Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X
Aside

VPS – Setting up

I've logged in to my VPS and started setting it up.

Basically, the VPS has the following specs:

  • BuyVM-256MB
  • 256MB RAM (Burstable to 512MB)
  • 2 Core CPU
  • 30GB of HDD
  • 1000GB of data transfer
  • 1 US based IP

The VPS was first setup with BuyVM’s Centos 6 template (selected during the VPS ordering page). However, the memory usage  seems to be a little bit on the high side, roughly 30mb idling after I cleaned up the unnecessary services and unused packages. No good… Still too much memory for running nothing…

So the next thing I tried was to reinstall to their “centos-5-i386-minimal”. After reinstalling, I can’t even ssh or console into the VPS… Resintalled again, still the same… Seems like that template is broken… No go.

Reinstalled to “CentOS 5 32bit”, the idling memory shows ~14mb.
Sweet! We are good to go!

The first thing I did, was to gather some baseline info from the VPS, to record down the state of the VPS basically. The commands I ran were:

uname -a
cat /etc/*release*
cat /etc/hosts
ifconfig -a
ps fauxwww
netstat -tulpn

The first 4 command are pretty self explanatory.
The forth one, “ps fauxwww”, list down the various processes in a tree form and shows the memory usage of each process. Very useful to determine what process is hogging memory.
The last one, “netstat -tulpn”, list down the ports that the server is currently listening on and the process that is binding to the port. A useful tool to help secure your box.

[[email protected] ~]# ps fauxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 2156 664 ? Ss Sep09 0:00 init [3]
root 1249 0.0 0.1 2260 556 ? S<s Sep09 0:00 /sbin/udevd -d
root 1895 0.0 0.1 1812 572 ? Ss Sep09 0:00 syslogd -m 0
root 1932 0.0 0.1 2832 852 ? Ss Sep09 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root 1976 0.0 0.2 4492 1100 ? Ss Sep09 0:00 crond
root 1984 0.0 0.1 5680 700 ? Ss Sep09 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
root 1985 0.0 0.0 5680 440 ? S Sep09 0:00 _ /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
root 3483 0.0 0.2 7200 1060 ? Ss Sep09 0:00 /usr/sbin/sshd
root 3863 0.1 0.5 10036 2836 ? Ss 08:02 0:00 _ sshd: keewee [priv]
keewee 3865 0.0 0.3 10036 1672 ? S 08:03 0:00 _ sshd: [email protected]/0
keewee 3866 0.0 0.2 3712 1500 pts/0 Ss 08:03 0:00 _ -bash
root 3883 0.0 0.2 4092 1316 pts/0 S 08:03 0:00 _ su -
root 3884 0.1 0.2 3712 1488 pts/0 S 08:03 0:00 _ -bash
root 3903 0.0 0.1 2528 848 pts/0 R+ 08:03 0:00 _ ps fauxwww

[[email protected] ~]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1949/sendmail: acce
tcp 0 0 :::80 :::* LISTEN 1967/httpd
tcp 0 0 :::22 :::* LISTEN 1923/sshd

Combined, these two command can also help you determine what services to disable and what packages to uninstall.

After gathering the information, I started setting up the server.
I started off with some basic server security, creating a non-root user for logging in and securing SSH.

#Create Nonroot User
[[email protected] ~]# groupadd keewee
[[email protected] ~]# useradd -d /home/keewee -s /bin/bash -g keewee -m keewee

#Secure SSH
[[email protected] ~]# vi /etc/ssh/sshd_config
#Uncomment the following
LoginGraceTime 5m
PermitRootLogin no
StrictModes yes
MaxAuthTries 6
UsePrivilegeSeparation yes

[[email protected] ~]# service sshd restart

The next thing was to remove all the unnecessary packages, packages that I didn’t need or don’t use and is not essential to the operation of the box.
For this, I referred to to the “ps fauxwww” and “netstat -tulpn” output. I didn’t need sendmail and apache (httpd), so I chucked those.
I also went through the list of installed package by issuing “yum list installed” and picking out the packages I don’t want.
I ended up with the following packages to remove:

  • bind
  • fetchmail
  • finger-server
  • httpd
  • lynx
  • portmap
  • procmail
  • samba
  • sendmail
  • talk-server
That’s all I’ve done so far. Now my memory usage when logged in via SSH is ~13mb and when it is idling without running anything, ~6mb. Nice!
On my next post, I will be sharing the setting up of the LNMP software stack.

Kee Wee

Kee Wee is an IT Specialist specialising in High Availability and Messaging solutions. He is a curious person who likes to build things and figure out how stuff works. This is where he share his thoughts with the world.

Leave a comment  

name*

email*

website

Submit comment