This post is dedicated to all of you running your churchâ€™s website in the choir robe closet, or who have been graced with a generous and geeky member who has taken advantage of one of those cheap, unmanaged dedicated server deals advertised at places like WebHostingTalk:
As the author plainly states, â€œThis list is not comprehensive, nor does [he] take any responsibility for any harm that may come to your server if you use any of these commands.â€
Emphasis mine, that said, I found this a very good â€œquick referenceâ€ for those of you thinking about running or leasing your own Linux/Apache server. Especially for those blissfully ignorant enough to think it can be done simply by installing ubuntu on an old machine some donated as a tax-write off.
Using Richyâ€™s sobering tips, I went out and found how-to articles on each of these “dedicated Linux server for dummies” points – just so you could realize just how much work goes into “hardening Linux servers for dummies:”
- Plan first, Implement Second
- Close All Unused Ports
- Minimize Privileges
- Protecting the Boot Process
- Turn off all unused services.
- Check your system logs, OFTEN!
- Remove Stale and Unnecessary Accounts
- Scanning your system for rootkits (modified binaries)
- Remove unnecessary programs (â€rpm -qaâ€)
- Keep up with your operating systemâ€™s Security announcements
- Scan/Attack your own system
- Enforce a strong password policy
Now if this hasnâ€™t scared you out of running your own server in the basement of your church or charity (and Iâ€™m hoping it does),
then may suggest, rather â€¦ I COMMAND YOU to go buy and then read â€œHacking Linux Exposedâ€ before you take the dive.
Seriously, consider the costs of trying to save money by running a box out of an unused closet or corner of your church. It may be more expensive in time and lost off data than you think. At least think of all the work that goes into hardening Linux web servers these days.
How â€™bout some of you other pros out there? Iâ€™m sure Iâ€™ve missed something. Leave a comment, we’ll add to the list.