SRCDS hardening

Ask questions about dedicated servers here and we and other users will do our best to answer them. Please also refer to the self-help section for tutorials and answers to the most commonly asked questions.
Post Reply
Larsen
New to forums
New to forums
Posts: 11
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Mon Dec 05, 2011 11:01 am

SRCDS hardening

Post by Larsen »

So, I've always wanted to do the first thing listed on this page: http://wiki.alliedmods.net/SRCDS_Hardening.

I am referring to this:
File Permissions

If you are running your own server (not renting one from a GSP), there are some things you can do to prevent many of the more malicious exploits. The basic theory here is to give srcds as little access to the machine as possible. It only needs write access to the following directories:

* downloads/
* cache/
* addons/sourcemod/gamedata/
* addons/sourcemod/data/
* addons/sourcemod/logs/
* logs/
I'm running my VDS from the default admin account. How exactly should I go about editing these folders' permissions? Do I just literally right-click on them, go into to properties > security and select write for system? Or administrators? Is it write only? What's the difference between read and read & execute?

And how do I put the rcon password into the command line? I was told taking it out of the server.cfg and putting it here was the most secure way of defining it so no one could download the password/hack it.
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: SRCDS hardening

Post by Edge100x »

The first thing you'll need to do is to create a new user for your server, then start running it under that user. After you do this, you can modify the permissions on various folders to remove its write privileges.

You could put the rcon password on your command line with the "+rcon_password whateveritis". Any server cvar can be put onto the command line in a similar way.
Larsen
New to forums
New to forums
Posts: 11
Joined: Mon Dec 05, 2011 11:01 am

Re: SRCDS hardening

Post by Larsen »

The first thing you'll need to do is to create a new user for your server, then start running it under that user. After you do this, you can modify the permissions on various folders to remove its write privileges.

You could put the rcon password on your command line with the "+rcon_password whateveritis". Any server cvar can be put onto the command line in a similar way.
Thanks man, I appreciate it. Do I need to restrict any kind of privileges for the new user, or is merely creating a secondary account sufficient?

---------

So one of my VDS' IP's is covering up the other ones on Steam. We got three DODS servers, and the first two IP's work fine. When I put the third one up, and someone joins that IP, but then leaves and joins the first IP, if you click on his/her name on Steam friends and look at 'game info' it still displays the third server's IP and info.

It appears something is wrong with my srcds installation. Granted I don't remember, but I'm sure I built this one off of an amalgam of the first two server's pieces, so something must be covering itself up or overshadowing or replicating the first server's IP.

Anyone ever hear of this before? Is there a cfg or text file I need to fix?
User avatar
TimeX
Staff
Staff
Posts: 1730
Joined: Thu Jul 22, 2004 12:24 am
Location: Big Bear, CA

Re: SRCDS hardening

Post by TimeX »

That almost sounds like a glitch on Steam's end. Does it continue to show the wrong information for the player, or does it correct itself eventually?
TimeX
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: SRCDS hardening

Post by Edge100x »

Thanks man, I appreciate it. Do I need to restrict any kind of privileges for the new user, or is merely creating a secondary account sufficient?
Just putting it under a non-administrator user will be a big security improvement. The default setup has regular users unable to access system files, sensitive memory, and so on. You could restrict individual folder separately as need be.
So one of my VDS' IP's is covering up the other ones on Steam. We got three DODS servers, and the first two IP's work fine. When I put the third one up, and someone joins that IP, but then leaves and joins the first IP, if you click on his/her name on Steam friends and look at 'game info' it still displays the third server's IP and info.

It appears something is wrong with my srcds installation. Granted I don't remember, but I'm sure I built this one off of an amalgam of the first two server's pieces, so something must be covering itself up or overshadowing or replicating the first server's IP.

Anyone ever hear of this before? Is there a cfg or text file I need to fix?
What are the command lines for all of the servers? Does the command "netstat -ano" show each process running on the IP and port that it should be?
Post Reply