Setting Up and Securing a Linux Teamspeak Server

by williamruckman in Circuits > Linux

25490 Views, 22 Favorites, 0 Comments

Setting Up and Securing a Linux Teamspeak Server

ts2_01.gif
This article will walk you through setting up a securing your Linux Teamspeak server, and how to set it up to run as a service that can also run at boot time. Just downloading and running the software is a really bad idea as it is not set up for security. If a vulnerability ever developed in the Teamspeak software and you were attacked, a attacker could get permissions equal to what user you have it running as. I will show you how to set up Teamspeak with rock solid security.

This is a general walk through for Teamspeak RC2 Linux Server.

This instructable is brought to you by William Ruckman of ( http://ruckman.net/archives.htm#TEAMSPEAK )

Download the Teamspeak Server Software

download-ts.png
Download the Teamspeak server software from:

http://www.teamspeak.com/?page=downloads

You will want the "TeamSpeak 2 Server" in the "Linux" section.

EXAMPLE:

You can run the command:

wget ftp://ftp.freenet.de/pub/4players/teamspeak.org/releases/ts2_server_rc2_202319.tar.bz2

Login, Create User and Group

ts2groupadd.png
SSH to your server if remote or open a terminal on your GUI if local.

Log in as root, or type:

su -

to get root privileges with the root profile. You will need to enter the root password.

Create the teamspeak group by typing:

groupadd teamspeak

Create the teamspeak user by typing:

useradd -g teamspeak teamspeak -s /sbin/nologin

-g is for the group the user will be added to and -s is very important because this will disallow this user from logging in to the system.

Install the Software

untar.png
Once the user is created, there will be a home directory created for this user.

Such as: /home/teamspeak.

If not, issue:

mkdir /home/teamspeak

Copy the teamspeak software to this directory using:

cp ts2_server_rc2_20201.tar.bz2 /home/teamspeak

Uncompress the archive using:

tar -jxvf ts2_server_rc2_20201.tar.bz2

The software is now located in /home/teamspeak/tss2_rc23. I dont like this, so I have it moved to the /home/teamspeak directory using the following commands:

cd tss2_rc2
cp * -R /home/teamspeak
rm tss2_rc2 -R -f
chgrp -R /home/teamspeak teamspeak
chown -R /home/teamspeak teamspeak

Certain files do not show up until after the initial start of the server. You will have to start the server.

./teamspeak2-server_startscript start

Login to the Admin Interface, Change Passwords.

ts2_02.gif
There are two ways to do this, the web interface or the telnet interface. You only need to do one or the other. I will list them both. i will list the web interface method first and the telnet interface method second.

WEB METHOD

After the server is started, you must login to the web interface (If you are in Init 5) or the telnet TCP query port (if you are in Init 3 and don't want to go to graphical mode)

In order to do this, you must be on the console if you have a firewall as I haven't told you how to open up the ports yet.

For the web interface, you must go to the URL:

http://127.0.0.1:14534

You will have to login with a pre-defined password. You can get this password from the server log file. You can open it with your favorite text editor or with the following command:

joe /home/teamspeak/server.log

NOTE: I am using the joe editor. If you have not used this editor before you can get help by hitting CNTL K, H obviously, you can use any editor that pleases you. Such as vi, kate, kwrite, and so on.

Then login to the web interface using the superadmin account and change both the superadmin password and the admin password.

TELNET METHOD

To do this via the TCP query port type:

telnet 127.0.0.1 51234
slogin superadmin LOGFILEPASSWORD
sel 8767
dbsuserlist *(TAKE NOTE OF THE SUPERADMIN ID)
dbsuserchangepw SUPERADMINID PASSWORD PASSWORD
dbuserlist *(TAKE NOTE OF THE ADMIN ID)
dbuserchangepw ADMINID PASSWORD PASSWORD
serverset server_password PASSWORDTOLOGIN (THIS IS FOR USER ACCESS)
serverset server_name YOURSERVERNAME
serverset server_maxusers MAXUSERS (VALUE OF 0-32000)
serverset server_welcomemessage WELCOMEMESSAGE (YOUR MOTD)
quit

Change / Update Server Configuration

serverini.png
It is now time to change the server configuration file. Before these settings take effect you must restart the Teamspeak server. See troubleshooting for how to do this.

The file we will have to edit is server.ini

joe /home/teamspeak/server.ini

In this file there are many options. Most of these options can also be done in the telnet session as well. These are the ones you should customize, the others are optional:

[Main Config]
BoundToIp1= YOUREXTERNALADAPTERIP (USE IFCONFIG COMMAND TO OBTAIN)
ExternalIPDectection=1 (WINDOWS ONLY, IGNORE)
HTTPServer Port=14534 (LEAVE AS DEFAULT)
HTTPServer Enabled=1 (LEAVE AS DEFAULT)
DateTimeFormat=dd-mm-yyyy hh:nn:ss (LEAVE AS DEFAULT)
TCPQueryPort=51234 (LEAVE AS DEFAULT)
AllowedClientNameChars= (OPTIONAL)
DisAllowedClientNameChars=()[] (OPTIONAL)

[debug]
MessageTypes=LMTALL (LEAVE AS DEFAULT)
MessageDepths=LMDALL (LEAVE AS DEFAULT)

[WebPost]
AdminEmail= YOURADMINEMAIL (ENTER YOUR E-MAIL)
ISPLinkURL= YOURWEBSITEURL (ENTER YOUR WEBSITE URL)
ISPName= YOURISPNAME (YOUR ISP NAME)
ISPCountryNumber=2457 (LEAVE AS DEFAULT)
Enabled=0 (1=ENABLE WEBPAGE STAT POSTING)
PostURL= (THE WEB STAT URL TO POST TO)
ListPublic=0 (LIST YOUR SERVER PUBLICLY?)
UserAgent=teamspeak (LEAVE AS DEFAULT)

[log]
access_r=0 (OPTIONAL)
access_u=0 (OPTIONAL)
channel_registerred=0 (OPTIONAL)
channel_unregisterred=0 (OPTIONAL)
sa=0 (OPTIONAL)
chat=0 (OPTIONAL)
kick_server=0 (OPTIONAL)
kick_channel=0 (OPTIONAL)

[Spam]
max_commands=10 (MAX NUMBER OF CHAT POSTS)
in_seconds=2 (IN # OF SECONDS)

[ISP] (OPTIONAL - NOT INCLUDED)
GFX URL= (BANNER IMAGE)

Change Firewall Settings

ufw.png
You will now have to open your UDP port 8767 so that you and others can connect to the teamspeak server.

joe /etc/sysconfig/iptables

and enter this line in the iptables file:

-A INPUT -m state --state NEW -m udp -p udp --dport 8767 -j ACCEPT

or if you are using Ubuntu with UFW:

ufw allow 8767

Troubleshooting

question-mark.png
TROUBLESHOOTING:

Starting and stopping the server:

From the Teamspeak directory ( /home/teamspeak/ ) run:

./teamspeak2-server_startscript stop
./teamspeak2-server_startscript start

If you get an error with a "carrot M"

in it, then the service scripts have a windows control character in them. Remove these characters with the following command:

tr -d \0153 < inputfilename > outputfilename

Replace inputfilename with the original file, and outputfilename as the file to copy the fixed info to. They cannot be the same.

On some platforms, you may get an exception error. To fix this, add the following command to the beginning of the Teamspeak start command:

setarch i386 COMMAND