Linode

This is a quick reference to install my preferred LAMP on Linode VPS. It is not of public interest:

Ubuntu Server

  • adduser xxx
  • Add xxx to sudoers using visudo. Add xxx ALL=(ALL) ALL before exist command.
  • Uncomment more repositories in /etc/apt/sources.list and update/upgrade.
  • Get using wget: Java, Tomcat
  • Install using apt-get: Apache2, Mysql, iptables
  • Secure /etc/ssh/sshd_config
  • Do iptables using linwiz and then add these as a script to rc.local
  • sudo apt-get install libapache2-mod-jk to install and enable mod_jk using a2enmod command
  • Include your custom apache config file to the end of apache2.conf using "Include /etc/apache2/custom.conf"
  • Using fail2ban. Logs are in /var/logs/fail2ban.log
  • Create private/public keys between Linode and client machines to copy/deploy (single click deployment!) without being asked for password.
  • Install php after installing apache. It will configure itself with apache.
  • Change PS
  • give tomcat and jdk generic names and remove versions
  • add crontab (crontab -e) for the current user for backup, not root. 0 0 * * * /home/…/scripts/backup-fast-changing.sh

MySQL:

* Comment out skip-networking in /etc/my.conf. It is used to disable TCP access. Don't forget to restart: /etc/init.d/mysqld restart
* Comment bind-address as well. You don't need it.
* Grant a user on a certain IP: GRANT ALL ON mytestdb.* TO xx@'192.168.1.1' IDENTIFIED BY 'test';
* Add default-character-set=utf8 to mysqld and client sections in /etc/mysql/my.cnf

SHH

* Add "PermitRootLogin no" and "MaxAuthTries 3" to the end of /etc/ssh/sshd_config so that root can not ssh.
* Uncomment "ListenAddress 0.0.0.0" for a login error.
* See ssh section in my linux-how-to for more.

iptables

* Use: http://www.lowth.com to generate iptable firewall rules.
* Keep http and ssh open, ping closed.

Security:

* Use a log scanner such as sshguard or fail2ban.
* Have a hard-to-guess username and a complex password.
* Comment out all Tomcat users or use very complex username/password.

CentOS

  • Add xx to root: usermod -a -G root xx
  • yum update
  • downloaded java from sun using wget and install (not as root)
  • yum install mysql-server and START it after installation: /sbin/service mysqld restart
  • yum install sudo and then add xx to /etc/sudoer
  • yum install: man, which, httpd (apache2), wget, vixie-cron (crontab on CentOS)
  • FTP: Use a client with SFTP protocol using an existing user/pass
  • install PRMForge for more repositories: http://wiki.centos.org/AdditionalResources/Repositories/RPMForge
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License