Hi, i have 2 dedicated servers at a hosting company. I want to setup a server at my home , to learn how to administer and to use it to develop my sites before go in production.(i have 1 server root hacked with brute force- i didn't have firewall ) Also, some files who consume large bandwidth i will host here . I have the computer ready, tomorrow the internet connection with dedicated IP will come. I want to install 1. centOS (is working on my other servers) 2. Apache - mod_rewrite - mod_security - mod_evasive 3. MySql (and phpmyadmin) 4. PHP 5. WHM and Cpanel (is working on my other servers) 6. CFS Firewall (is working on my other servers) What software,modules etc i must add? I am interested especially about server security. PS Great job you have done here folks (i getted here with a link from my hosting company when i have requested a support ticket )
Hi and welcome. Did you have a ook at any of the perfect server setups for CentOS? Here is one that you could use: http://www.howtoforge.com/perfect-server-centos-5.2-x86_64
Yes, i have read it. Many times.With images is perfect , like a dinner with a good wine . I have installed centOS to test with this tutorial, but i didn't have a static ip address. The instalation was succesfully,except internet connection. I want to make a list with all elements who must be installed for good server security, like i said, to have a general image and to start reading about them. Thanks!
Tips Hi, After my small experience in a hosting company (~1 yr) as linux sysadmin, here some tips about securing a server [depend on server type (Web server, mail server, etc)]: - Use strong passwords. - Install a firewall and a HIDS (Host-based IDS) such as: CSF/LDF (come with cPanel), APF/BFD, both tools use IPTables. - Install a Antivirus eg: ClamAV and write some shell scripts and use cron jobs to invoke those scripts (personally i use python for that) depending on your policy eg: scan all home folder daily. - For mail server: tweak your MTA config, Add an RBL DB to your MTA, Install a AntiSpam eg: SpamAssassin. - for Apache: install mod_security , tweak Apache and PHP configuration (for apache disable showing of server signature, version etc ) and for php.ini disable some system function as many php worms and backdoors use those functions. - Chroot BIND, FTP is preferred. - Never run services as root. - Disable all unnecessary services. - Update system. - Monitor your server regularly. - Use ISPConfig cause is more flexible than others.
