✓ Solved

Securing the Linode before Azuracast deployment

I watched your video on Youtube w/ Buster Neece on set-up w/ Linode and then choosing Azuracast to set up my station (btw, Linode makes it really easy to set-up a server and Azuracast. That's in-and-of itself is pretty cool). However, there's some things I've seen on some other videos about locking down or securing your Linode, and some say it's got to be done 'before' app deployment, such as 1) SSH key generation and installation, 2) creating a sudo admin so that you can disable root login. Now, I saw this other app to deploy in Linode marketplace called "Secure Your Server". Should I uninstall Azuracast, and set-up and deploy that one first, and install Azuracast afterwards? "Secure Your Server" seems like a pretty neat automated securing tool. I'm not sure what I can and cannot do using only Linode dashboard's LISH Console (as opposed to using putty, command prompt, or powershell). What are the limitations of using LISH Console, as opposed to using any other console?

3 Replies

✓ Best Answer

LISH (Linode Shell) Console itself is pretty cool in-that it simulates a serial-cable connection to your Linode. It functions nearly identically to any other terminal/CLI program except that you can use LISH to connect in instances when the Linode has lost networking capabilities. I personally use VSCode to connect to my Linodes since it adds additional visual components, but otherwise I generally only rely on LISH (versus SSH/putty) if I brick my networking somehow.

It's been a little while since I've done a deep dive into what exactly the AzuraCast installation script actually does, but at the end of the day, our Marketplace deployment runs AzuraCast as a Docker container. As such, I would recommend allowing the Marketplace deployment to fully provision before performing any of the normal security/setup that you want to do.

Since AzuraCast is containerized, you would only feasibly disrupt its process if you enable a firewall that blocks ports used by the web UI or individual stations. From my experience trying to deploy AzuraCast on its own, I would recommend manually securing an AzuraCast instance instead of attempting to install AzuraCast on a secured Linode.

Thank you Jhartman, what you describe above makes sense, being it's a docker/container install and port sensitive. Nevertheless, just to see and experiment (out of curiousity) I went ahead and deleted everything, then set-up and deployed "Secure Your Server" first with only 'basic' parameters, and afterwards, I then installed Azuracast. I'm happy to report that this seemed to work out okay, no unusual problems to report. I did "not" do any of the advanced options (like firewall or anything like that). I know I could attempt to do them later in LISH.

All that being said, I'm just playing-around-with and experimenting right now. I agree with everything you said above, and …I probably will go back to-the-beginning and delete the Security app, reinstall Azuracast, and secure it normally thru commands using LISH. In the meantime though, I'm going to try to inquire w/ Azuracast/Buster Neece if "Secure My Server" basic settings would interfere with anything at all in it's installation. I'm hoping (crossing my fingers) that it doesn't.

I know that there is no substitute for going thru and doing all these securing steps 'directly' in command-prompt. It's the most certain and direct method, and everyone needs to learn and be able to do it. However, If setting-up and deploying the "Secure Your Server" app/node w/ it's basic security settings makes things easier across-the-board (what I believe it was intended to do), it would just make sense for people to use it. It seems like it should be the very first app-deployment/node we set up with our new Linode acct. For others (like myself) who are not Linux command prompt experienced, it could help make their Azuracast deployment easier and slightly more secure right off-the-bat, without having to run thru some important known basic security steps later in LISH.

Can I ask a question? Academic comrades, the struggle is real when it comes to managing coursework and deadlines. That's why I want to share my discovery – to write my essay for me at https://boomessays.com/ BoomEssays. Their professional writing assistance, delivered by experienced writers, is a breath of fresh air for overwhelmed students. Say goodbye to stress and hello to academic success with BoomEssays.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct