i think this is a really good way to get hacked as hacker love to hack webservers and Xorg is unsafe as hell

Originally posted by Doc Holliday:

i think this is a really good way to get hacked as hacker love to hack webservers and Xorg is unsafe as hell

That's interesting. I've never used a gui on my server at work so I'm not sure what the dangers of it are exactly, just know that it's generally not recommended. I find it strange that Windows Server is GUI only yet it seems like such a no-no in the Linux world to run a gui on a server.

Originally posted by siteuntitled:

Originally posted by Doc Holliday:

i think this is a really good way to get hacked as hacker love to hack webservers and Xorg is unsafe as hell

That's interesting. I've never used a gui on my server at work so I'm not sure what the dangers of it are exactly, just know that it's generally not recommended. I find it strange that Windows Server is GUI only yet it seems like such a no-no in the Linux world to run a gui on a server.

Windows is a no no to run as a server at all i can bypass so many things on Windows its not funny this is why most windows server are used as host to the Linux server as the Linux server is the one open to the web

Why? If you want a general purpose server, why not just take a Linux tailored for that usage scenario?

Originally posted by ReBoot:

Why? If you want a general purpose server, why not just take a Linux tailored for that usage scenario?

I could understand wanting to use a Steam Machine as a home file or DLNA server but why would you try and use it for hosting a site or for DNS? It doesn't even have much to do with the GUI either, regular versions of Ubuntu or Fedora would be better suited.

Its IMHO as weird as the wish to use SteamOS as a general purpose desktop machine. I would understand that if SteamOS was the first Linux ever usable by a non-geek, bit even I admit that there are Linuxes out there suited for the task.

Don't care that much about that X stuff. If you wanna a server, go and do that, just make sure to configure your firewall to protect you. Close all and open only the necessary and you gonna be safe. Any way I believe your server is gonna be behind your router, right? You gonna have to tunnelling the ports you want on Internet right? Only that already give you some level of protection.
A DLNA server and even a Web server and a SSH server, I totally understand... I have SSH on mine right now... but DNS?
And if you are that afraid of getting hacked, just chroot your web services.

Originally posted by EthraZa:

Don't care that much about that X stuff. If you wanna a server, go and do that, just make sure to configure your firewall to protect you. Close all and open only the necessary and you gonna be safe. Any way I believe your server is gonna be behind your router, right? You gonna have to tunnelling the ports you want on Internet right? Only that already give you some level of protection.
A DLNA server and even a Web server and a SSH server, I totally understand... I have SSH on mine right now... but DNS?
And if you are that afraid of getting hacked, just chroot your web services.

Thank you!! Glad to here from someone who is open to the idea. I actually don't have any interest in DNS - not sure why I threw that on there, just listing off possibilities that I thought someone else might want to try I guess. Yes it will behind my router. I'm mainly interested in web and possibly file server. I will definitely want SSH since it's hooked up a TV and won't have a keyboard/mouse (only a gamepad and eventually a steam controller once they come out) - I would like to manage it from my desktop PC.

For those asking/wondering why I would want to do this - I have a single extra machine so it's either choosing to run it only as a server, only as SteamOS, or both. To me it seems like if I can make it dual purpose then I'm getting more bang for my buck. I was wondering if anyone else was planning on doing this kind of thing too to see if there was anything I should be aware of before I set it up or if they had run into any issues doing something similar.

For hobby reasons, there's no problem with GUIs on servers, or hosting files to friends, or any of that. Probably because if my hobby computer gets hacked, who cares? It's a good way to learn. And I don't know who all these people are with a ton of money to spend having a ton of different boxes do a ton of specialty tasks...

Of course any system in a production environment is different. And the whole GUI argument makes sense if I'm spawning hundreds of Linux instances in VMs or something. But for a home hooby system? Just splitting hairs.

Why do you guys think, that the presence of X has anything to do with the security of some server daemon?

It's not so much the presence of X specifically, it's more the idea that one way to increase security is by reducing the vectors for attack.

Buggy software can cause security issues. [Almost] All software is buggy. Thus less software running will cause less security issues.

Again, for a home hobby system I wouldn't care so much. You can bet that military and banks don't run X or anything else unnecessary on hardware worth billions.

Well... but how would having an X server add attack vectors for a server? In the scenario here, it would not be accessible to any attacker. To use it in any way, he would already have to have access to the system, directly or via a remote shell.

EDIT: I have to admit, maybe the risk that there is a root exploit is higher, so it could be bad in case someone gained user access. But as you said, you probably don't have to take security that serious in this scenario.

