Old, Boring and Popular ~ Server administration tips from Marco Arment
If you haven’t already you should subscribed to this wonderful podcast called Under the Radar. These tips are from episode 13 of this podcast:
- Pick a very popular but conservative Linux distribution (à la CentOs, Ubuntu)
- Turn on auto-updates for much of the system software as possible …. that will take care of most security problems for you.
- Take advantage of built-in isolation on Linux machines … If you only have one server make the internal stuff listen on localhost. So that you can’t login into MySQL/memcached from outside. If you have multiple servers, use private networking.
- Disable password authentication in SSH
- Collect as little user data as possible to get your job done. Worst case scenario somebody hacks into your server and take your database … if you can get away with not having people’s email address then don’t take it. If you are taking passwords from people then hash those using secure password hasing like bcrypt on strong setting … Google for more info.
- Have database backups and encrypt those backups. I write my DB backups to a write only S3 account, so credentials on the machine can only write to the bucket and not read from it so someone who hack into the machine can’t hack in and delete the backups.