Keeping your server safe

Question

I have a typical vps server with some custom sites on it running on port 80, a mail server, I don't have a DNS server and it is a default ubuntu 12.04. I don't have any admin panel, I am doing all the administration through command line.

I am wondering what is an absolutely important routine for keeping safe a server like this?

For example, installing a monitoring tool and been aware of the network traffic, doing often the updates (how often?), been aware of important logs etc. What tools would you suggest?

I don't want suggestions like change ssh port etc. which are things that you are doing them just one time, I am more interested about a daily/weekly/monthly security routine, what log files do you think as important to follow, how do you watch them and how often.

Answer 1

installing a monitoring tool

If this is only one box, i would not install any monitoring tool, rather rely on scripts. However if you want to go with monitoring tools, i would pick zabbix [monitoring] & ossec [IDS]

doing often the updates (how often?)

Depends lets take e.g of recent vulnerability on heartbleed, how would you choose to get notified? you must keepupto date yourself on these things, and ensure patching on time.

What tools would you suggest?

Customer facing site: Do you do payment related things, and would like to get uptodate with PCI and DSS, you can do commercial scanning you can have a look around with comodo, qualys etc.

been aware of important logs etc

This is why i suggested ossec, in most occasion (by default) ossec will take care of this.

Important log files: enable kernel logging by editing rsyslog.conf or syslog.conf depending upon what version you use.

mailog/secure/messages/syslog/xferlog/dmesg/dovecot.. [Note: this all might not be related to your distro.]

And this will list might never end tbh :)