This is a quick checklist to setup a new production server. It’s as much a reference for myself as anything else.

1. Create a non-root user
2. Install SSH
3. Move SSH login to a non-standard port
4. Update the default apt sources
5. Disable root logins over SSH
6. Install Advanced Policy Firewall (easy instructions for Debian)
7. Configure APF (ports 80,443, and the SSH port to start with). IG_TCP_CPORTS in /etc/apf/conf.apf
8. Install MySql, Apache2, and PHP5 (in that order)
9. Install cronolog for log rotation
10. Add virtual host access restrictions to /etc/apache2/conf.d/access_restrictions
11. Add an .htpasswd file
12. Modify, but don’t remove the default virtualhost file
13. Install rsync if you’re using it for backups
14. Add custom “security” config file to /etc/apache2/conf.d/ to protect some areas
15. Install subversion if you’re using it for version control

References:
http://www.dangrossman.info/2007/03/18/dedicated-server-setup-checklist/
http://www.myserverzone.net/protection/7-debian-install-apf-advanced-policy-firewall.html
http://www.webhostgear.com/61.html

This entry was posted on Friday, November 5th, 2010 at 5:50 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.