Old, Boring and Popular ~ Server administration tips from Marco Arment
If you haven’t already you should subscribed to this wonderful podcast called Under the Radar. These tips are from episode 13 of this podcast:
- Pick a very popular but conservative Linux distribution (à la CentOs, Ubuntu)
- Turn on auto-updates for much of the system software as possible …. that will take care of most security problems for you.
- Take advantage of built-in isolation on Linux machines … If you only have one server make the internal stuff listen on localhost. So that you can’t login into MySQL/memcached from outside. If you have multiple servers, use private networking.
- Disable password authentication in SSH
- Collect as little user data as possible to get your job done. Worst case scenario somebody hacks into your server and take your database … if you can get away with not having people’s email address then don’t take it. If you are taking passwords from people then hash
Continue reading →