Linode

This is a quick reference to install my preferred LAMP on Linode VPS. It is not of public interest:

Ubuntu Server

  • adduser xxx
  • Add xxx to sudoers using visudo
  • Uncomment more repositories in /etc/apt/sources.list
  • Change PS
  • Install wget
  • Install using wget: Java, Tomcat
  • Install using apt-get: Apache2, Mysql, iptables
  • Secure sshd_config
  • Do iptables using linwiz and then add these as a script to rc.local
  • sudo apt-get install libapache2-mod-jk to install and enable mod_jk
  • Include your config file to the end of apache2.conf using "Include /etc/apache2/custom.conf"
  • Don't forget to copy jar libraries

CentOS

  • Add xx to root: usermod -a -G root xx
  • yum update
  • downloaded java from sun using wget and install (not as root)
  • yum install mysql-server and START it after installation: /sbin/service mysqld restart
  • yum install sudo and then add xx to /etc/sudoer
  • yum install: man, which, httpd (apache2), wget, vixie-cron (crontab on CentOS)
  • FTP: Use a client with SFTP protocol using an existing user/pass
  • install PRMForge for more repositories: http://wiki.centos.org/AdditionalResources/Repositories/RPMForge
  • MySQL:
    • Comment out skip-networking in /etc/my.conf. It is used to disable TCP access. Don't forget to restart: /etc/init.d/mysqld restart
    • Comment bind-address as well. You don't need it.
    • Grant a user on a certain IP: GRANT ALL ON mytestdb.* TO xx@'192.168.1.1' IDENTIFIED BY 'test';
  • SHH
    • Add "PermitRootLogin no" and "MaxAuthTries 3" to the end of /etc/ssh/sshd_config so that root can not ssh.
    • Uncomment "ListenAddress 0.0.0.0" for a login error.
    • See ssh section in my linux-how-to for more.
  • iptables
    • Use: http://www.lowth.com to generate iptable firewall rules.
    • Keep http, ssh and 3306 open. ping closed. give mysql grant to certain users on certain IPs.
  • Security:
    • Use a log scanner such as sshguard or fail2ban.
    • Have a hard-to-guess username and a complex password.
    • Comment out all Tomcat users or use very complex username/password.
  • Add startup scripts such as iptables changes, apache httpd, mysql, … to rc.local before "touch"
  • Create /home/the_user/log ?
  • Everytime you restart tomcat, you need to restart apache ?
page_revision: 42, last_edited: 1255089076|%e %b %Y, %H:%M %Z (%O ago)
EditTags History Files Print Site tools+ Options
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License