what are the necessities every servr must have installed?

Operating System?

besides OS and controlpanels

first thing I do is re-compiling kernel. after I setup firewall; only then I'm deleting all binary packages lived on the server and leaving GCC only, then I rebuild everything I need from sources

Originally posted by Miha
first thing I do is re-compiling kernel. after I setup firewall; only then I'm deleting all binary packages lived on the server and leaving GCC only, then I rebuild everything I need from sources

Masochist!

Patches, of course

Then disabling used network services like lpd and portmap

Firewall; SynCookies; Lock down ssh; tcpwrap telnet as a back door;

Fix the hostname;

Fix the time - xntpd

Fix the timezone; Set the system clock to UTC

Install a local caching nameserver listening on loopback interface. Fix resolv.conf

Admin utilities - nmap; lynx; netcat; tcpdump; lsof; gcc;

Custom version of Apache or whatever other *core* service this machine is going to be doing.

Fix init files, reboot and pray.

Originally posted by kicker
and pray.

Ahh, the most important part :D

Originally posted by kicker


Masochist!

Am I called so because I remove all binaries from the server?
Unforunately, but a lot of binaries aren't built as I need them and they have security holes in them. Further more a lot of binaries aren't "current versions".

kicker, don't you rebuild kernel on the server? Do you prefer to run default kernel that came as a binary compiled on another machine and came on your distro's CD? I do not respect admins who run default kernels on the server.:(

first thing to install...Cpanel. Simple

Originally posted by TheVoice
first thing to install...Cpanel. Simple

Oh and the problems begin...

Cpanel Alone won't lock a system down. There are many other things needed to make a system secure and stable.

care to go into more detail?

Can anyone point us neophytes to any good online tutorials???

And can anyone recommend freebsd over redhat 7.2 or 7.3 in terms of security?

well 7.2 is Ok .1's and .3's are no good (in terms of overall reliability and security)

ports collection
cvsup-without-gui
sync source and ports
configure kernel
configure firewall
enable quotas
edit login.conf
set hostname
install sudo
write appropriate wrappers
configure ids
install control panel
install cpu and ram checking software
burn for 3 days
add server to billing system

voila!

For RedHat:
up2date

Originally posted by seg fault

install control panel
install cpu and ram checking software


Care to tell us what software you use? I think that could be pretty handy!

Cheers

plesk == CP

cpuburn
memtest
healthd
monitord

there are plenty of utils out there

Originally posted by Miha
kicker, don't you rebuild kernel on the server? Do you prefer to run default kernel that came as a binary compiled on another machine and came on your distro's CD? I do not respect admins who run default kernels on the server.:(

I was just giving you a hard time. Don't read too much into it.

Yeah. I run stock kernels. I don't build the systems for myself but for the guy who comes *after* me. I like being able to take a vacation now and then :)

And I am pretty sure that you probably get 10% or more better performance out of your custom kernel than I do. But on my systems only 20% of the CPU time is spent in the kernel. That means that all your pain only gives you a 2% *overall* performance gain. I would rather spend my time optimizing userspace code.

But I would love to know what you do on your systems that max's the CPU while stressing your kernel.

well, I (and "some" others) always think that custom built kernel, optimized for hardware you are running, max's CPU and works better. I can be worng, but personally I don't think I am.

I listed only things I do *at first* when I get the server. It doesn't mean I do not do anything else on the server.

Playing aroung with fstune (in FreeBSD) and hdparm (in Linux) will add more % to your CPU.

also default kernels (that are in your distro by default) are usually have everything compiled in (or as modules).

you probably know that less stuff loaded in your kernel than better perfomance it has.

The first thing I always do is install the Bastille Hardening system. It has a Firewall and checks various other security parameters.

Click Here for a HOW-TO (http://www.unofficial-support.com/modules.php?name=Sections&op=viewarticle&artid=5)

The How-To is for Ensim 3.1.x on Linux but it works for plain linux as well.