LAMP server setup on Linode Ubuntu 14.04.1 LTS

setup.md

Server Setup/Security

LAMP server setup on Linode Ubuntu 14.04.1 LTS

• Update system

  • apt-get update
  • apt-get upgrade
  • Check Unattended upgrades package
    • https://help.ubuntu.com/community/AutomaticSecurityUpdates#Using_the_.22unattended-upgrades.22_package
    • https://help.ubuntu.com/community/AutomaticSecurityUpdates#Using_the_.22unattended-upgrades.22_package
    • https://help.ubuntu.com/10.04/serverguide/automatic-updates.html

• Set hostname and FQDN

  • /etc/hosts
  • /etc/hostname
  • New DNS entry hostname.example.com pointing to server IP

• Set/Check timezone

  • dpkg-reconfigure tzdata

• Add your own user

  • adduser example_user
  • usermod -a -G sudo example_user
  • Add the user to the administer the system (admin) group

• SSH/Login

  • Key Pair Authentication/ authorized_keys setup
  • Change default port
  • Disable root login
  • Disable password logins
  • Customise /etc/issue.net

• iptables

  • Or look at nftables
  • https://library.linode.com/securing-your-server#sph_creating-a-firewall
  • Ensure use new SSH port

• Fail2Ban

  • If needed
  • https://library.linode.com/securing-your-server#sph_installing-and-configuring-fail2ban

• Mail

  • Install Exim (Simple email sending)
    • https://library.linode.com/email/exim/send-only-mta-ubuntu-12.04-precise-pangolin
  • SPF
    • DNS TXT entry hostname.example.com
    • v=spf1 ip6:..../64 a mx -all
  • Redirect root mail
    • /etc/aliases
    • root: [email protected]

• RKHunter and CHKRootKit

  • RKHunter
    • APT_AUTOGEN="yes"
  • CHKRootKit
    • RUN_DAILY="true"

• Setup LogWatch

  • https://help.ubuntu.com/community/Logwatch

• PSAD (port scan attack detection)

  • https://www.digitalocean.com/community/articles/how-to-use-psad-to-detect-network-intrusion-attempts-on-an-ubuntu-vps

• Install misc utilities

  • htop

• Web hosting setup

  • https://help.ubuntu.com/14.04/serverguide/httpd.html
  • MySQL
  • PHP