Peer review: Linux server setup checklist
Dear members, Every so often I get asked to setup a Linux server on some cloud provider, usually a LAMP stack, so normally I create one server to run Apache and PHP, and another server to run MySQL only. I am NOT a sys admin. So I picked up the TODO list below from the interwebs. Could someone please tell me if the items below are okay, or if there is anything new i should be doing, or not doing; for a simple, medium security, medium performance web or database server. Thanks in advance! https://gist.github.com/pkarunyu/da5e7d5d4062c70b6668
IMHO, #2 may be of little benefit since any half-decent port-scan will reveal the new port... for this to be useful, you need to enable another measure that doesn't *explicitly* expose the port. something like port-knocking... -- //i ask questions because, contrary to popular belief, i don't know everything// On Wed, Mar 9, 2016 at 4:00 PM, Peter Karunyu via skunkworks < skunkworks@lists.my.co.ke> wrote:
Dear members, Every so often I get asked to setup a Linux server on some cloud provider, usually a LAMP stack, so normally I create one server to run Apache and PHP, and another server to run MySQL only.
I am NOT a sys admin. So I picked up the TODO list below from the interwebs.
Could someone please tell me if the items below are okay, or if there is anything new i should be doing, or not doing; for a simple, medium security, medium performance web or database server.
Thanks in advance!
https://gist.github.com/pkarunyu/da5e7d5d4062c70b6668
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Looks like pretty much what I always do with the addition of disabling selinux on centos/rhel hosts. I've gone further and converted most of these bootstrap tasks to ansible <https://www.ansible.com> playbooks. Works like a charm in getting a server up in minutes. Regards, David. On 9 March 2016 at 17:00, Peter Karunyu via skunkworks < skunkworks@lists.my.co.ke> wrote:
Dear members, Every so often I get asked to setup a Linux server on some cloud provider, usually a LAMP stack, so normally I create one server to run Apache and PHP, and another server to run MySQL only.
I am NOT a sys admin. So I picked up the TODO list below from the interwebs.
Could someone please tell me if the items below are okay, or if there is anything new i should be doing, or not doing; for a simple, medium security, medium performance web or database server.
Thanks in advance!
https://gist.github.com/pkarunyu/da5e7d5d4062c70b6668
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, @njukey
REPOS (for Ubuntu 14. Adjust for the version you are using) * if needed * nano /etc/apt/sources.list * # kenya specific (add at the top) * deb http://ubuntu.mirror.ac.ke/ubuntu/ <http://ubuntu.mirror.ac.ke/ubuntu/> trusty main * deb-src http://ubuntu.mirror.ac.ke/ubuntu/ <http://ubuntu.mirror.ac.ke/ubuntu/> trusty main * deb http://ubuntu-archive.mirror.liquidtelecom.com/ubuntu/ <http://ubuntu-archive.mirror.liquidtelecom.com/ubuntu/> trusty main * deb-src http://ubuntu-archive.mirror.liquidtelecom.com/ubuntu/ <http://ubuntu-archive.mirror.liquidtelecom.com/ubuntu/> trusty main * # generic (add at the top) * deb mirror://mirrors.ubuntu.com/mirrors.txt trusty main restricted universe multiverse deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-updates main restricted universe multiverse deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-backports main restricted universe multiverse deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-security main restricted universe multiverse * locate http://us.archive.ubuntu.com/ubuntu and replace it with http://archive.ubuntu.com/ubuntu update the server * setup automatic updates * dpkg-reconfigure -plow unattended-upgrades * apt-get update * repo keys * add-apt-repository ppa:nilarimogard/webupd8 * apt-get update * apt-get install launchpad-getkeys * apt-get upgrade * apt-get dist-upgrade clamav antivirus * apt-get install clamav clamav-daemon * freshclam * /etc/init.d/clamav-daemon start clamav antivirus scan and update * crontab –e * 47 * * * * freshclam * 00 00 * * * clamscan -r --bell -i / From: Peter Karunyu via skunkworks [mailto:skunkworks@lists.my.co.ke] Sent: Wednesday, March 9, 2016 4:01 PM To: Skunkworks forum <skunkworks@lists.my.co.ke> Subject: [Skunkworks] Peer review: Linux server setup checklist Dear members, Every so often I get asked to setup a Linux server on some cloud provider, usually a LAMP stack, so normally I create one server to run Apache and PHP, and another server to run MySQL only. I am NOT a sys admin. So I picked up the TODO list below from the interwebs. Could someone please tell me if the items below are okay, or if there is anything new i should be doing, or not doing; for a simple, medium security, medium performance web or database server. Thanks in advance! https://gist.github.com/pkarunyu/da5e7d5d4062c70b6668
participants (4)
-
Alex Watila -
David Njuki -
MotoBaridi -
Peter Karunyu