Ubuntu Server Security
Okay, I've installed Ubuntu, Apache, Mongrel, and Ruby on Rails to run my web applications on a server. The Apache proxies to the mongrel cluster to get webpages, for example. What steps should I take next to secure my server? I've done a little, but not too much, to keep it secure. I read something about 'open proxies' and wanting to make sure I don't have one, how do I check this, for example? What other items should I look at?
One thing you may want to do is configure some firewall rules because Ubuntu does not turn the firewall on by default. You can use the ufw command for this although personally I prefer using shorewall. As for the proxy, if you are using squid, take a look at the secton that refers to access control lists in the squid documentation.