Before you deploy any Linux server online, we recommend that you go through this checklist to prevent a breach and/or a compromise.
- Single purpose server. Is this server single purpose? Do not run a mail server with a web server (different purposes), for example. Or a web server with a DNS server. Do not mix purposes as it increases the chance of a mass scale compromise.
- Security Levels. Do not mix security levels. If you are running a web server with multiple web sites and some of them are non-business critical, while others are very critical. Run them into different servers.
- iptables configured. Did you configure iptables to only allow the traffic that should be allowed. You can verify your iptables rules by running:
# iptables -nvL
- ip6tables configured. Do not forget about ip6tables (iptables for ipv6). Most servers now come with IPv6 by default, so make sure the rules are applied there. You can verify your ip6tables rules by running:
# ip6tables -nvL
- Unused services (and ports) removed. Disable all services that should not be running. A quick way to see all the ports open and the associated services is with netstat:
# netstat -tanep |grep LIST
- System is updated. Is your operating system (and all packages) updated? You can update Ubuntu (and derivatives) with
# apt-get update.
For CentOS (and derivaties), run:
- Backups is configured. Did you configure a process to keep the server properly backup? Either via the hosting platform backup offering or some other backups software.
- Logging is monitored. Did you install the proper software to monitor your logs? OSSEC, Splunk or similar tool is often used.
- Uptime monitoring is configured. Did you add the server IP address (or domain name) to the uptime monitoring system you have in place?
- Server is rebooted. Did you reboot the server to confirm that all services start on boot automatically?
And that’s pretty much it. If you have any more suggestions for our check list, let us know.