I run it as root, there's not really a security risk, assuming your firewall is tight and you have a reasonably good password on SSH (if you can't memorize it, then it's good).
“Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” — Albert Einstein
"Never try to teach a pig to sing; it wastes your time and it annoys the pig." — Robert Heinlein
I run it as root, there's not really a security risk, assuming your firewall is tight and you have a reasonably good password on SSH (if you can't memorize it, then it's good).
It's most certainly a security risk. Of course, the probability that your server would be targeted of the hundreds known publicly (even if yours isn public) is exceedingly low, and that you may not even have anything on the VPS worth compromising...but bad practice is bad practice. Minecraft doesnt need root privileges, don't give it. Takes all of 2 commands to create and secure a new user.
As far as the firewall comfort... that is very incorrect. A firewall provides absolutely zero protection to a server whose target is the Minecraft server itself. If (and thats *the* 'if') Minecraft exploits are discovered, the user would be using the minecraft port to get in--thus the firewall effectively did nothing. And even more, no matter how strong your password is--if an exploit is found that permits running arbitrary code or commands---then the password is USELESS since the user would have gained privileges through means NOT SSH authentication.
And a root password you can't remember is ALSO useless...that's a terrible guideline for passwords. You shouldn't use a password easily guessed, but thats why it is becoming more commonplace for people to use passwords that match easily remembered phrases, such as 'cfptuptmerp'. No, this would not be an appropriate password for you, since you don't likely remember that phrase, but you choose one you DO remember, and you nearly eliminate the chance of your password being weak.
It's most certainly a security risk. Of course, the probability that your server would be targeted of the hundreds known publicly (even if yours isn public) is exceedingly low, and that you may not even have anything on the VPS worth compromising...but bad practice is bad practice. Minecraft doesnt need root privileges, don't give it. Takes all of 2 commands to create and secure a new user.
As far as the firewall comfort... that is very incorrect. A firewall provides absolutely zero protection to a server whose target is the Minecraft server itself. If (and thats *the* 'if') Minecraft exploits are discovered, the user would be using the minecraft port to get in--thus the firewall effectively did nothing. And even more, no matter how strong your password is--if an exploit is found that permits running arbitrary code or commands---then the password is USELESS since the user would have gained privileges through means NOT SSH authentication.
And a root password you can't remember is ALSO useless...that's a terrible guideline for passwords. You shouldn't use a password easily guessed, but thats why it is becoming more commonplace for people to use passwords that match easily remembered phrases, such as 'cfptuptmerp'. No, this would not be an appropriate password for you, since you don't likely remember that phrase, but you choose one you DO remember, and you nearly eliminate the chance of your password being weak.
If you don't think I'm tight, then let me tell you this-- over the last month, the ODG server has been constantly targeted by a hacker group, who have tried literally hundreds of drive-by attacks, and multiple DDoS ones. I can show you the log files if you so wish.
My security has been very well audited. The root password is 24 random letters and numbers.
Exploits via the server? What are you smoking? And there's many bigger problems if a exploit somehow gets released.
“Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” — Albert Einstein
"Never try to teach a pig to sing; it wastes your time and it annoys the pig." — Robert Heinlein
ok so what i am getting here is that its unnecessary to run as root, but there are no minecraft server exploits so its technically doesnt matter. all you have to worry about are the standard server attacks, but that could happen to any server not just minecraft ones
If you don't think I'm tight, then let me tell you this-- over the last month, the ODG server has been constantly targeted by a hacker group, who have tried literally hundreds of drive-by attacks, and multiple DDoS ones. I can show you the log files if you so wish.
My security has been very well audited. The root password is 24 random letters and numbers.
Exploits via the server? What are you smoking? And there's many bigger problems if a exploit somehow gets released.
Great response...yes, because you have not been successfully hacked by a group of idiots therefore, bad practice is not bad practice. Look at the entire server world: lighttpd, apache, msyql--what do you notice between all these services?
They all tell you to be run as an unprivileged user. ALL OF THEM.
