thanks a lot for these steps, I will follow them and hope to find all up and running. On 23/02/2012 09:41 PM, John R Pierce wrote: > On 02/23/12 11:05 AM, Wuxi Ixuw wrote: >> Please suggest a one as I am keep goggling and all result bring books >> dealing with linux as a real server and not a vps. > you could do worse than starting here... > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/ > > VPS and real hardware work exactly the same once the software is installed. > > my base level suggestions: > > * start with a *minimal* install of the latest release (currently 6.2) > * create your user account, give both user and root account different > secure passwords > * secure the SSH server (no root, key instead of password > authentication, only allow ssh from your home/office networks or a > few secure 'bastion' hosts, etc) > * yum update right after install and reboot > * install *just* the services you need, only from trustworthy yum > repositories > * secure the services you install as appropriate > * document your configuration, including what packages you needed to > install > * script a secure backup of your configuration specific conf and data > files to reliable offsite storage. > * plan on regular yum updates, and staying up on security alerts, such > as CERT > > > by far the biggest threat to servers are things installed on top of > them, like web applications... for instance the very popular WordPress > has a long and checkered history of security exploits, ranging from > annoying to root elevation... > http://www.wordpressexploit.com/ > > ANY user written web code has to be designed with security in mind, no > matter how insignificant your little web server is, its valuable to the > black hats as a proxy for their evil, and the worms and exploit scanners > will find a wide range of poor design > > http://xkcd.com/327/ > > >