Tjoskar - Code and other stuff

A few, initial, steps to setup a ubuntu (14.04) server.

Make sure you have the latest software updates

$ sudo apt-get update
$ sudo apt-get upgrade

Create a new user and add sudo privileges

$ sudo adduser newUserName
$ sudo usermod -aG sudo newUserName

Add your SSH key

$ mkdir ~/.ssh && cd ~/.ssh
$ nano authorized_keys # Insert your public key
$ cd ..
$ chmod 700 .ssh
$ chmod 644 authorized_keys

Update SSH config

$ sudo nano /etc/ssh/sshd_config

Example config:

Port 500
Protocol 2
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  %h/.ssh/authorized_keys
IgnoreRhosts yes
AllowUsers newUserName # Change to your username!
PermitEmptyPasswords no
PasswordAuthentication no

Enable iptables.

# Explicitly accepts your current SSH connection
$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Accepts 500, 80
$ sudo iptables -A INPUT -p tcp --dport 500 -j ACCEPT
$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Loop back
$ sudo iptables -I INPUT 1 -i lo -j ACCEPT
# Drop all other
$ sudo iptables -P INPUT DROP

Do the same for ip6

$ sudo ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$ sudo ip6tables -A INPUT -p tcp --dport 500 -j ACCEPT
$ sudo ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
$ sudo ip6tables -I INPUT 1 -i lo -j ACCEPT
$ sudo ip6tables -P INPUT DROP

List the rules

$ sudo iptables -L --line-numbers
$ sudo ip6tables -L --line-numbers

Install LAMP

$ sudo apt-get update
$ sudo apt-get install apache2
$ sudo apt-get install mysql-server php5-mysql
$ sudo mysql_install_db
$ sudo mysql_secure_installation
$ sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt
$ sudo apt-get install php5-curl php5-gd php5-json php5-imagick

Update apache. Make apache to first search for index.php files. Change /etc/apache2/mods-enabled/dir.conf from:

<IfModule mod_dir.c>
    DirectoryIndex index.html ... something
</IfModule>

to:

<IfModule mod_dir.c>
    DirectoryIndex index.php index.html
</IfModule>

Hide Apache Version and OS Identity from errors by edit /etc/apache2/apache2.conf

ServerSignature Off
ServerTokens Prod
<Directory /var/www/html>
    Options -Indexes
</Directory>

Install Mod Security

$ sudo apt-get install libapache2-modsecurity
# You should now see something like 'security2_module (shared)'
$ apachectl -M | grep --color security
# Create and change the config file
$ mv /etc/modsecurity/modsecurity.conf{-recommended,}
$ nano /etc/modsecurity/modsecurity.conf

Example config:

SecRuleEngine On
SecResponseBodyAccess Off
SecRequestBodyLimit 5107200

Restart apache

$ sudo service apache2 restart

Update PHP config (for apache)

$ sudo nano /etc/php5/apache2/php.ini

Example config

expose_php=Off
display_errors=Off
log_errors=On
file_uploads=Off
allow_url_fopen=Off
allow_url_include=Off
max_execution_time =  30
max_input_time = 30
memory_limit = 40M

Enable mcrypt for PHP-CLI by adding extension=mcrypt.so

sudo nano /etc/php5/cli/php.ini

This was just a basic installation, you will still have to configure your system after your needs.

Setup ubuntu server