New Server Setup
This is a quick checklist to setup a new production server. It’s as much a reference for myself as anything else.
- Create a non-root user
- Install SSH
- Move SSH login to a non-standard port
- Update the default apt sources
- Disable root logins over SSH
- Install Advanced Policy Firewall (easy instructions for Debian)
- Configure APF (ports 80,443, and the SSH port to start with). IG_TCP_CPORTS in /etc/apf/conf.apf
- Install MySql, Apache2, and PHP5 (in that order)
- Install cronolog for log rotation
- Add virtual host access restrictions to /etc/apache2/conf.d/access_restrictions
- Add an .htpasswd file
- Modify, but don’t remove the default virtualhost file
- Install rsync if you’re using it for backups
- Add custom “security” config file to /etc/apache2/conf.d/ to protect some areas
- Install subversion if you’re using it for version control
References:
http://www.dangrossman.info/2007/03/18/dedicated-server-setup-checklist/
http://www.myserverzone.net/protection/7-debian-install-apf-advanced-policy-firewall.html
http://www.webhostgear.com/61.html