How do I maintain and protect my server/droplet for the long term?

December 23, 2014 2.8k views
tomcampbell
By:
tomcampbell

Imagine a customer so ignorant that he could install a droplet but then didn't know what to do after that on a regular basis? OK, stop imagining. That's me. Droplet is installed. DNS seems to be set up adequately. Dev environment works, and mysite.com/index.html is visible to the outside world.

Now what do I do on a regular basis to keep bad guys out and my system healthy? Here's the checklist I've come up with but I'm sure it's hilariously naive and inadequate.

Then, every day or every couple of days do these things? But what's missing from this todo list?

  • View OSSEC logs daily
  • View logwatch logs daily?
  • Every couple of days, check for updates:
$ sudo apt-get update
$ sudo apt-get upgrade
Log In to Comment
1 Answer
ryanpq MOD December 23, 2014

You seem to have a good starting plan. In addition to this I would also recommend taking steps to secure the individual services you will be running. For example, setting up key based authentication for ssh, changing the default port and setting up fail2ban are good steps to take to secure your ssh service. You can find more details in our Introduction to Securing your Linux VPS and in the tutorials in the Security section of this site.

An Introduction to Securing your Linux VPS
by Justin Ellingwood
Linux security is a complex task with many different variables to consider. In this guide, we will attempt to give you a good introduction to how to secure your Linux server. We will discuss high-level concepts and areas to keep an eye on, with links to more specific advice.
Reply
Have another answer? Share your knowledge.