Why? Because regardless of whether youre being 'targetted by a hacker group' (and god knows how you could have created that much bad blood)--0% threat is better than .01%. And a service like apache that gets compromised will only yield the permissions the apache user has. Likewise, a server like minecraft will only yield the permissions THAT user has.
It requires NO effort to give minecraft its own unprivileged user, and good practice is good practice no matter what.
"My security has been very well audited. The root password is 24 random letters and numbers."
I call that an 'idiot' password. You want to make a login 'unlikely'? Use a 24 'RANDOM' letters and numbers....and make it god damn difficult for you to login. You want to make it 'pretty much impossible?' learn what RSA-KEY logins are.
I'm proud of you and your impenetrable, high-significance server and your many conquered virtual enemies.
Great response...yes, because you have not been successfully hacked by a group of idiots therefore, bad practice is not bad practice. Look at the entire server world: lighttpd, apache, msyql--what do you notice between all these services?
They all tell you to be run as an unprivileged user. ALL OF THEM.
Why? Because regardless of whether youre being 'targetted by a hacker group' (and god knows how you could have created that much bad blood)--0% threat is better than .01%. And a service like apache that gets compromised will only yield the permissions the apache user has. Likewise, a server like minecraft will only yield the permissions THAT user has.
It requires NO effort to give minecraft its own unprivileged user, and good practice is good practice no matter what.
"My security has been very well audited. The root password is 24 random letters and numbers."
I call that an 'idiot' password. You want to make a login 'unlikely'? Use a 24 'RANDOM' letters and numbers....and make it god damn difficult for you to login. You want to make it 'pretty much impossible?' learn what RSA-KEY logins are.
I'm proud of you and your impenetrable, high-significance server and your many conquered virtual enemies.
You are so right... even xkcd makes that same established point.
It's never a good idea to run any service accessible from the outside world as root because if they find an exploit the the server, then they can do a world of pain.
World of pain may include:
- Steal account details
- Delete server data
- Install a rootkit and login as much as they want
Great response...yes, because you have not been successfully hacked by a group of idiots therefore, bad practice is not bad practice. Look at the entire server world: lighttpd, apache, msyql--what do you notice between all these services?
They all tell you to be run as an unprivileged user. ALL OF THEM.
Why? Because regardless of whether youre being 'targetted by a hacker group' (and god knows how you could have created that much bad blood)--0% threat is better than .01%. And a service like apache that gets compromised will only yield the permissions the apache user has. Likewise, a server like minecraft will only yield the permissions THAT user has.
It requires NO effort to give minecraft its own unprivileged user, and good practice is good practice no matter what.
"My security has been very well audited. The root password is 24 random letters and numbers."
I call that an 'idiot' password. You want to make a login 'unlikely'? Use a 24 'RANDOM' letters and numbers....and make it god damn difficult for you to login. You want to make it 'pretty much impossible?' learn what RSA-KEY logins are.
I'm proud of you and your impenetrable, high-significance server and your many conquered virtual enemies.
Haha, whatever you say.
Anyways, back when I was still running it, we had a rather annoying group of script kiddies do everything possible to destroy or lag the server, and I constantly patched security holes. This isn't common for a server to have this kind of attacks directed at it, especially so when you realize it was a Minecraft server, and a tiny one at that. In the end, said script kiddies drove away the donators, so they won! Although the only reason they managed that was via ridiculous and constant DDoS and drive-by attacks, as well as exploiting several plugins.
“Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” — Albert Einstein
"Never try to teach a pig to sing; it wastes your time and it annoys the pig." — Robert Heinlein
I wish that there was a way to forward that comic to all admins that think it is okay to have a low maximum number of characters, or dictate that you must use one of a few special characters. Long passwords make for better security, not 1337 speak.
Great response...yes, because you have not been successfully hacked by a group of idiots therefore, bad practice is not bad practice. Look at the entire server world: lighttpd, apache, msyql--what do you notice between all these services?
