[Ask HN] Server Security and Hardening. How to non Sysadmins do it?

by pmjoyce on 4/7/2010, 3:33 PM with 6 comments

I have a new web project about to surface for which I'm moving away from Rackspace Sites. After reading around I've decided to opt for a Linode VPS.

The problem is that I have no experience in systems administration and in particular the initial setup and security. In addition this is not something I wish to learn or experiment with right now - I have more than enough on my plate.

I'm considering farming out the initial setup and a monthly maintenance to a third party possibly via Elance.

Has anyone here had any experience with this approach? What are the pitfalls? Is there another method I should consider?

  • by bittersweet on 4/7/2010, 5:38 PM

    I'm with Linode as well but I have to say Slicehost has awesome guides that can really show you everything you need to do to setup your vps.

    Have a look at the following link for example. [1]

    [1] http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-p...

  • by yourabi on 4/7/2010, 4:12 PM

    A) since you have a relationship with Rackspace, why not rackspace cloud?

    B) Unless this is a multi user system with the most likely vector of attack is your application itself not system level.

    Having said that here are some common tips: run ssh on a nonstandard port, Restrict who can log in via ssh (PermitRootLogin no) and only allow a few people remote access (AllowUsers foo bar) install a firewall (iptables) that blocks all ports except the ones you need publicly available (probably 80, 443).

    It is worth taking the time to learn the basics. This is not something you want to outsource to elance.

  • by tasaro on 4/16/2010, 3:54 AM

    The Linode Library may be of interest to you as well: http://library.linode.com/