Major Webserver Setup Rules: The „must“ do!

If you want to setup a fresh secure Webserver then use this list

  • dont ever upload data, files, images on the Webserver who are classified as „secret“
  • setup daily full backup with Cron
  • view daily the system logs, auth, www, errors …
  • setup a local firewall with less opened ports 80,25 ..
  • setup daily automatic updates by cron
  • reduce the count of users who can login
  • use no logical usernames
  • force long passwords by rules min 15 digits
  • setup a daily load monitor by „uptime“ to log
  • setup a realtime network monitor by „iftop“
  • use „nmap“ as local portscan to test settings
  • remove unneeded software packages and services, less is more..
  • change monthly passwords forced by rules
  • upload only via encrypted SFTP and use Login Keys
  • copy hourly your Logs on /var/log to a other external place (scp/rsync) by cron
  • use ECC-RAM to have save RAM usage againts RAM attacks
  • use 2 HDD’s as Raid 1 and setup mail of root to post failures to your box
  • mount the Webserver root file system readonly, that no one can modify /etc
  • dont use Java, PHP, Tomcat, or other Adminpanels if you really need them!

I hope this rules help you to protect your Server..