1

I am an Ubuntu/Linux noob. There are many questions I have regarding the use of my system as a server. First and foremost is security. I want to install a simple GUI (zPanel appears the most user friendly) that will allow others to log into the server and database with ease, similar to a hosting service, though my intent is for the development of one site. Upon looking at the instructions of numerous GUI's, they require installation as root. This makes me uneasy, as my thoughts spiral to the possibilities of the developers creating the elusive 'back-door', thereby giving them root access to my entire system. Am I just being paranoid or is that theoretically possible? If it is possible, what steps are necessary to ensure security?

Kirk
  • 13
  • 2

1 Answers1

0

That is the beauty of open source: as soon as something fishy gets installed someone will notice since it only takes 1 user to find a problem and make it public for all of us to benefit. Unless you are a specific target of course.

Installing software with sudo is not a problem in itself. What you need to make sure is that the permission are set as restrictive as possible. So never use chmod 777 and check the permissions of the files that got installed for zPanel.

Backdoors require the software to go in and out of your system. That will cause log files to be updated so the easiest method of finding them is to check log files for activity.

Am I just being paranoid or is that theoretically possible?

A little bit of paranoia is not bad and yes it is theoretically possible. But there are more likely scenario's than that.

If it is possible, what steps are necessary to ensure security?

This will work for any piece of software:

  • Try to use only software in the repositories and from trusted sources; Try webmin first. It is what we have been using for a long time.
  • Use google to find problems with software and/or the company/persons behind it;
  • Keep your software up to date;
  • Try to break it yourself or ask someone to try and break into your system remotely;
  • Use a firewall and log activity;
  • Examine log files periodically;
  • Change your password on occasion.
Rinzwind
  • 299,756
  • Your answer was very informative and led me to research the many gui's. It appears that most GUI users trust and respect webmin. zpanel on the otherhand...... You can fill in the blank for yourself. Now I'm off to see what I can screw up. Thanks again and take care. – Kirk Jul 01 '13 at 09:38
  • LOL @kirk Yeah we use webmin ourself. – Rinzwind Jul 01 '13 at 09:39
  • Do you have any leads to figure this ^&%^&*) webmin out? LOL – Kirk Jul 01 '13 at 09:41
  • http://askubuntu.com/questions/145165/how-to-install-webmin ;) it is -very- -very- easy ;) – Rinzwind Jul 01 '13 at 09:45
  • I agree. I already had it installed. I was referring to other procedures that likely would not be discussed here. Such as DNS. IP, so on and so forth. – Kirk Jul 01 '13 at 09:49