They all tell you to be run as an unprivileged user. ALL OF THEM.
Why? Because regardless of whether youre being 'targetted by a hacker group' (and god knows how you could have created that much bad blood)--0% threat is better than .01%. And a service like apache that gets compromised will only yield the permissions the apache user has. Likewise, a server like minecraft will only yield the permissions THAT user has.
It requires NO effort to give minecraft its own unprivileged user, and good practice is good practice no matter what.
"My security has been very well audited. The root password is 24 random letters and numbers."
I call that an 'idiot' password. You want to make a login 'unlikely'? Use a 24 'RANDOM' letters and numbers....and make it god damn difficult for you to login. You want to make it 'pretty much impossible?' learn what RSA-KEY logins are.
I'm proud of you and your impenetrable, high-significance server and your many conquered virtual enemies.
I could not agree with this more hexx. An admin's arrogance thinking that he's impossible to have his security compromised is an admin with bad practices. Precautions are precautions, running a tight ship is important.
Your point is great on the reason for running as a user and not root. GOOD HABITS will make a GOOD ADMIN!
For unix newbies who are witnessing this conversation and not entirely sure what's going on. Here's sort of a really basic breakdown.
Root assumes full access of the machine, you can do whatever you want with root access. Whilst running something as root that public may have access to, if in the event that it is exploited and somehow root access is gained, the user may assume control of what was exploited via that user. For instance if I run a program as bob, bob has limited access, but I allow bob to run minecraft with full permissions, the worst that may happen is that if bob is exploited is that minecraft and my bob files may be destroyed, etc etc... In the event I run it as root, someone gains root access to my machine there is not the extreme possibility that everything can be compromised if this user knows what they are doing.
There are many bots out there that do simple portscans for SSH and attempt to bruteforce. While these particular threats are minimal, other things such as exploits stand a chance to be a problem. Just because an exploit doesn't exist now doesn't mean there can't/won't be. Also, not all exploits are /well/ known.
A good admin for a unix box should always:
- Minimize his/her exposure to possible exploits
- Maximize security of passwords and logins
- Limit access to those who have access to login
- Maximize security of how logins are allowed remotely (not using normal SSH credentials, encryption, etc etc)
- Ensuring any personal data is protected
- Always ensuring data is backed up if worst case scenario of being compromised happens (generally off machine)
Yeah it's easy to just run everything as root because then you don't have to worry about going through and changing permissions, etc etc... yeah, you can change up your firewall security. Yes you can run a VERY tight ship and the likelihood is minimal.
BUT
Being egotistical that your unix box is the best out there and you are impenetrable is self denial. If worst case scenario should an exploit target that one particular issue with your security, you'll be asking yourself "Why didn't I just do it the right way in the first place?"
Some tips for new users to unix:
- Setting your SSH port to something not of the norm reduces threat to random scans by known bots. If someone seriously wants to see if you're still open to SSH and are malicious they still may find out, but you're now ruling out the norm. Also, if you use SSH, resist allowing to login via ssh as root. It is FAR MORE secure to require yourself to su to root once you are logged in. This means not only would an attack have to guess the account you can ssh in with, but once in, would have limited permissions unless they could su to root anyway, which means they would then have to guess that as well.
- Firewall rules are nice. As hexx has noted, this only protects you from the things not in use. Specific programs having access to the outside world can still be targeted for exploits. Just because there is NOT an exploit now does not mean there CANNOT be one later. How are you running it? Is it privileged? Just ask this simple question: "If I gave this privileged access to someone who hated me, what could they do with it?" Answer that and find a reason to limit that if at all possible.
To add note to that, you don't need ICMP, turn it off, also helps with people looking for alive machines. Script kiddies are script kiddies, but limiting what can be seen is always good. Doesn't make you invisible, but it's just another precaution.
- Strong passwords are key. Authentication is also important. Do you have SSH on your machine? Setup GOOD authentication. use GOOD habits, limit login attempts, default credentials aren't always the best.
