IMHO, #2 may be of little benefit since any half-decent port-scan will reveal the new port...

for this to be useful, you need to enable another measure that doesn't *explicitly* expose the port. something like port-knocking...

--
//i ask questions because, contrary to popular belief, i don't know everything//

On Wed, Mar 9, 2016 at 4:00 PM, Peter Karunyu via skunkworks <skunkworks@lists.my.co.ke> wrote:

Dear members,
Every so often I get asked to setup a Linux server on some cloud provider, usually a LAMP stack, so normally I create one server to run Apache and PHP, and another server to run MySQL only.

I am NOT a sys admin. So I picked up the TODO list below from the interwebs.

Could someone please tell me if the items below are okay, or if there is anything new i should be doing, or not doing; for a simple, medium security, medium performance web or database server.

Thanks in advance!

https://gist.github.com/pkarunyu/da5e7d5d4062c70b6668

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke