Excellent list from Damian. Additions/comments:
> 2) Check your iptables firewall rules match the ports required for
> services.
Consider using an iptables "builder" program to ease maintenance and
reduce errors in configuring iptables. I'd recommend Shorewall but there
are others.
4) Do not allow direct root access to SSH, create user
> accounts and consider using /etc/sudoers. Consider switching to an
> different port number.
If possible, firewall out the port used by ssh to only allow access from
those that need it. Not always practical, but often it is.
> 8) Ensure you check log files regularly for any spurious
> activity.
If you're using a Debian-derived distro (as you are), install, understand
and tune 'logcheck'.
Plus:
- install a backup utility that creates off-site backups, ideally
automatically. Ensure that restores are tested regularly.
- be wary of installing packages that are not in the official repositories
- (maybe controversial) if you really care about security, use Debian
rather than Ubuntu
--
Keith Edmunds
+-------------------------------------------------------------------------+
| Tiger Computing Ltd | Helping businesses make the most of Linux |
| "The Linux Specialists" | http://www.tiger-computing.co.uk |
+-------------------------------------------------------------------------+
