Interest in working on an EC2 guide?

[Matthew <ad...@tutoringondemand.com.au>]

Is anybody interested in collaborating on an EC2 install guide based on 
Stephen Cottham's 22/01/2013 Ubuntu 12.10 headless guide? I've got it 
running, but as I've never administered a server before the learning 
curve was quite steep.

I have worked out all the necessary modifications to the guide up to 
step 12 (encryption), as well as a quick guide to securely administering 
using AWS. What I really need help on is securing the server itself - 
iptables, fail2ban, chkrootkit, etc. I haven't been able to find any 
info on configuring reasonable security on an Openmeetings install.

My thinking is to eventually publish an unofficial AMI, lowering the 
barrier of getting a server up and running, and perhaps increasing the 
number of people discovering client side bugs and quirks to be fixed. 
Maybe not what is desired at his stage of development? :)

I have the time to test and update the guide for each major update.

Re: Interest in working on an EC2 guide?

[Matthew <ad...@tutoringondemand.com.au>]

Yes, I want to lock down as much as possible in addition to the EC2 
firewall. I don't need clustering for my use case.

Dev tool removal was on my list of things to ask about :) Is ANT the 
only one that needs removal?

I'll do a basic adaption of your guide for EC2 if anyone is interested. 
There are not many changes needed, but it could save someone some time.


On 22/02/13 04:42, Stephen Cottham wrote:
> Hi Matthew,
>
> I'm assuming that you are not relying on the EC2 firewall and want to
> lock down the server to be stealth apart from the required ports needed
> for OM?
>
> Are you planning on clustering multiple instances and having S3 as your
> shared data repository?
>   
> The tools you will need to do this are not specific to OM it will be the
> same for any public facing service, Google has many hits for hardening a
> *nix server, if you followed the guide on the wiki then you will already
> have a bare minimum system installed and locking the server down
> wouldn't be too much of a task. (actually you should probably remove the
> build tools)
>
> If the goal is to have a secure instance then you really need to get
> RTMPS and HTTPS completed too. (Step 12)
>
> I've not used EC2 but was planning on building a dev Private Cloud on
> Eucalyptus and testing out similar options (time permitting of course)
>
> I can assist with parts but don't have massive amounts of time at the
> moment.
>
> Best Regards
>
>
>
>
> Stephen Cottham
> Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia
> Phone: +6173 319 2777 (AUS)
> Phone: +44207 633 2880 (UK)
> Fax: +6173 319 2799
>   
> Mobile:  +61400 756 963 (AUS)
> Mobile:  +447900 918 616 (UK)
> Web: www.robertbird.com
>
>
> This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
>
> Disclaimer added by CodeTwo Exchange Rules	
> http://www.codetwo.com	
>
> -----Original Message-----
> From: Matthew [mailto:admin@tutoringondemand.com.au]
> Sent: 21 February 2013 17:05
> To: user@openmeetings.apache.org
> Subject: Interest in working on an EC2 guide?
>
> Is anybody interested in collaborating on an EC2 install guide based on
> Stephen Cottham's 22/01/2013 Ubuntu 12.10 headless guide? I've got it
> running, but as I've never administered a server before the learning
> curve was quite steep.
>
> I have worked out all the necessary modifications to the guide up to
> step 12 (encryption), as well as a quick guide to securely administering
> using AWS. What I really need help on is securing the server itself -
> iptables, fail2ban, chkrootkit, etc. I haven't been able to find any
> info on configuring reasonable security on an Openmeetings install.
>
> My thinking is to eventually publish an unofficial AMI, lowering the
> barrier of getting a server up and running, and perhaps increasing the
> number of people discovering client side bugs and quirks to be fixed.
> Maybe not what is desired at his stage of development? :)
>
> I have the time to test and update the guide for each major update.
>
>

RE: Interest in working on an EC2 guide?

[Stephen Cottham <St...@robertbird.com.au>]

Hi Matthew,

I'm assuming that you are not relying on the EC2 firewall and want to
lock down the server to be stealth apart from the required ports needed
for OM?

Are you planning on clustering multiple instances and having S3 as your
shared data repository?
 
The tools you will need to do this are not specific to OM it will be the
same for any public facing service, Google has many hits for hardening a
*nix server, if you followed the guide on the wiki then you will already
have a bare minimum system installed and locking the server down
wouldn't be too much of a task. (actually you should probably remove the
build tools)

If the goal is to have a secure instance then you really need to get
RTMPS and HTTPS completed too. (Step 12)

I've not used EC2 but was planning on building a dev Private Cloud on
Eucalyptus and testing out similar options (time permitting of course)

I can assist with parts but don't have massive amounts of time at the
moment.

Best Regards




Stephen Cottham
Group IT Manager (Associate)

Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
 
Mobile:  +61400 756 963 (AUS)
Mobile:  +447900 918 616 (UK)
Web: www.robertbird.com


This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses. 

Disclaimer added by CodeTwo Exchange Rules	
http://www.codetwo.com	

-----Original Message-----
From: Matthew [mailto:admin@tutoringondemand.com.au] 
Sent: 21 February 2013 17:05
To: user@openmeetings.apache.org
Subject: Interest in working on an EC2 guide?

Is anybody interested in collaborating on an EC2 install guide based on
Stephen Cottham's 22/01/2013 Ubuntu 12.10 headless guide? I've got it
running, but as I've never administered a server before the learning
curve was quite steep.

I have worked out all the necessary modifications to the guide up to
step 12 (encryption), as well as a quick guide to securely administering
using AWS. What I really need help on is securing the server itself -
iptables, fail2ban, chkrootkit, etc. I haven't been able to find any
info on configuring reasonable security on an Openmeetings install.

My thinking is to eventually publish an unofficial AMI, lowering the
barrier of getting a server up and running, and perhaps increasing the
number of people discovering client side bugs and quirks to be fixed. 
Maybe not what is desired at his stage of development? :)

I have the time to test and update the guide for each major update.