System Security?

**Rastar** · 12-13-2001, 02:06 PM

Some know me some don't here is what I run RH7.2 behind a DSL (dynamic ip) to router then static ip after that.

Okay I run a MUD and host now two others. Since the I start the mud manually (Cant I do this via script) by typing

cd /home/<user>/<game dir>
./rmstart <port> &

I have always done this logged in as a user without root access. And when I am done, I have always locked my screen. My questions are:
1. Just locking my screen does that help security (outside)
2. If I logout will that keep the game and things like tkseti and licq running?
3. Can I make a script that will at startup load licq tkseti, mud, and dns2go's dynamic IP to name resolver update?

From a security point last night I disabled Telnet and enabled ssh now the users that I host must use ssh to log in (I think this is better)? Game Players can still use Telnet to access the mud (BTW how does that work?) if it is a disabled service at bootup?

I have very few ports open on my router and with the exception of apache don't think things are running wild?

Thanks
Rastar

**kenshi** · 12-13-2001, 02:35 PM

1. *Just locking my screen does that help security (outside)

I don't see how locking the screen protects your computer over the network at all.

2. *If I logout will that keep the game and things like tkseti and licq running?

X-windows based programs will be closed but command-line based programs will stay open if you told them to run in the background.

3. *Can I make a script that will at startup load licq tkseti, mud, and dns2go's dynamic IP to name resolver update?

I'm not sure what you're asking here.

From a security point last night I disabled Telnet and enabled ssh now the users that I host must use ssh to log in (I think this is better)? *Game Players can still use Telnet to access the mud (BTW how does that work?) if it is a disabled service at bootup?

The mud itself is probably a telnet-based server. When users telnet to a certain port, the mud intercepts it and communicates in a protocol that's compatible with telnet. If you were actually using the telnet daemon, users would have to log in before they could play. (I don't mean log in as a mud character. I mean log in as someone on the local machine.) I hope this explains it.

**Rastar** · 12-13-2001, 02:55 PM

Better attempt at explaining the script question:

Okay the mud, dns2go, and tkseti are all operated by command line sure I can build shortcuts on the desktop to run all those but for instance the mud again is booted like this. (Open a shell)

cd /home/<user>/<mud code>
./rmstart <port> & I think the "&" allows it to keep running after copyover and game reboots and also keeps it in the background.

TKSETI while having a graphical interface (plugin for seti@home). can be started again in a shell like this
cd /home/tkseti*/
./tkseti <seti@home directory> &

What I would like to do is something along the lines of this.

When I reboot the system at the end of all the starting stuff ssh, apache, linuxconf, eth0 etc etc

I would like to make a script that would then load
dns2go
mud

So I would never have to load them manually again.

Say for some stupid reason my computer rebooted itself (power outage etc.) I was not home. This would load the mud, and my dynamic ip to domain name (DNS2GO) ensuring that the game, webserver had access to my system.

Hopefully I made it clearer and not messier.

Rastar ;D

**kenshi** · 12-13-2001, 05:09 PM

Well sure you can create scripts that execute at runtime. All you have to do is make a script in /etc/init.d that will do what you need to do. Then symbolically link it to your rc directories. They vary from distro to distro. In Debian, it's /etc/rcn.d/S99script where n is the runlevel and in S99, S means start and 99 is the order. If you want it to start before certain other services, lower the number. In FreeBSD, the directory is /usr/local/etc/rc.d. The filenames have a different syntax too but I think all Linux distros (except maybe Slackware) use a syntax like Debians, so you probably don't need to worry about that.

The only problem is that you say one of them needs a graphical interface to run. If you have a gui that pops up whenever you boot, like kdm, you just need to set the number on the script to make it run after the gui. Otherwise, it could get messy. Give me more information on this one that requires a gui and how your gui is executed on your machine.

**Vendetta** · 01-22-2002, 10:33 AM

one problem with running the script as listed...

by default everything will run as root which can be a headache if

1.
by some weird miracle someone learns to exploit your muds.

2.
all files created / modified by the muds will be owned by root

3.
you CAN build command line interface into a mud (i've done it) which leaves you wide open if its running as root.

someone posted a bit you can set on executables that will make them run as their owner's uid / guid but i've long since forgotten what that bit was. you might be able to find it by searching on my name (go back 180 days cause i'm not sure when it was)

good luck