Hi there good folks, NVME burners.
I was a full windows person until 2 days ago I decided to jump into headless ubuntu server cli and started plotting using swar plotting manager there, so far there has been lots to learn and while there were problems that required me to reinstall ubuntu and changed my graphic card cable from vga to hdmi, all other things were very interesting to learn.
One very interesting give up moment is when I tried to copy and paste my public keys from nano to Swar’s config.yaml only to find out that there’s no global clipboard built in onto ubuntu server, so I found this program called xclip, but I haven’t been able to use it, then I gave up and just use a mac terminal to copy and paste the keys via ssh…
Now, my full node is on a windows machine currently, and as I mentioned on the title, I’m planning to move the full node to an Ubuntu server, mostly because it seemed more “stable” than windows, at least that’s what I experienced when plotting on it, the windows plotter restarts randomly but the same machine using ubuntu server just ran flawlessly for a few days.
Now, as moving a full node from windows to ubuntu server is a pretty huge leap at least for me, so far what I’ve learned is only how to move the /db and /wallet/db main *.sqlite files (the big ones) - hopefully these are correct things to do as well because I haven’t tested it yet
My current concern is security, as I know that using linux is only as strong as the hardening done to it.
If you’re interested in the network topology I’m planning to do it’s here
Or if you’d rather just see the network topology image without clicking the forum post, please see here
Now, I’ve found some good advice on reddit regarding on what to do, but one of this raise concerns of their own.
Some fun things to lean and keep you safe…
+++Implement passworldless login and disable root login. +++
+++Change your user name to something obscure like ILoveTo3atB4con (while not being the most secure it makes you feel cool) +++
+++use Fail2ban set it up to perma ban after 1 try, you are using password less login right++++
+++ set up Mac and IP filtering(low priority)+++
+++Use port filtering on your router+++
++++++setup Vlans++++ please do this if your router supports it please I beg you put any computer that is open and forward facing the internet on a vlan that is not on a computer that you use daily ++++
I think I know how to do the first 2 since I’ve had experiences setting up RSA keys accessing a cloud VPS before.
I might be able to search on how to use Fail2ban, MAC and IP Filtering.
Port filtering I’m not very sure since my ISP tend to make it hard for me to edit router settings.
Using VLAN :
Now other than the fact that I have never knew about VLAN before I read the good person’s comment, I’m also not sure whether I can still use the same network topology on my full node if I do.
- Does using VLAN involve changing settings on my router?
- Can I copy my plots over from my plotters on an offline network to the full node on VLAN? Will it be super slower since I’m using a 1GbE interface?
- Should I just put all the plotters on VLAN as well?
- Is there anything else that I can do to maybe increase the security hardening for my full node without having to do a technical backflip?
On another note.
- My internal IP is 10.233.10.xxx using 255.255.255.0 as netmask worked in windows but when I installed ubuntu server it won’t let me use 255.255.255.0/24 and I had to use DHCP for it, hopefully I can resolve the issue with the 2 lan cards
- If the Ubuntu server machine has got 2 internal IP address, which one do I ssh into with my new cool username?
If anyone’s still interested, these are my current to do list on my linux journey, not in order of importance.
Please do let me know if anything below is something wrong to do :
- Setup fdisk for auto mounting on start
- Setup fdisk for auto mounting network drives, use either smb (samba) or NFS
- learn linux file sharing with samba or NFS
- learn automatic rsync to detect plot files and copy over network then delete the source file
- learn to set static IP on linux and find the netmask for both ethernet cards
- learn to run whole full node on ubuntu server
- secure way to send ca folder to linux machine
- learn to use cron tab / job to do fstrim more frequently on the plotters
- how to start all the process necessary if full node restarts for any reason
Thanks in advance, advanced people.