Find the answer to your Linux question:
Results 1 to 3 of 3
Hi there, I'm a web developer that has been asigned the task to "install and configure" a dedicated server that will be running Linux (don't know what distro, I think ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2004
    Location
    Astigarraga
    Posts
    18

    Configuring/Securing a Dedicated Server


    Hi there,

    I'm a web developer that has been asigned the task to "install and configure" a dedicated server that will be running Linux (don't know what distro, I think it is Fedora Core if I recall correctly). The small "problem" is that I never did this before, and regardless of what the hosting includes configured, I don't know where to start looking for basic things that "should be" configured in a determined way.

    Obviously I'm not asking for an extended response, as I am going to Google a bit (already printed some documents), I don't pretend to make someone write a manual, but I would be very pleased if someone could help in building a list of what to check. The most important things I mean, without going into much detail. I can read documents later, but first I need to know *what* to look for.

    I'm not new at Linux as I started playing with it with Slackware 3 and tried Debian 2, Mandrake, Redhat, Fedora... but never used it deeply. And of course, never configured fully a dedicated server to host web sites. I recently did a small course about Linux servers and touched topics like ProFTP, Apache, POP3/SMTP, Webalizer... but only a few hours each.

    So basically, a linux-newbie that has to have a ready-to-run server.

    Actually I've got this small list of things to check about:

    - FTP Server
    - Mail (Incoming/Outgoing)
    - Web Server
    - MySQL
    - Stats

    With that in mind, I've got two questions that come to my mind now.
    - What is the most recommended Apache version actually? 1.3.x? 2.x.x?
    - Should I think on installing PHP 5 or just leave the PHP 4 installation that I guess comes by default?

    I also checked the jffnms application, but not sure if it is necesary for a dedicated server.

    Basically... what are the first things to check or the steps to see if the system is medium-secure?

    Thanks in advance for any answer,
    Regards.

  2. #2
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682

    Re: Configuring/Securing a Dedicated Server

    Quote Originally Posted by Katixa
    With that in mind, I've got two questions that come to my mind now.
    - What is the most recommended Apache version actually? 1.3.x? 2.x.x?
    - Should I think on installing PHP 5 or just leave the PHP 4 installation that I guess comes by default?
    If it were me, I'd go with the latest version of Apache and PHP. Since it's a new rollout, you don't have to worry about downtime due to incompatibility and upgrading.

    As far as what you need to do goes just be secure. Read up on the latest vulnerabilities, the best security practices (such as chroot jailing) and kernel exploits. kerneltrap.org and linuxsecurity.com are good sources for this.

    Your IPTables rules need to be very strict and as flawless as possible. Use auth when possible (and practical). Make sure all your emails are virus scanned (esp. if you have Windows workstations on your network).

    That's about all that I have on the top of my head. Good luck.
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

  3. #3
    Just Joined!
    Join Date
    Oct 2004
    Location
    Astigarraga
    Posts
    18
    Thanks for the info.

    You touched some of the things that we learned about in the short course (like chroot jailing, auth, and antivirus/antispam systems), but unfortunately I never configured/installed them on my own, so I'm not either a "novice" on them... just a "ah yes I heard about it" one...

    I'm afraid to say that at this moment I'm not sure about what "IPTables" is... I heard about it too but I can't remember if we did that or not. Anyway, I'm going to Google about it now.

    About the vulnerabilities, good idea. I tried to do a search on the forums but it seems to be disabled due to server load.

    Any advice about good sites with global info about vulnerabilities on known programs like apache/mysql/phpmyadmi etc? Or even with the kernel itself. Preferably with feed (xml/rss) system?

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •