Guide The Linux Series! [PART 1]

[Trance]

Description

This topic is part of a multi-part series. We'll try to get everything straight to the point in this guide, without unnecessary over-explanation.

PART 1 [THIS GUIDE]

• Work faster with a better terminal emulator.
• Use a better editor.
• Basic L2J server setup.
• Manage and secure your MySQL server. [!]

 

PART 2 [CLICK HERE]

• Secure your Linux server.
• Tuning system profiles. [!]
• Network performance tuning. [!]
• How to build and manage a firewall using iptables and conntrack - simplified version. [!]

 

PART 3 [CLICK HERE]

• Understanding and managing the OVH Firewall. [!]
• How to build and manage a firewall using iptables, conntrack, ipset and synproxy - advanced version. [!]
• Mitigating most of the DDoS attacks. [!]

Linux Distro

 

In this guide, we will choose the Red Hat distribution, CentOS 8 more precisely. There shouldn't be too much difference between the versions for our purpose.
 

Terminal Emulator

F@$% Putty. It is not making your life easier!
We should instead use a client with more features, such as password saving and macros.
I strongly recommend you MobaXterm, you can record, edit and run macros (among other awesome features). The free version has some minor limitations, but the pro version doesn't and the license is lifetime - this is the one I got. I own a portable version with a master password for security.
 

Pre-Installation

 

In all our commands we will use -y with our CLI commands, so we skip the yes/no confirmation. We'll use the package managers yum and dnf. Most of our commands will include sudo (running on the highest privilege). We could use sudo su to login as super-user instead.

It is very important to get all the updates first:

 

sudo yum update -y

 

Installation

 

Starting with the following packages:

apel-release is an Extra Packages for Enterprise Linux;
screen is only useful if you run AAC in screen mode;
nano is my favorite editor;
tcpdump is a data network packet analyzer - we will use it to capture network packets for analysis - very useful if you are under attack and want to know what and how.

 

sudo yum install epel-release -y
sudo yum install screen -y
sudo yum install nano -y
sudo yum install tcpdump -y

 

Use A Better Editor

 

Nano is easier and quicker!

You can open a file like any other editor:

 

nano <directory and filename>

Saving is quite simple which is why I like it:

CTRL+X -> Y -> ENTER to save
CTRL+X -> N -> ENTER not to save
 

Java

We'll use wget to get the java from the web:

 

sudo dnf install wget -y
wget https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.rpm
sudo rpm -i jdk-19_linux-x64_bin.rpm

 

MariaDb

Installation:

 

sudo yum install mariadb-server -y
sudo systemctl start mariadb
sudo systemctl enable mariadb

Start the configuration:

 

sudo mysql_secure_installation

 

Configuring the MariaDb

Important Rules

 

1. Do NOT use root for remote access. [!]
2. Create a db user for every purpose. [!]
3. Never allow a user from all IPs. [!]
4. In addition to the MySQL IP permission, do the same on the firewall side. [!]

MariaDB's config file on CentOS 8 so you can allow remote access:

 

nano /etc/my.cnf.d/mariadb-server.cnf

Enter MySQL as root:

 

mysql -u root -p

 Database creation:

 

CREATE DATABASE login;
CREATE DATABASE game;

User creation:

1. We can start by creating the local user for the login and game servers; only accessed by the machine itself on localhost.
Db username: localuser
Db password: localpassword

 

CREATE USER 'localuser'@'localhost' IDENTIFIED BY 'localpassword';
GRANT ALL ON *.* to 'localuser'@'localhost' IDENTIFIED BY 'localpassword' WITH GRANT OPTION;
FLUSH PRIVILEGES;

2. We create a remote user, so you can access it from your own computer.
Db username: trance
Db password: changemelater123
Trance's VPN or HOME IP (if static): 51.10.10.10

 

CREATE USER 'trance'@'localhost' IDENTIFIED BY 'changemelater123';
GRANT ALL ON *.* to 'trance'@'51.10.10.10' IDENTIFIED BY 'changemelater123' WITH GRANT OPTION;
FLUSH PRIVILEGES;

3. We create a web user, for your Account Panel.
Db username: ucp
Db password: changemelater456
Webhost's IP: 51.11.11.11

 

CREATE USER 'ucp'@'localhost' IDENTIFIED BY 'changemelater456';
GRANT ALL ON login.* to 'ucp'@'51.11.11.11' IDENTIFIED BY 'changemelater456' WITH GRANT OPTION;
FLUSH PRIVILEGES;

 

Tips and tricks:

 

*.* goes like <database name>.<tables access>
IP allowance: We can allow a whole network like: 'trance'@'51.10.%.%'

Db user limit example:
 

 Enter MySQL as root:

 

mysql -u root -p

 

