[ichsie2036]

I tried to start managing my own VPS servers recently and after setting up Debian at one of the hosting providers, I followed everything I can find on the web to consolidate the server against security breaches.

What would you recommend a newbie to do to secure a server of websites? The MySQL database is hosted on the same server.

[wirehopper]

Move SSH off port 22, block direct root access (require user to log in through a user account, then su to root).
Use a WAF (web application firewall) like mod_security.
Refer to PHP Security Consortium (they have a great audit), SANS: Computer Security Training, Network Security Research, InfoSec Resources (lots of resources)
Validate and sanitize all data on the server side, optionally on the client side.
Keep all applications and other software up to date, upgrade.
Avoid duplicate instances of code, so a single upgrade will resolve issues.
Monitor the server - including new files.
Block access to MySQL from external sources.
Be especially wary of contact email forms and any other opportunities where users can post data.
Check applications for security vulnerabilities at http://secunia.com before installing them.

[ichsie2036]

Quote:

Originally Posted by wirehopper

Move SSH off port 22, block direct root access (require user to log in through a user account, then su to root).
Use a WAF (web application firewall) like mod_security.
Refer to PHP Security Consortium (they have a great audit), SANS: Computer Security Training, Network Security Research, InfoSec Resources (lots of resources)
Validate and sanitize all data on the server side, optionally on the client side.
Keep all applications and other software up to date, upgrade.
Avoid duplicate instances of code, so a single upgrade will resolve issues.
Monitor the server - including new files.
Block access to MySQL from external sources.
Be especially wary of contact email forms and any other opportunities where users can post data.
Check applications for security vulnerabilities at Secunia.com before installing them.

Thanks for some great insights. A few questions:

1. I use this line to install apache2:

aptitude install apache2 apache2.2-common apache2-mpm-prefork apache2-utils libexpat1 ssl-cert

How do I modify it to include mod_security. As I checked /etc/apache2/mods-available, there isn't anything called *security* there.

2. Which way is better to upgrade my server software? (Debian 5.0)

aptitude safe-upgrade or aptitude full-upgrade or aptitude dist-upgrade

I have no idea of their differences from each other.

3. Is running chkrootkit enough to monitor the change of critical files?

Thanks!

[wirehopper]

I don't know if you can use aptitude to install mod_security. You might have to go to ModSecurity: Open Source Web Application Firewall.

I'm not a sysadmin - I either use leased servers, or development servers - for the leased machines, they are managed by WebHostManager and the hosting company, the development servers are off the 'net, so I can do whatever I want. As a rule, server upgrades should be done carefully to ensure they don't break anything that's already running.

I haven't worked with chkrootkit.

[Thechecker12]

Now I do have the same situation ichsie hat a time ago. Really helpful, that the questions are answered already. So I can directly start working on it. Great, that such a forum exists. Otherwise I wouldn't know how to solve problems and whom to ask.