Description

This document will be focused on helping you setup a secure web hosting environment on a Centos VPS (Virtual Private Server). For other Linux or Unix-like systems many of the actual configuration options will be similar or identical but some file names, file paths, commands, etc may be different depending on the operating system. Therefore, instructions for your particular system may vary. It does not matter what operating system you use, only that you are comfortable and familiar with it. You’re free to adapt the instructions here to your setup or search for something more specific on the Internet.

Purpose & Scope

This document starts from scratch and assumes you have just received or setup a new VPS with Centos Linux on it and have done no configuration yet. The theory here is to start in a very restrictive state and selectively allow access to the required services or functionality as needed. In this way, we’re not unnecessarily exposing ourselves to potential threats before we’ve had a chance to properly setup the environment.

Mandatory Setup

    Filesystem

  1. Secure sshd
  2. Create user accounts / groups (usermod, useradd, userdel, groupadd, groupdel)
  3. Filesystem permissions (chmod)
  4. Filesystem ownership (chown)
  5. Sudo Configuration (visudo)
  6. Generate 4096 Bit RSA public/private encryption keypair
  7. Installation and configuration of SELinux
  8. Networking

  9. Netfilter IPtables / IP6Tables firewall rules
  10. Installation and configuration of Fail2ban
  11. Installation and configuration of Denyhosts
  12. Enable Network Time Protocol ntp/ntpdate
  13. Set system timezone, Example: ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
  14. Webserver

  15. Installation and configuration of Apache httpd
  16. Installation and configuration of nginx
  17. Installation and configuration of PHP-FPM
  18. Installation and configuration of SSL/TLS certificates
  19. Installation and configuration of mod_security
  20. Installation and configuration of mod_evasive
  21. Installation and configuration of mod_ssl
  22. Database

  23. Installation and configuration of MariaDB / MySQL
  24. Database container setup
  25. Database dumps and backups

Optional Setup

These things are not necessary but will certainly help you in your day to day management of the server and/or clients by providing useful stats, log analysis, secure file-sharing and database management.


Post Setup Options

Last Modified: 6 Feb, 2016 at 22:19:17