Today I was asked the following question by a friend of mine.
Q: I am currently working on moving my site to a new server so if anything needs to be installed or modified on the server let me know and I will make sure that it is done on the new server.
A: YES. There are quite a few things that you should do and install on your new server to secure it.
Here are a few recommendations right on top of my head:
1. Stop unneeded services.
2. Install protection against Brute Force SSH attacks (they can be costly) [BFD]
3. Install advanced firewall in addition to the default firewall (iptables). [APF]
4. Completely disable root login and admin login. [Custom Script]. If a user then attempts login as root, kick them off the server and log the attempt. I do it using a dummy shell.
5. Stop normal FTP and only use SFTP.
6. Have your Apache, MySQL, PHP and Kernel upgraded
7. Install mod_security (Depending on your site you may need to tweak the default ruleset)
8. Install something to monitor your applications and restart them if needed. [System Integrity Monitor]
9. Install something to clear Apache semaphores from time to time. [SIM can do this job]
10. In addition to Brute Force SSH attacks, you need something to protect you against other brute force attacks (FTP etc).
11. There may be a few other utilites that would help you greatly (but I'll have to check)
What else am I missing?
Thanks
Frank
2 comments:
i'm in the process of designing a GPS system and wanted to know that is it possible to keep MySQL and the database on a CDROM and query it from a C IDE(KDevelop)?
expecting help.
thank you.
Hello Aniket,
I have posted an answer here and asked for input from the community as well.
Thanks
Frank
Post a Comment