Configuring/Securing a Dedicated Server
I'm a web developer that has been asigned the task to "install and configure" a dedicated server that will be running Linux (don't know what distro, I think it is Fedora Core if I recall correctly). The small "problem" is that I never did this before, and regardless of what the hosting includes configured, I don't know where to start looking for basic things that "should be" configured in a determined way.
Obviously I'm not asking for an extended response, as I am going to Google a bit (already printed some documents), I don't pretend to make someone write a manual, but I would be very pleased if someone could help in building a list of what to check. The most important things I mean, without going into much detail. I can read documents later, but first I need to know *what* to look for.
I'm not new at Linux as I started playing with it with Slackware 3 and tried Debian 2, Mandrake, Redhat, Fedora... but never used it deeply. And of course, never configured fully a dedicated server to host web sites. I recently did a small course about Linux servers and touched topics like ProFTP, Apache, POP3/SMTP, Webalizer... but only a few hours each.
So basically, a linux-newbie that has to have a ready-to-run server.
Actually I've got this small list of things to check about:
- FTP Server
- Mail (Incoming/Outgoing)
- Web Server
With that in mind, I've got two questions that come to my mind now.
- What is the most recommended Apache version actually? 1.3.x? 2.x.x?
- Should I think on installing PHP 5 or just leave the PHP 4 installation that I guess comes by default?
I also checked the jffnms application, but not sure if it is necesary for a dedicated server.
Basically... what are the first things to check or the steps to see if the system is medium-secure?
Thanks in advance for any answer,
Re: Configuring/Securing a Dedicated Server
If it were me, I'd go with the latest version of Apache and PHP. Since it's a new rollout, you don't have to worry about downtime due to incompatibility and upgrading.
Originally Posted by Katixa
As far as what you need to do goes just be secure. Read up on the latest vulnerabilities, the best security practices (such as chroot jailing) and kernel exploits. kerneltrap.org and linuxsecurity.com are good sources for this.
Your IPTables rules need to be very strict and as flawless as possible. Use auth when possible (and practical). Make sure all your emails are virus scanned (esp. if you have Windows workstations on your network).
That's about all that I have on the top of my head. Good luck. 8)