Web server security CHECKLIST

November 24, 2014 5.1k views
Orbital
By:
Orbital

Good day! Is there any checklist?
Here is mine as beginner.

OS Linux:

  • SSH and SFTP logins only
  • add SSH key
  • deactivate root
  • serverpilot.io they give you firewall and updates. As I know updates for mySQL and PHP with their settings. This firewall allows TCP ports 22 (ssh), 80 (HTTP), and 443 (HTTPS) as well as UDP port 68 (DHCP)
  • fail2ban with conf (permanent bans)
  • htop for monitoring (CPU, RAM, etc)
  • DO Snapshot or Dropbox for auto backups
  • something else?

How to secure mySQL, PHP, Apache, maybe NGINX?

Good advices and links are welcome.

Log In to Comment
3 Answers
JonsJava November 24, 2014

For MySQL security, it's as easy as running this:

mysql_secure_installation

I'd also recommend a MySQL dump nightly, like this:

/root/scripts/mysql_backup.sh

#!/bin/bash
USER='backup_user'
PASS='PASSWORD'
### MAKE SURE TO ADD THE TRAILING SLASH ###
DIR='/path/to/backup/to/'
date=`date +"%m-%d-%Y %T"`
if [ ! -d "$DIR" ]; then
   mkdir -p $DIR
fi
mysqldump -u $USER -p"$PASSWORD" --all-databases --master-data |gzip -1 > ${DIR}mysqlbackup_$date.sql.gz
#### You can then add a script to offload to S3/DropBox/e-mail if you like. ####

cron to run:

00 04 * * * /root/scripts/mysql_backup.sh
Reply
Orbital November 25, 2014

Thank you JonsJava.
Some more good programs:

  • Traffic: iptraf
  • Monitor network traffic: jnettop
  • For mysql: mytop
Reply
janV August 26, 2015

Thanks,

More a question than a contribution to the checklist, but is choosing a different port for ssh a good security measure? Something else than the default 22 ?

Reply
Have another answer? Share your knowledge.