These are only basics. But starting with the basics of GOOD HABITS of protecting yourself and your users is a great place to start. Don't be lazy, lazy security is how we forget things and how things slip through on security.
Last but not least:
- None of us are perfect admins... never assume it. Always think of new ways to better your security.
IP - play.phanaticmc.com
"Never try to teach a pig to sing; it wastes your time and it annoys the pig." — Robert Heinlein
No known exploits.. But, why take the risk?
It is easy to setup a user account to run the server in.
It's most certainly a security risk. Of course, the probability that your server would be targeted of the hundreds known publicly (even if yours isn public) is exceedingly low, and that you may not even have anything on the VPS worth compromising...but bad practice is bad practice. Minecraft doesnt need root privileges, don't give it. Takes all of 2 commands to create and secure a new user.
As far as the firewall comfort... that is very incorrect. A firewall provides absolutely zero protection to a server whose target is the Minecraft server itself. If (and thats *the* 'if') Minecraft exploits are discovered, the user would be using the minecraft port to get in--thus the firewall effectively did nothing. And even more, no matter how strong your password is--if an exploit is found that permits running arbitrary code or commands---then the password is USELESS since the user would have gained privileges through means NOT SSH authentication.
And a root password you can't remember is ALSO useless...that's a terrible guideline for passwords. You shouldn't use a password easily guessed, but thats why it is becoming more commonplace for people to use passwords that match easily remembered phrases, such as 'cfptuptmerp'. No, this would not be an appropriate password for you, since you don't likely remember that phrase, but you choose one you DO remember, and you nearly eliminate the chance of your password being weak.
If you don't think I'm tight, then let me tell you this-- over the last month, the ODG server has been constantly targeted by a hacker group, who have tried literally hundreds of drive-by attacks, and multiple DDoS ones. I can show you the log files if you so wish.
My security has been very well audited. The root password is 24 random letters and numbers.
Exploits via the server? What are you smoking? And there's many bigger problems if a exploit somehow gets released.
"Never try to teach a pig to sing; it wastes your time and it annoys the pig." — Robert Heinlein
IP - play.phanaticmc.com
No known Minecraft server exploits. There are never no exploits, only no known ones.
No SQL Server exploits: http://www.cert.org/advisories/CA-2002-22.html
No Apache exploits: http://nakedsecurity.sophos.com/2011/08/26/apache-exploit-leaves-up-to-65-of-all-websites-vulnerable/
No Oracle exploits: http://www.red-database-security.com/exploits/oracle_exploits.html
No Java exploits: http://isc.sans.edu/diary.html?storyid=9916 :wink.gif:
Great response...yes, because you have not been successfully hacked by a group of idiots therefore, bad practice is not bad practice. Look at the entire server world: lighttpd, apache, msyql--what do you notice between all these services?
They all tell you to be run as an unprivileged user. ALL OF THEM.
Why? Because regardless of whether youre being 'targetted by a hacker group' (and god knows how you could have created that much bad blood)--0% threat is better than .01%. And a service like apache that gets compromised will only yield the permissions the apache user has. Likewise, a server like minecraft will only yield the permissions THAT user has.
It requires NO effort to give minecraft its own unprivileged user, and good practice is good practice no matter what.
"My security has been very well audited. The root password is 24 random letters and numbers."
I call that an 'idiot' password. You want to make a login 'unlikely'? Use a 24 'RANDOM' letters and numbers....and make it god damn difficult for you to login. You want to make it 'pretty much impossible?' learn what RSA-KEY logins are.
I'm proud of you and your impenetrable, high-significance server and your many conquered virtual enemies.
You are so right... even xkcd makes that same established point.
http://imgs.xkcd.com/comics/password_strength.png
Lulz
World of pain may include:
- Steal account details
- Delete server data
- Install a rootkit and login as much as they want
Haha, whatever you say.