Generally speaking, your server security is coming down to your service selection, configuration and patching which determine attack surface area.

No matter what distro/OS you run the more services you run the more options there may be for a cracker to get into your machine, so you want to run as few as possible, have them configured in a fairly paranoid way and have the machine firewalled to try and stop access to any services that might be running for other reasons (eg X).

The sort of services you might run as a home server probably aren't going to give you much grief as far as performance that you'd notice, compared to games.

Unfortunately, even if the machine is well configured you're always at risk from newly discovered security holes in the gap between discovery and when they're patched on your system (or the system reconfigured to avoid a security hole). This is particularly risky if you end up manually installing libraries/services (and which aren't patched by the OS vendor). I once had my home linux server send out several thousand bits of spam to Brazil because I didn't come across a flaw notice for a non-RedHat library used by a web application for weeks after it became common knowledge. Keep that in mind when deciding on services and working out your patch schedule.

WIdely used, venerable, servers and applications are likely to be more thorougly security checked than small project. So, you'll want to be especially paranoid and dilligent about patching bleeding edge, specialised, services (and probably keep an eye on upstream, which is a bit of a pain).

SteamOS should run services as well as Debian, but my main quesiton would be if there'll be a lag between Debian security updates and SteamOS upddates (for underlying libraries as part of the SteamOS repos).

The other question is if running your SteamOS machine as a server is a good idea? If it's a powerful gaming machine, it'll probably run at 50-100 watts idle. If you only need a trivial chunk of computing power and the server's going to be running 24/7 you'll probably find that a low power dedicated server (like an odroid, or pi) will pay for itself in a few months just in electriity (and reduces noise/heat/wear from your main machine). I ran a regular PC for years as a server, and although it was zippy there was a *lot* of wasted electricity.

EDIT: Oh, it goes without saying that you'll need to lock down access to any service for steam or desktop users and revisit passwords for root/desktop/steam. Also keep in mind that although you may be okay with losing a hobby server/game machine if someone gets control of it you then have to worry about how much access that might give to other machines on your internal home network (do you really trust that WIndows XP machine to stand up to attack from an internal host? :) )

EDIT: And if you're setting up ssh to be accessible to the internet and have a smartp phone then put OATH TOTP on it (two factor time based codes) - it goes in as a pluggable authentication module.
While you're at it set them up for Gmail/Facebook/Dropbox/Guild Wars 2/anything else you can.

http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

Thanks GeeEl! That is very informative!

The machine I'm using for this is a Core2Quad with 8GB RAM, with a GTS 450 1GB. What I'm thinking now is that I might do the following to maximize what I'm doing on this machine (since like you said it will be on 24/7 and use lots of energy):

1) Run SteamOS as OS
2) Run MythTV on SteamOS for recording TV shows
3) Setup a file server
4) Run VirtualBox with CentOS no gui for the hobby webserver, this would be the only public web facing piece so I'm thinking using VirtualBox would help me isolate it from the rest of what I'm doing with this machine.

I'm building another desktop machine that is replacing this machine that will be much more powerful (i7 4770K, 16GB RAM, GTX 780) and will be primarily using SteamOS on this machine to stream games from that one so I'm not too worried about MythTV, the file server, and VirtualBox using too much resources and affecting the games.

Does that sound like a reasonable thing to do, or am I making a bad assumption about being able to make it safer by putting the webserver in a VM?

Running a web server as a VM does protect the rest of your system from priviledge escalation (ie. persuading Apache to hunt for other bugs and run things as root) and protects your other files. If the VM is broken into then it's still a machine on your network that might go looking for other things to compromise so it's not a panacea (ie. still be paranoid).

I haven't run VB before, although I did some KVM for server virtualization (and Xen before that). Should work fine, although you'll probably be pushing files to it via SSH, NFS or somesuch.

Your ISP might well already give you token web server space and FTP etc included in your connection charge, so you might want to look into that too depending on what you want to do with the files and web server..

I briefly pondered MythTV, but I suspect that for the price of running the machine all the time would end up costing a netflix subscription (although technically netflix isn't available where I am :( ), but it might end up happening for particular shows I want to record...

If you'll mainly just be streaming games it's also worth considering a regular server distribution (perhaps Debian Jessie, or Ubuntu 12.0.4 LTS), as it's probably just that little bit easier to set everything up (no worrying about possible distribution conflicts) and find documentation. I was pleasantly surprised by Debian Jessie having a steam package in the repository, and Steam's probably going to be the least complex thing you'll be worrying about.