Is there a checklist for setting up a secure, optimised server?

  • Posted on March 5, 2014
  • p.januszAsked by p.janusz

Looking for a guide that will give the bare minimum of what I would need to install to have a server up and running, secure and optimised for hosting my sites

Also the best order in which to install. such as lamp, firewall etc.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Thanks guys. You given me something to work with. <br> <br>Pretty new to this always had managed vps’s before, so just want to make sure I can at least do the minimum to get up and running and secure. <br> <br>Any further suggestions always welcome.

There is no specific thing as it is all option steps you take yourself: <br> <br>for me I would go for this list: <br>1- securing ssh and hardening and use only SSH key to access WS <br>2- disabling root login <br>3- using iptables <br>4- port knocking <br>5- Fail2ban “you need to be very careful with that, otherwise, you will find yourself locked out” <br>6- using Intrusion Detection System <br> <br>and possibly the most important thing to protect the server itself is using mod_security for either Apache or Nginx <br> <br>and many others… <br> <br>you can find the list here: <br> <br>

Iptables is a must. <br> <br>(This tut will also work on debian and ubuntu) <br>No passwords for the ssh login, use private RSA keys!