Interesting... did you try to ssh into the new port as well? Confirm that sshd_config still includes the change and isn't commented out or something.

FYI, When you change a config file it is not necessary (practically ever) to reboot the whole server, just restart the daemon with service restart sshd or /etc/init.d/ssh restart.

Cheers IML,

I am now getting to the point of just wanting to pay someone to sort this thing out for me...

Anyone interested drop me a line. Cheers

_________________
enjoying meeting interesting people, completely abjectly ignorant about coding, but still loving Linux

I have a different approach for you.

Throw up a blank copy of either CentOS 5 or Ubuntu 10.04.

wget http://software.virtualmin.com/gpl/scripts/install.sh
chmod +x install.sh
./install.sh

That should set webmin/apache/mysql and such up for you automatically.

Hi KHobbits,

Thanks for taking the time to suggest this, I appreciate it.

I have laboured to achieve a pretty simple task, viz close down root access, and close down easy port access.

To the best of my knowledge I have achieved this...

Now I am slightly confused though...

How do I do a Yum Update if I can't access root?

Do I do a sudo command?

--------

Regarding the coding you have given me, is this a safe way to proceed?
(Sorry, I am a security retentive.)

I am not quite sure what "throwing up a blank copy of Centos" means...
(sorry, this is all new territory to me)

Once I do what you suggest, will I be working in a GUI for any further tasks?

Thanks
Marcus

_________________
enjoying meeting interesting people, completely abjectly ignorant about coding, but still loving Linux

The method I explained works best on a blank install of an os. IE it is best you run it on a system before doing any further configuration.

Depending on the scale of a web panel and how much functionality you want available, it is usually best to be cautious with how you configure a system. Most web panels will begin to fall over if you change settings which they rely on. In fact it could become a security concern if the webpanel makes changes to one config file that would usually be fine but because you modified another, it ends up creating hole.

Webmin is a free control panel that was designed to provide easy administration of services and config files. On its own webmin isn't very useful to anyone other than the server maintainers. Virtualmin GPL is the free version of a commercial product developed by the same guy who maintains webmin. It is a alongside product which extends the interface to allow people to maintain domain settings. It is useful in a shared user or multiple domain environment because it draws walls between virtual hosts. It makes it possible for users to edit their own apache configs, and for domains to stand separate and more secure from cross site attacks.

The install script steps I posted earlier are that of the recommended method to install both virtualmin and webmin. The script installs these packages along with everything needed to create this type of service.

Personally I still use the CLI quite often when working on a virtualmin machine, I just generally avoid editing files I know virtualmin edits itself.



If you disable root, you will need to do most commands through sudo, there are usually a few tricks to get back to root even if its disabled by using "sudo su" or "sudo -i".

Cheers KH,

I will run with it....


Incidentally, since installing my Linode, (and doing nothing on it), I have 1 surge and 1 block in the top and bottom graphs, and the middle Graph is a green and blue forest -

Is that normal?

Cheers

_________________
enjoying meeting interesting people, completely abjectly ignorant about coding, but still loving Linux

Btw,

I have done what you say..I type in <sudo su> and get a message about
great power and great responsiblity.

I then put in my root password....but it won't give me access.....

is this normal?

_________________
enjoying meeting interesting people, completely abjectly ignorant about coding, but still loving Linux

sudo requires the password of the user who is executing it, not the password for root. You can configure sudo to assign different powers to different users and nobody needs to become root.

_________________
/ Peter

thanks Peter...

all help greatly appreciated!

_________________
enjoying meeting interesting people, completely abjectly ignorant about coding, but still loving Linux

[*****@li888-88 ~]$ sudo su
[sudo] password for *****:
***** is not in the sudoers file. This incident will be reported.
[*****@li888-88 ~]$

I am wondering what stupidity have I committed here.......

_________________
enjoying meeting interesting people, completely abjectly ignorant about coding, but still loving Linux

You need to add a line like this to the /etc/sudoers file:

yourusername ALL=(ALL) ALL

This example enables the user 'yourusername' to execute all commands as any user. You need to edit the file as root using the visudo command. Check the sudoers man page for more control options.

_________________
/ Peter

Unless you give a user sudo access, you will have quite a hard time doing anything without a root user!

Assuming you haven't locked yourself out of the root account completely, you could use 'su' on its own to try switching to it.
Failing that, you could try logging into your linode using lish (the ssh console in the account panel). Even if you disabled root for ssh, console usually still has access.
If you still can't get anywhere, the linode panel lets you reset your root password through its web panel.
And finally, linode has a recovery image you can mount which lets you modify the linode from it, without actually booting it, although by this point its usually easier to start from scratch .


Edit: about the spikes...
The linode graphs try to use the best scale to represent the amount of data/cpu/io your using. Your linode can use up to 400% cpu (4 cores), yet if you never go above 5% you will generally get a graph showing quite a bit of fluctuation between 2-4%. So seeing alot of spikes or large blocks isn't bad. As long as your not constantly burning through resources at a rate that would pass your cap or be unfair it isn't a problem.

(A Linode 512 host has at most 40 other hosts. A linode host has 8 cores. 800/40 = 20. If your averaging over 20% CPU usage your eating up more than your fair share :p)

Hey Pclissold,

I tried visudo /etc/sudoers and it drew a blank (bash command not found)

so I went in with Nano,
and stuck the code you suggest in the file, (at the end)

Cheers

_________________
enjoying meeting interesting people, completely abjectly ignorant about coding, but still loving Linux

Otherwise...KH.. I did the Virtualmin, with some success, except:


|WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.96.5 Recommended version: 0.97
/WARNING: getfile: daily-12341.cdiff not found on remote server (IP: 193.1.193.64)
WARNING: getpatch: Can't download daily-12341.cdiff from database.clamav.net
WARNING: getfile: daily-12341.cdiff not found on remote server (IP: 163.1.3.
WARNING: getpatch: Can't download daily-12341.cdiff from database.clamav.net
WARNING: getfile: daily-12341.cdiff not found on remote server (IP: 217.135.32.99)
WARNING: getpatch: Can't download daily-12341.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
\WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 58, recommended = 60
\Enabling quotas on filesystem for /home

_________________
enjoying meeting interesting people, completely abjectly ignorant about coding, but still loving Linux

Re the Virtualmin install.

KH,

Now I have completed the install, I go to

https://***.**.***.**:10000

and get a red warning page telling me not to proceed because of a possible interception.

Alternatively if I try
https://***.**.***.**: port number>

I get 'this webpage is not available'.

er......lost as usual





P.s. what is Cloudmin....is it relevant?

_________________
enjoying meeting interesting people, completely abjectly ignorant about coding, but still loving Linux