3

I need to install Debian for a webserver on a dual-Xeon machine, and it must be as "secure" as possible, with whatever programs and features are available (Firewall, Antivirus, etc).

I need basic webserver functionality, with the LAMP stack (where P is PHP), minus the FTP since I have constant physical access and I don't want to open a hole for attacks and unauthorized access.

  1. What version/edition do I download, burn and install? I don't understand the myraid of editions.
  2. How do I install/configure the LAMP stack (with admin panels) in order to get my server online?
  3. How can I setup the software for maximum anti-hacker protection, especially for Databases?
  4. Any dashboard and monitoring softwares that help in reading server performance/overloading?
Community
  • 1
Robin Rodricks
  • 560
  • 2
  • 12
  • 27

3 Answers3

6

Good questions. First, always install the latest Debian version (stable) and go from there. Choose the minimum install and after it is completed use apt-get to get the packages you need:

# apt-get install apache2
# apt-get install php5
# apt-get install mysql-server

That should get your LAMP ready (Linux + Apache + MySQL + PHP).

Since you mentioned maximum security, I will say to do not install any of these graphical tools to manage your server (like cpanel, webmin, etc). Apache + PHP + Mysql configuration is simple enough to do via the terminal (plus, they come almost pre-configured by default).

To monitor, I will suggest OSSEC (will monitor your logs, changes on your important files, etc).

sucuri
  • 2,867
  • 1
  • 23
  • 22
  • 2
    Maybe could you elaborate on the configuration? Or at least link to a resource for it? I have done the configuration command-line many times, but don't remember offhand, and security can be hard to implement, especially without guidelines as to what needs to be watched for. – Joshua Nurczyk Jun 11 '09 at 20:09
  • 2
    Just FYI, Debian (at least Etch) doesn't have apache2-mod-auth-mysql; in case you wanted to use that... – ParoX Jun 11 '09 at 21:41
  • I just started playing with this in the lab for a possible migration of windows to Linux for a web server as well. The download of debian server I had listed a LAMP install as part of the initial setup. Why should I not use that instead of doing the minimum install and then going out and getting the LAMP packages like you suggest here? – AudioDan Jun 14 '09 at 13:35
3

This is the only information you are going to need for installation.

http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3

As for Xeons, you probably want the i386 distro unless they are 64bit procs(can still get away with this).

XTZ
  • 183
  • 1
  • 1
  • 10
3

To address your security concern, I would install iptables and only allow port 80 (and 443 if necessary) to the public.

Then I would install openvpn (allow its port on the firewall as well), and do all of your management via a VPN connection.

Then stay on top of your security updates - have the system check the repositories every day and email you about all available updates, and apply them as soon as you are able. For a LAMP stack I would also add the dotdeb repositories to your /etc/apt/sources.lst, as dotdeb stays much more on top of patching the latest php/apache/mysql vulnerabilities than debian does.

Brent
  • 22,857
  • 19
  • 70
  • 102