0

We recently deployed a Rackspace Cloud Server of the Debian (Lenny) flavour. The server basically just needs to be set up as a LAMP server, but it will need to be put through the tests of a PCI Compliance ASV. This means things like a secured firewall and virus scanner will be necessary.

While I could go to the trouble to set everything up manually and through the process of elimination, get the server to pass the vulnerability scan, I thought I would first see if someone out there has a script or two handy to deploy a secured LAMP server.

The script would ideally configure and secure: - Apache/MySQL/PHP... obviously ;) - PhpMyAdmin - SVN - iptables - AVG for linux? (or some other virus scanner?) - SSL certificate

Other considerations for the script might be to: - Disable root access via ssh - Set up a user for SFTP access? - Configure sendmail to use a third party smtp server

Perhaps this is wishful thinking... but surely someone out there has done this!

Cheers

1nsane
  • 123
  • 1
  • 1
  • 6

2 Answers2

1

The problem is that everyone has a slightly different idea of what is the perfect setup. We use Puppet for configuring new nodes and there are some reusable puppet modules in puppet forge, but we usually end up customizing them. I've been meaning to write an article about setting up puppet, but real work prevents me from progressing.

ptman
  • 27,124
  • 2
  • 26
  • 45
0

You could take a look at the Debian package bastille. It's a server hardening script designed to increase security in a standardized way.

Fladi
  • 850
  • 4
  • 7