familiar with Linux servers, like me. You were very right about the command:
Code: 
cat /etc/shadow
Only "root", "admin" and three other accounts have password, but they all are known to me. So there is no any "strange" account with password there. Also I noticed that the passwords are encrypted. Isn't it?

BestBoard, thank you very much for your help and I am sorry for not replying, but I explained above what happened with me and my post. I have some differences with your users. You have the users "mailnull", "smmsp", "rpc", "rpcuser", "nfsnobody", "nscd", "pcap", "avahi" & "avahi-autoipd", which I do not have on my list, when running the relevant command. I assume they are not absolutely necessary if I do not have them in my list. Apart of this, all the other users I have on my list are mentioned by you as well, except of the known users, created in DirectAdmin. So I assume I don't need to worry.

I would like to ask something. Is there any possibility that someone could have access to the server, using one of these "system" users, which they do not have password at all?

Again I would like to thank you all for your kind assistance.

Best,

Angelos
 
apitsos said:
I would like to ask something. Is there any possibility that someone could have access to the server, using one of these "system" users, which they do not have password at all?
Click to expand...
Not directly through the user, but through a daemon running as one of the users, if the daemon has a bug that allows it to be compromised.

That's why you update often.

Jeff
 
You must log in or register to reply here.
Back
Top