Sign in with
Sign up | Sign in
Your question

Security for Ubuntu 12.04 based media server

Last response: in Linux/Free BSD
Share
July 1, 2012 2:33:37 AM

I just finished setting up a small home media server using Ubuntu 12.04 and was wondering how I could go about securing it. My drives are password protected and Windows asks me for a password every time I connect to the server already. I am overly paranoid about viruses and other nastiness infecting my machines after that nasty TDSS rootkit infection a few years back on my old windows PC... What else should I be doing in order to make this server more secure?

Thanks in advance for any help you guys can offer! :D 
July 1, 2012 4:39:29 AM

well you dont need to worry about the Ubuntu server getting infected as there are no linux viruses... and if it is a media server you dont need to worry about it infecting other computers because viruses cannot be transmitted in data files.
a b 8 Security
July 1, 2012 6:07:04 AM

Unfortunately, it is untrue that there isn no malware for Linux (indeed the very first malware programs attacked Unix systems). And malware can be transmitted in data files.

You should make sure that your server is protected by a firewall and make sure that no ports are open that are not needed. Currently the threat is not severe enough to require anti-virus software on Linux machines (unlike Macs). As long as you do that, and ensure that your Windows PCs are adequately protected you will be fine.
Related resources
July 2, 2012 11:17:44 PM

There are indeed viruses/malware/etc. for *nix systems; they're just much less common.

There are some common precautions you should take on practically every machine. Strong passwords on everything, no root access on SSH, get rid of ftp/telnet if they're not needed. You can encrypt your disks is you're paranoid. Sitting behind a properly configured firewall will definitely help as well.

While not entirely necessary (and I would say not at all), if you feel the need to you can use software such as ClamAV to scan your *nix systems. I'd only do this if you're extremely paranoid however.

Is this machine opened up to the web? As long as it's behind a NAT router/firewall, most of these concerns are fairly pointless (however still a good precaution).

Lock down your network, and your machines shall remain safe :) 
July 3, 2012 12:58:36 AM

Thanks for all of the quick responses! :)  I have disabled root access on SSH and all of my windows machines have anti-spyware and antivirus software installed already. My server is connected to my router, which sits behind a built-in firewall. I also run MediaTomb for streaming as well as Samba. Is there anything I should be doing to make these connections more secure? Also, is there any way I can securely connect to the server remotely from windows?

Sorry for all the questions... Windows has taught me to be a little paranoid when it comes to security. :/ 
July 3, 2012 1:43:47 AM

kyraiki said:
Also, is there any way I can securely connect to the server remotely from windows?


Are you talking from within your local network or remotely? If it's locally that you want, command line access can be gained via SSH using Putty, or you can use a client such as TightVNC (or your choice) to get remote desktop access. These can both be made to work externally as well, but certain precautions should be taken to ensure maximum security.

kyraiki said:
Sorry for all the questions... Windows has taught me to be a little paranoid when it comes to security. :/ 


Better safe than sorry; you can never be too secure!
July 3, 2012 6:35:50 AM

Pyroflea said:
...you can never be too secure!

unplug from wall
July 3, 2012 6:41:06 AM

Tinfoil hat too!
July 3, 2012 8:12:53 PM

I have a full suit of tinfoil undergarments, none of my computers are plugged in, and I jump from cafe to cafe using proxies to post on message boards; you mean I'm not normal!?

:D 
July 3, 2012 8:53:16 PM

Pyroflea said:
I have a full suit of tinfoil undergarments, none of my computers are plugged in, and I jump from cafe to cafe using proxies to post on message boards; you mean I'm not normal!?

:D 


A tinfoil suit helps protect you from security threats as well as those pesky GHz. ;) 
July 3, 2012 8:57:12 PM

Pyroflea said:
Are you talking from within your local network or remotely? If it's locally that you want, command line access can be gained via SSH using Putty, or you can use a client such as TightVNC (or your choice) to get remote desktop access. These can both be made to work externally as well, but certain precautions should be taken to ensure maximum security.



Better safe than sorry; you can never be too secure!


Locally. I am planning on running the server headless when its all set up and ready to go. Can I use TightVNC or SSH to connect to the server from Windows?

a b 8 Security
July 3, 2012 9:03:08 PM

You can use either of those. For GUI applications I prefer to use X Window over ssh rather than VNC. There are a number of free X Window servers for Windows. And you can do the same from OS X on a Mac. Another alternative is to install Webmin on the Linux machine which provides a very good web based administration program.
July 3, 2012 9:51:44 PM

Yes you can use VNC or SSH. did you know you could even forward X calls to a windows computer if you install an X client in windows? :) 

kyraiki said:
Locally. I am planning on running the server headless when its all set up and ready to go. Can I use TightVNC or SSH to connect to the server from Windows?

!