Secure Meshcentral server on Vultr
-
@pmoncho said in Secure Meshcentral server on Vultr:
I went the LTS route as I used Vultr's image and its what I know at the moment. No other reason.
What do you mean? You have to intentionally select one of the older versions on Vultr to not be up to date. The top choice is, and has been basically since release day, the current version. They always OFFER out of date versions for people who desire or require that, but they don't promote them in any way.
-
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Isn't Ubuntu's firewall on by default? Maybe not. But still, it doesn't make any difference if your services are not running.
It's just extra work and complication to troubleshoot, IMHO.
-
@scottalanmiller said in Secure Meshcentral server on Vultr:
Isn't Ubuntu's firewall on by default?
UFW is not installed or enabled by default.
But it just manages iptables, and that is active I believe. but minimally. SSH works without letting anything through. prior to enabling UFW.
-
@JaredBusch said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
Isn't Ubuntu's firewall on by default?
UFW is not installed or enabled by default.
But it just manages iptables, and that is active I believe. but minimally. SSH works without letting anything through. prior to enabling UFW.
Oh, that makes more sense. Firewall is on, firewall manager is absent.
-
@scottalanmiller said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
I went the LTS route as I used Vultr's image and its what I know at the moment. No other reason.
What do you mean? You have to intentionally select one of the older versions on Vultr to not be up to date. The top choice is, and has been basically since release day, the current version. They always OFFER out of date versions for people who desire or require that, but they don't promote them in any way.
I missed that. I was just "blinded" once I saw the 18.04. Habit apparently. Really have to stop that.
As for the FW, I didn't know if it was on, off or otherwise so I just set it up. For this single instance, management is not a factor.
@JaredBusch
Thanks for the confirmation on the FW and SSH. Will take that knowledge forward. -
@pmoncho said in Secure Meshcentral server on Vultr:
I missed that. I was just "blinded" once I saw the 18.04. Habit apparently. Really have to stop that.
That's what I suspect happens throughout the Ubuntu ecosystem. Somehow they've managed to get "go old" as a habit and everyone just does it and never thinks about the ramifications or what a good default choice is and automatically goes to one that is less ideal.
-
@pmoncho said in Secure Meshcentral server on Vultr:
@JaredBusch
Thanks for the confirmation on the FW and SSH. Will take that knowledge forward.As soon as you enable UFW, you will lose SSH access unless you allow it first.
ufw allow in ssh ufw enable -
@scottalanmiller said in Secure Meshcentral server on Vultr:
@JaredBusch said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
Isn't Ubuntu's firewall on by default?
UFW is not installed or enabled by default.
But it just manages iptables, and that is active I believe. but minimally. SSH works without letting anything through. prior to enabling UFW.
Oh, that makes more sense. Firewall is on, firewall manager is absent.
UFW is installed by default on Ubuntu but it is not enabled by default. So yeah @JaredBusch said it right
-
@dbeato said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
@JaredBusch said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
Isn't Ubuntu's firewall on by default?
UFW is not installed or enabled by default.
But it just manages iptables, and that is active I believe. but minimally. SSH works without letting anything through. prior to enabling UFW.
Oh, that makes more sense. Firewall is on, firewall manager is absent.
UFW is installed by default on Ubuntu but it is not enabled by default. So yeah @JaredBusch said it right
He said it was not installed.
-
@scottalanmiller said in Secure Meshcentral server on Vultr:
@dbeato said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
@JaredBusch said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
Isn't Ubuntu's firewall on by default?
UFW is not installed or enabled by default.
But it just manages iptables, and that is active I believe. but minimally. SSH works without letting anything through. prior to enabling UFW.
Oh, that makes more sense. Firewall is on, firewall manager is absent.
UFW is installed by default on Ubuntu but it is not enabled by default. So yeah @JaredBusch said it right
He said it was not installed.
Well that part...
-
@scottalanmiller said in Secure Meshcentral server on Vultr:
@dbeato said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
@JaredBusch said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
Isn't Ubuntu's firewall on by default?
UFW is not installed or enabled by default.
But it just manages iptables, and that is active I believe. but minimally. SSH works without letting anything through. prior to enabling UFW.
Oh, that makes more sense. Firewall is on, firewall manager is absent.
UFW is installed by default on Ubuntu but it is not enabled by default. So yeah @JaredBusch said it right
He said it was not installed.
I donβt use Ubuntu. I have no idea wtf it does.
I believe that the Debian image on vultr does not have it pre-installed. But I would have to verify.
-
@JaredBusch said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
@dbeato said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
@JaredBusch said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
Isn't Ubuntu's firewall on by default?
UFW is not installed or enabled by default.
But it just manages iptables, and that is active I believe. but minimally. SSH works without letting anything through. prior to enabling UFW.
Oh, that makes more sense. Firewall is on, firewall manager is absent.
UFW is installed by default on Ubuntu but it is not enabled by default. So yeah @JaredBusch said it right
He said it was not installed.
I donβt use Ubuntu. I have no idea wtf it does.
I believe that the Debian image on vultr does not have it pre-installed. But I would have to verify.
Debian doesn't come with it so yeah that is right.
-
Upgraded from 18.04.2 LTS to current. Accepted default answers for individuals packages during upgrade.
Had issue with MC and the meshcentral-data/meshcentral.db getting set with root:root perms and this caused a few errors with starting MC from meshcentral.service
Changed perms to back to <user>:<user> and all is well. Don't know what would change those perms though? Either way, all is well now.