And then:

 

GRANT ALL ON login.* TO 'ucp'@'51.11.11.11'
WITH MAX_QUERIES_PER_HOUR 500
MAX_UPDATES_PER_HOUR 50
MAX_CONNECTIONS_PER_HOUR 50
MAX_USER_CONNECTIONS 5;
FLUSH PRIVILEGES;

See db users and delete any if needed:
 

Enter MySQL as root:

 

mysql -u root -p

See all db users:

 

SELECT User,Host FROM mysql.user;

Delete a user example:

 

DROP USER 'ucp'@'51.11.11.11';
FLUSH PRIVILEGES;

Login and Game Servers

Login and Game Servers privilege to run the .sh files:

Hypothetically we have the Login and Game servers directory as follows:

• server/login
• server/game

 

We only need to do this once if the files are not going to be replaced:

 

cd server/login/
chmod +x LoginServer.sh LoginServerTask.sh
cd ~
cd server/game/
chmod +x GameServer.sh GameServerTask.sh

Run the Login and Game servers and then see the Game server console:

 

cd server/login/
./LoginServer.sh
cd ~
cd server/game/
./GameServer.sh
-f log/stdout.log

Reboot the OS

 

reboot

 

Credits

Give me credits if you share it anywhere else, including my Discord and MxC topic's URL.
Discord: Trance#0694

 

Edited March 2, 2023 by Trance

[TreVor]

good guide !

[Nightw0lf]

its almost same for debian/ubuntu distribution that i use for servers, this is common knowledge for old people.

 

you must have lots of free time to make all this guides gj, this is actually a basic setup l2j server into linux distribution

['Baggos']

@TranceThanks for guide this about linux setup.

I've a question.. Why should/choose to use linux instead of windows?

Linux has a reputation for being fast ok, but what's the real benefits for my server?

 

[Trance]

On 1/26/2023 at 3:46 PM, 'Baggos' said:

@TranceThanks for guide this about linux setup.

I've a question.. Why should/choose to use linux instead of windows?

Linux has a reputation for being fast ok, but what's the real benefits for my server?

 

We'll cover more in the next parts of this series.

Stability/Uptime - Linux is more reliable. Windows becomes slow over time, it needs to be rebooted more often than Linux.

Drivers - Windows drivers are mediocre. Your NIC (Network Interface) will even be taken down if some weird thing happens that it doesn't like.
 

Resources - how resources can be used and modified through the kernel is at a high level.

Security - it can be much safer.

Networking/Firewall - you can block unwanted traffic, allow desired traffic, redirect packets to alternate TCP/UDP ports, redirect packets to alternate IP addresses, protect against Denial of Service attacks. You can't do most of this on Windows.

Edited January 27, 2023 by Trance

[Celestine]

Pinned great guide thanks for this @Trance

[xPeNaChO]

Thank you Mr.Gold!
Finally someone decided to share something a little more "elaborate". Probably some people won't like that you share the secrets behind the "fine-tune" as your list promises. "Waiting for the next chapters ".

[Nightw0lf]

6 hours ago, 'Baggos' said:

@TranceThanks for guide this about linux setup.

I've a question.. Why should/choose to use linux instead of windows?

Linux has a reputation for being fast ok, but what's the real benefits for my server?

 

to topup in trances reply i know some servers in linux with uptime 2 and 3 years no reboot

[NguyenNguyen]

On 1/27/2023 at 1:40 AM, Trance said:

Description

This topic is part of a multi-part series. We'll try to get everything straight to the point in this guide, without unnecessary over-explanation.

PART 1 [THIS GUIDE]

• Work faster with a better terminal emulator.
• Use a better editor.
• Basic L2J server setup.
• Manage and secure your MySQL server. [!]

 

PART 2 [CLICK HERE]

• Secure your Linux server.
• Tuning system profiles. [!]
• Network performance tuning. [!]
• How to build and manage a firewall using iptables and conntrack - simplified version. [!]

 

PART 3 [CLICK HERE]

• Understanding and managing the OVH Firewall. [!]
• How to build and manage a firewall using iptables, conntrack, ipset and synproxy - advanced version. [!]
• Mitigating most of the DDoS attacks. [!]

Linux Distro

 

In this guide, we will choose the Red Hat distribution, CentOS 8 more precisely. There shouldn't be too much difference between the versions for our purpose.
 

Terminal Emulator

F@$% Putty. It is not making your life easier!
We should instead use a client with more features, such as password saving and macros.
I strongly recommend you MobaXterm, you can record, edit and run macros (among other awesome features). The free version has some minor limitations, but the pro version doesn't and the license is lifetime - this is the one I got. I own a portable version with a master password for security.
 

