Having done many things to my server, I have started to forget the many steps, so here's a list of some sensible steps to secure a server. Other articles:
This may sound stupid, but there are many automated attacks trying simple passwords, especially if your website annoys someone...
Also, do not use root for everyday business, use another, less obvious account.
if you're running services there (like a mysql) or something, via iptables. Leave only legitimate application port numbers like 80 open to the world.
If possible, use iptables to block access except from a known IP address. May not work if you need access from anywhere...
Make sure telnet and other access services are disabled - only allow ssh for connections and secure it appropriately.
vi /etc/ssh/sshd_config PermitRootLogin no MaxAuthTries 2 service ssh restart
Make sure you have another user that you can login to, so you can ssh to that user and then su to root.
Also add this line - it will make logging in faster:
iptables -A INPUT -p tcp --dport 22 --syn -m limit --limit 3/m --limit-burst 3 -j ACCEPT iptables -A INPUT -p tcp --dport 22 --syn -j DROP
Check the /var/log/auth.log every now and then for break-in attempts
It is important to keep the time up to date on your server, so heed this: help.ubuntu.com/community/UbuntuTime
#!/bin/sh ntpdate ntp.ubuntu.com
and make it executable:
sudo chmod 755 /etc/cron.daily/ntpdate
http://stackoverflow.com/questions/6392/java-time-zone-is-messed-up # sudo cp /etc/localtime /etc/localtime.dist # sudo ln -fs /usr/share/zoneinfo/Canada/Eastern /etc/localtime
# echo "Canada/Eastern" | sudo tee /etc/timezone