I've been running a mp3 server out of my basement for a couple months now using an old Pentium pc, Slackware 10.2, and gnump3d ver. 2.98. I'm using a precompiled 2.6.13 kernel and iptables 1.3.5...I've set up a couple simple filter rules that open up traffic on port 8001 for my server and allow no-ip's software to run in the background and update my changing IP address on the web since I have a DHCP.

As far as I know, nobody has messed with my 24/7 server. Is there a log file that keeps track of all online activity?

What else could I do to secure my server from vulnerabilities?

as for logfiles, being that this is (i assume) a dedicated mp3 server, i believe you'd be pretty-much limited to the logfiles provided by the mp3 server app... of course there's always the iptables logs (and the system logs) but they aren't of much use in this situation (unless you are indeed allowing remote ssh logins, etc.)... what mp3 server app are you using??

as for hardening the box, you could post your iptables script and then maybe we could give you some pointers on how you might be able to make it better/tighter...

i would also recommend downgrading your kernel to the latest 2.4 (if possible), which at the time of this post is 2.4.33-rc1... you should make sure it's stripped-down to only what you need (a good start is disabling all the experimental options) of course... you'll need to recompile iptables after that...

other steps you can take are making sure you uninstall any packages you aren't using on the box, such as compilers, graphical libs/apps, etc...

if you want some heavy armor you could always patch the kernel with grsecurity... they should have a version for 2.4.33 released soon after 2.4.33 is actually released...

also, if your mp3 server app is able to run in a chroot jail, that would be great, as grsecurity provides chroot jail hardening...

there's plenty of other things you can do also... like, perhaps install rootkit hunter and set a cron job to email you the results of a scan once a day... or tripwire... or both...

just my ...

PS: does your mp3 server app have a web-based front-end?? if so, does it have it's own or does it use apache??

EDIT: sorry, i just noticed that you had indeed posted the app you are using, gnump3d...

Why should I go back to the 2.4.X kernel? I'm running a 200 MHz pc, so I'd like a precompiled 2.4.33 kernel for Slack 10.2. The 2.4 kernel that is on the server is 2.4.31.

As for the server application, it's gnump3d version 2.98. It provides me with a detailed access log file. People access this 24/7 mp3 server on port 8001.

I'm using a DHCP IP address. I'm using the software at www.no-ip.com to run in the background as a process and update their online database with my IP address changes. It needs port 8245 to be open for their software to use.

I've opened up the above ports in my iptables 1.3.5 definitions along with ports for ssh and ftp and the no-ip process updates in the background:

-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8001 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8245 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
COMMIT

mainly for security... using an unsupported 2.6.13 is a very bad idea if you are concerned about security... trust me, patrick volkerding is not ever going to be backporting security patches to that 2.6.13...

precompiled?? ideally you want a kernel with only the features you NEED included... precompiled kernels like those provided by slackware come with everything but the kitchen sink included (including experimental stuff)...

in any case, i doubt patrick will provide a 2.4.33 kernel for slackware 10.2, considering he didn't even provide a 2.4.32... but then again, 2.4.33 includes (will include) a lot security fixes so perhaps he'll issue it as a security update this time around... who knows...

what i can tell you is that it's best if you don't depend on him for your kernels... is there some reason in particular why you don't want to compile your own??

yeah, i realized this after i posted - look at my edit...

cool... i was reading through the docs for that app and the developer seems like a serious person, which is good... he seems to have given a lot of thought to the security implications of this application...

it's easier to give you feedback if you post your *entire* rc.firewall script...