Pre-Installation

 

In all our commands we will use -y with our CLI commands, so we skip the yes/no confirmation. We'll use the package managers yum and dnf. Most of our commands will include sudo (running on the highest privilege). We could use sudo su to login as super-user instead.

It is very important to get all the updates first:

 

sudo yum update -y

 

Installation

 

Starting with the following packages:

apel-release is an Extra Packages for Enterprise Linux;
screen is only useful if you run AAC in screen mode;
nano is my favorite editor;
tcpdump is a data network packet analyzer - we will use it to capture network packets for analysis - very useful if you are under attack and want to know what and how.

 

sudo yum install epel-release -y
sudo yum install screen -y
sudo yum install nano -y
sudo yum install tcpdump -y

 

Use A Better Editor

 

Nano is easier and quicker!

You can open a file like any other editor:

 

nano <directory and filename>

Saving is quite simple which is why I like it:

CTRL+X -> Y -> ENTER to save
CTRL+X -> N -> ENTER not to save
 

Java

We'll use wget to get the java from the web:

 

sudo dnf install wget -y
wget https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.rpm
sudo rpm -i jdk-19_linux-x64_bin.rpm

 

MariaDb

Installation:

 

sudo yum install mariadb-server -y
sudo systemctl start mariadb
sudo systemctl enable mariadb

Start the configuration:

 

sudo mysql_secure_installation

 

Configuring the MariaDb

Important Rules

 

1. Do NOT use root for remote access. [!]
2. Create a db user for every purpose. [!]
3. Never allow a user from all IPs. [!]
4. In addition to the MySQL IP permission, do the same on the firewall side. [!]

MariaDB's config file on CentOS 8 so you can allow remote access:

 

nano /etc/my.cnf.d/mariadb-server.cnf

Enter MySQL as root:

 

mysql -u root -p

 Database creation:

 

CREATE DATABASE login;
CREATE DATABASE game;

User creation:

1. We can start by creating the local user for the login and game servers; only accessed by the machine itself on localhost.
Db username: localuser
Db password: localpassword

 

CREATE USER 'localuser'@'localhost' IDENTIFIED BY 'localpassword';
GRANT ALL ON *.* to 'localuser'@'localhost' IDENTIFIED BY 'localpassword' WITH GRANT OPTION;
FLUSH PRIVILEGES;

2. We create a remote user, so you can access it from your own computer.
Db username: trance
Db password: changemelater123
Trance's VPN or HOME IP (if static): 51.10.10.10

 

CREATE USER 'trance'@'localhost' IDENTIFIED BY 'changemelater123';
GRANT ALL ON *.* to 'trance'@'51.10.10.10' IDENTIFIED BY 'changemelater123' WITH GRANT OPTION;
FLUSH PRIVILEGES;

3. We create a web user, for your Account Panel.
Db username: ucp
Db password: changemelater456
Webhost's IP: 51.11.11.11

 

CREATE USER 'ucp'@'localhost' IDENTIFIED BY 'changemelater456';
GRANT ALL ON login.* to 'ucp'@'51.11.11.11' IDENTIFIED BY 'changemelater456' WITH GRANT OPTION;
FLUSH PRIVILEGES;

 

Tips and tricks:

 

*.* goes like <database name>.<tables access>
IP allowance: We can allow a whole network like: 'trance'@'51.10.%.%'

Db user limit example:
 

 Enter MySQL as root:

 

mysql -u root -p

 

And then:

 

GRANT ALL ON login.* TO 'ucp'@'51.11.11.11'
WITH MAX_QUERIES_PER_HOUR 500
MAX_UPDATES_PER_HOUR 50
MAX_CONNECTIONS_PER_HOUR 50
MAX_USER_CONNECTIONS 5;
FLUSH PRIVILEGES;

See db users and delete any if needed:
 

Enter MySQL as root:

 

mysql -u root -p

See all db users:

 

SELECT User,Host FROM mysql.user;

Delete a user example:

 

DROP USER 'ucp'@'51.11.11.11';
FLUSH PRIVILEGES;

Login and Game Servers

Login and Game Servers privilege to run the .sh files:

Hypothetically we have the Login and Game servers directory as follows:

• server/login
• server/game

 

We only need to do this once if the files are not going to be replaced:

 

cd server/login/
chmod +x LoginServer.sh LoginServerTask.sh
cd ~
cd server/game/
chmod +x GameServer.sh GameServerTask.sh

Run the Login and Game servers and then see the Game server console:

 

cd server/login/
./LoginServer.sh
cd ~
cd server/game/
./GameServer.sh
-f log/stdout.log

Reboot the OS

 

reboot

 

Credits

Give me credits if you share it anywhere else, including my Discord and MxC topic's URL.
Discord: Trance#0694

 

Amazing! Thank you very much!