There's copious amount of information on the internet about how to secure your web server against script kiddies and junior hackers. As a beginner, it all looks scattered and sometimes conflict (or two ways of doing the same thing apparently) and can't really decide the copy paste scripts are really good for me.
I'm building my CentOS server and would like everyone to contribute on the common things you would to secure the webserver. I'm not really looking for how to's here but list of tasks. I'd like to stick to security for the most part.
Topic: Linux Webserver (LAMP) Security
I'll start with the basics:
#] Strong passwords!
#] Get all security updates
#] Do not allow root access in SSH and FTP, and perhaps change the default port 22 to something else, like 8877 and add ListenAddress
#] Lock down all ports not used in iptables (Any other tips on IP tables? good links?)
#] Create another user and do not use root, the other user should be in the sudoer file, perhaps can execute only certain commands
#] (Sort of Security): Do not boot to X-Windows, use runlevel 3, see inittab file. you can always start x-windows by typing "startx", saves memory.
I'm sure there's many more, but that's what I can think of right now, please suggest anything and everything you can so we can have a good collection here.
Thanks!
Dan
4. Get all security updates