You need to follow this steps to have a secure server:
1. Find a good password for you system. More than 8 chars with numbers and other characters !@#$%%^
2. Never install a program from root account.
3. Never use root account for your current jobs.
4. Update your mysql root password.
5. Uninstall all unnecessary programs and servers.
6. Look at open ports from you server and try to remove all unnecessary servers what are running
You can look after listenting ports with :
For all open ports
$# netstat -nl
OR
For all TCP ports
$# netstat -tnl
OR
For all UDP ports
$# netstat -unl
In a system with only ftp,web and ssh open ports you need to have something like that
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
8. Set up a different mysql acccount for you programs what need access to database and don't use root account.
9. Run you programs in chroot if that is possible.
10. Install a good firewall and setup some access list for you know hosts and don't let other access to your ssh/ftp ports.
11. Try to install and setup mod_security for Apache. It will drop a lot of nasty things what are coming to your program.
12. and not the last upgrade your server every time when you access him or try to subscribe to a security mailling list for you distro to see when something have problems.
Now you have a good protected system. But for all paranoiac people :
13. Install a Role-Based Access Control (RBAC) system to protect your access and other security patches (I recommend grsecurity for that http://www.grsecurity.net )
News
