Language Selection

English French German Italian Portuguese Spanish

Quick Guide to Securing a Lamp Server

Filed under

In the last few years on the Internet the price of dedicated servers have went down and more people are beginning to use them for their sites, game servers, or small hosting companies. With this comes as I was talking about in my last article inexperienced admins. Lots of people I spoke too are too intimated by the linux shell and try to administer their server completely from the control panel.
This short guide will show you a few copy and paste walkthroughs you can use to help secure your server, these should work with any control panel, the mod security update script however is only for apache2. Using these tools and using basic security procedures will help you keep your server secure and free of hackers, spammers, and other annoyances.

Using linux as a personal desktop helps a lot as well as it gets you used to using the command line. The other extremely valuable tool is google. I would probably be nowhere without google. You can look stuff up as you go and find about any answer to any question you may have, Plus there is lots of walkthroughs just like this one I am just putting all the basic ones together.

OK this is not a complete guide but those who are less experienced should be able to follow these walkthroughs and make their server more secure then it was before.
First thing, install apf, bfd, and dos deflate. Complete walkthrough HERE
Note: Dos deflate will not work with debian unless you disable ipv6.

Next install modsecurity using the simple guide from, guide can be found HERE

After you install mod security make a directory in /etc called modsecurity. Use my update script found HERE (apache2 only)
This will get all the latest rules from when you have them at the bottom of the mod security configuration in httpd.conf put
Include /etc/modsecurity/apache2/rulename.conf
I suggest using them all besides rules.conf as it gives lots of false positives.

Now if you have shell users or are running redhat, fedora, or debian you most likely need to update your kernel. Now this isn't as hard as you would think, with this copy and paste guide I made that is all you have to do is copy and paste, same as these other tutorials.
The guide can be found HERE. I will be making one for debian soon but you just use any basic debian kernel how to and patch the kernel the same way as you do in this one.

Once you have modsecurity installed keep an eye on the audit log to make sure it is not giving any false positives or blocking legitimate web apps. With the ruleset and rules you have included it should not unless someone is using some oddball web app.
None of these will make your server totally secure, it takes basic security practices such as using strong passwords, not using the same password for everything, and keeping up with all the latest exploitrs and hacking methods.

If you ever get hacked don't go ranting about how you are gonna prosecute so and so, go find out how they done it, how they got in, and what you can do to prevent it again. You will most likely never track down the hackers and the FBI most likely will not care so secure your system and make sure it does not happen again. As I have explained before defacers can actually be helpful to admins. That's about it, good luck and stay on your toes.

More in Tux Machines

OpenStack in the Headlines

  • From OpenStack Summit, Red Hat Reports That the Deployment Era is Here
    As noted here yesterday, OpenStack is here to stay in enterprises. A new study by 451 Research analysts shows that about 72 percent of OpenStack-based clouds are between 1,000 and 10,000 cores and three fourths choose OpenStack to increase operational efficiency and app deployment speed. Meanwhile, in conjunction with OpenStack Summit in Barcelona, Red Hat is out with very notable results from its polling of its OpenStack user base. Its study found that production deployments increased hugely in the last year, according to a survey of 150 information technology decision makers and professionals carried out by Red Hat.
  • You can run the same programs on 16 different OpenStack clouds
    Cloud companies like to talk about about how you can avoid vendor lock-in. And OpenStack just showed how to make it happen. Sixteen different vendors did a live demo at OpenStack Summit showing that you could run the same software stack on 16 separate OpenStack platforms.
  • ​Where OpenStack cloud is today and where it's going tomorrow
    The future looks bright for OpenStack -- according to 451 Research, OpenStack is growing rapidly to become a $5-billion-a-year cloud business. But obstacles still remain.
  • ​Mirantis OpenStack: The good news and the bad news
    Mirantis recently signed a major deal with NTT, but the company is also laying off some of its employees.
  • The World Runs on OpenStack
    The OpenStack Summit keynotes got underway the morning of October 25, with Mark Collier, Chief Operating Officer of the OpenStack Foundation, declaring that the world runs on OpenStack.
  • Study: OpenStack is Marching Forward in Enterprises
    How fast is the OpenStack global cloud services market growing? Research and Markets analysts came out with a new report recently that forecasts the global OpenStack cloud market to grow at a CAGR of 30.49% during the period 2016-2020. Many enterprises now have large scale OpenStack deployments, and in conjunction with this week's OpenStack Summit in Barcelona, new study results are shedding light on exactly how entrenched this open cloud platform is in enteprises. The bottom line is: OpenStack is here to stay in enterprises. OpenStack deployments are getting bigger. Users are diversifying across industries. Enterprises report using the open source cloud software to support workloads that are critical to their businesses. These are among the findings in a recent study by 451 Research regarding OpenStack adoption among enterprise private cloud users. About 72 percent of OpenStack-based clouds are between 1,000 and 10,000 cores and three fourths choose OpenStack to increase operational efficiency and app deployment speed. The study was commissioned by the OpenStack Foundation. Here are some of the companies discussing their OpenStack deployments in Barcelona: Banco Santander, BBVA, CERN, China Mobile, Comcast, Constant Contact, Crowdstar, Deutsche Telekom, Folksam, Sky UK, Snapdeal, Swisscom, Telefonica, Verizon, Volkswagen, and Walmart. You can find some of the specific deployment stories from the companies at the OpenStack User Stories page.

Alpine Linux 3.4.5 released

The Alpine Linux project is pleased to announce the immediate availability of version 3.4.5 of its Alpine Linux operating system. This is a bugfix release of the v3.4 musl based branch, based on linux-4.4.27 kernels and it contains important security fixes for the kernel and for musl libc. Read more

Linux Graphics

Games for GNU/Linux