Anyways, back when I was still running it, we had a rather annoying group of script kiddies do everything possible to destroy or lag the server, and I constantly patched security holes. This isn't common for a server to have this kind of attacks directed at it, especially so when you realize it was a Minecraft server, and a tiny one at that. In the end, said script kiddies drove away the donators, so they won! Although the only reason they managed that was via ridiculous and constant DDoS and drive-by attacks, as well as exploiting several plugins.
"Never try to teach a pig to sing; it wastes your time and it annoys the pig." — Robert Heinlein
I wish that there was a way to forward that comic to all admins that think it is okay to have a low maximum number of characters, or dictate that you must use one of a few special characters. Long passwords make for better security, not 1337 speak.
I could not agree with this more hexx. An admin's arrogance thinking that he's impossible to have his security compromised is an admin with bad practices. Precautions are precautions, running a tight ship is important.
Your point is great on the reason for running as a user and not root. GOOD HABITS will make a GOOD ADMIN!
For unix newbies who are witnessing this conversation and not entirely sure what's going on. Here's sort of a really basic breakdown.
Root assumes full access of the machine, you can do whatever you want with root access. Whilst running something as root that public may have access to, if in the event that it is exploited and somehow root access is gained, the user may assume control of what was exploited via that user. For instance if I run a program as bob, bob has limited access, but I allow bob to run minecraft with full permissions, the worst that may happen is that if bob is exploited is that minecraft and my bob files may be destroyed, etc etc... In the event I run it as root, someone gains root access to my machine there is not the extreme possibility that everything can be compromised if this user knows what they are doing.
There are many bots out there that do simple portscans for SSH and attempt to bruteforce. While these particular threats are minimal, other things such as exploits stand a chance to be a problem. Just because an exploit doesn't exist now doesn't mean there can't/won't be. Also, not all exploits are /well/ known.
A good admin for a unix box should always:
- Minimize his/her exposure to possible exploits
- Maximize security of passwords and logins
- Limit access to those who have access to login
- Maximize security of how logins are allowed remotely (not using normal SSH credentials, encryption, etc etc)
- Ensuring any personal data is protected
- Always ensuring data is backed up if worst case scenario of being compromised happens (generally off machine)
Yeah it's easy to just run everything as root because then you don't have to worry about going through and changing permissions, etc etc... yeah, you can change up your firewall security. Yes you can run a VERY tight ship and the likelihood is minimal.
BUT
Being egotistical that your unix box is the best out there and you are impenetrable is self denial. If worst case scenario should an exploit target that one particular issue with your security, you'll be asking yourself "Why didn't I just do it the right way in the first place?"
Some tips for new users to unix:
- Setting your SSH port to something not of the norm reduces threat to random scans by known bots. If someone seriously wants to see if you're still open to SSH and are malicious they still may find out, but you're now ruling out the norm. Also, if you use SSH, resist allowing to login via ssh as root. It is FAR MORE secure to require yourself to su to root once you are logged in. This means not only would an attack have to guess the account you can ssh in with, but once in, would have limited permissions unless they could su to root anyway, which means they would then have to guess that as well.
- Firewall rules are nice. As hexx has noted, this only protects you from the things not in use. Specific programs having access to the outside world can still be targeted for exploits. Just because there is NOT an exploit now does not mean there CANNOT be one later. How are you running it? Is it privileged? Just ask this simple question: "If I gave this privileged access to someone who hated me, what could they do with it?" Answer that and find a reason to limit that if at all possible.
To add note to that, you don't need ICMP, turn it off, also helps with people looking for alive machines. Script kiddies are script kiddies, but limiting what can be seen is always good. Doesn't make you invisible, but it's just another precaution.
- Strong passwords are key. Authentication is also important. Do you have SSH on your machine? Setup GOOD authentication. use GOOD habits, limit login attempts, default credentials aren't always the best.
These are only basics. But starting with the basics of GOOD HABITS of protecting yourself and your users is a great place to start. Don't be lazy, lazy security is how we forget things and how things slip through on security.
Last but not least:
- None of us are perfect admins... never assume it. Always think of new ways to better your security.