1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Linux VPS Security Tips

Discussion in 'Site & Server Administration' started by ajstetson17, May 30, 2016.

0
  1. #1
    Hi everyone,

    I'm somewhat new to server administration, but I am very interested in it. For the past few months, I've been renting a VPS to start learning how to manage a server (I learn better by doing). I think I have a pretty good grip on things now but wanted to ask you all if there is anything I can do to strengthen security.

    Here's what I have so far:
    Keep everything up-to-date (obviously), disabled Root Login, use only SSH keys for login (with all keys password protected), changed SSH Port, setup firewall, setup fail2ban, used mysql secure installation, removed nginx version number header, setup headers to prevent XSS, Clickjacking, and MIME sniffing, and setup SSL for entire site (with Mozilla recommended cipher suite, longer dhparam, etc.).

    I think that's everything. If anyone has any suggestions to improve my setup, let me know.
     
    ajstetson17, May 30, 2016 IP
  2. 24x7servermanagement

    24x7servermanagement Greenhorn

    Messages:
    18
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    23
    #2
    You need to have mod-security installed and integrated with nginx. Also install maldet on the server to scan actively for malware contents being uploaded.
     
    24x7servermanagement, Jun 10, 2016 IP
  3. SlimCharles47

    SlimCharles47 Greenhorn

    Messages:
    86
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    23
    #3
    SlimCharles47, Jun 27, 2016 IP
  4. ilyasdeckers

    ilyasdeckers Member

    Messages:
    12
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    26
    #4
    I highly recommend csf firewall. It is the most powerful open source iptables configuration software I have ever used. It blocks bruteforce attacks, can detect SYN Flood attacks, handles blocklists,...
    I also suggest that you look into nginx-naxsi, it is a WAF for nginx with some powerful rule-sets build in
     
    ilyasdeckers, Jul 7, 2016 IP
  5. ajstetson17

    ajstetson17 Peon

    Messages:
    7
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #5
    Thank you for the advice. I actually was already looking into naxsi before writing the original post. I put it aside as I was working on something else at that moment but I'll look into it again. As for csf, I actually have heard of it before. Upon looking into it, it seems like a better system than my current ufw+fail2ban setup, so I'll look into integrating it into my server.

    Thanks for the advice. As I said above, I am looking into using naxsi, which is an alternative to mod-security. As for a malware scanner, that idea totally slipped my mind. Thanks for pointing it out. I'll definitely look into using one going forward.

    Thanks for the article. There is some pretty good advice in there.
     
    ajstetson17, Jul 7, 2016 IP