Jonathan's Pancheria

dotcom Thousandaire

Here are some quick steps I did to do initial lockdown of a freshly created Joyent Accelerator:

Change passwords

  • Sign in as admin via secure shell to the default account, change its password
  • su to root and change the root password
  • Go into virtualmin→webmin→Webmin Users→Click on the admin user. Then set Password Authentication to Unix Authentication in the dropdown box, like in this screenshot: Hit the Save button at the bottom of the page. After you do this, you will have to log back in to webmin. Alternately, you could just set the password to be the same as the one you used for the admin user you secure shell’ed in, if you are worried about webmin having access to the Solaris password authentication system. But then you also have to worry about keeping the passwords in sync.

Shut off unnecessary services

  • Disable apache: I am not ready to run a webserver yet, so I shut off apache by su’ing to root and running # svcadm disable cswapache2
  • Make postfix only accept mail from localhost: Webmin→Server→Postfix Configuration→General. Set the text box on “Network interfaces for receiving mail” to localhost, like in this image: then save. Then stop and restart postfix

When I was done, my netstat -a -f inet display showed only the following listening ports:

  • *.s s h: s s h daemon
  • *.10000: webmin
  • localhost.smtp: smtp, but can only be accessed via localhost
  • localhost.3306: mysql daemon

Published on 25/05/2007 at 04:37AM under . Tags , , , , , , ,

Powered by Typo – Thème Frédéric de Villamil | Photo L. Lemos