[CentOS] Please I'd like to install 2 websites on my un managed VPS on CentOS6
John R Pierce
pierce at hogranch.com
Thu Feb 23 19:41:12 UTC 2012
On 02/23/12 11:05 AM, Wuxi Ixuw wrote:
> Please suggest a one as I am keep goggling and all result bring books
> dealing with linux as a real server and not a vps.
you could do worse than starting here...
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/
VPS and real hardware work exactly the same once the software is installed.
my base level suggestions:
* start with a *minimal* install of the latest release (currently 6.2)
* create your user account, give both user and root account different
secure passwords
* secure the SSH server (no root, key instead of password
authentication, only allow ssh from your home/office networks or a
few secure 'bastion' hosts, etc)
* yum update right after install and reboot
* install *just* the services you need, only from trustworthy yum
repositories
* secure the services you install as appropriate
* document your configuration, including what packages you needed to
install
* script a secure backup of your configuration specific conf and data
files to reliable offsite storage.
* plan on regular yum updates, and staying up on security alerts, such
as CERT
by far the biggest threat to servers are things installed on top of
them, like web applications... for instance the very popular WordPress
has a long and checkered history of security exploits, ranging from
annoying to root elevation...
http://www.wordpressexploit.com/
ANY user written web code has to be designed with security in mind, no
matter how insignificant your little web server is, its valuable to the
black hats as a proxy for their evil, and the worms and exploit scanners
will find a wide range of poor design
http://xkcd.com/327/
--
john r pierce N 37, W 122
santa cruz ca mid-left coast
More information about the CentOS
mailing list