I normally use centos/cpanel and just got a new server with ISPconfig 3 64bit (Debian 7 Squeeze). I will use this server for a backup server for a few cpanel VPS's and possibly add a few personal wordpress websites. Also going to use it for a small radio station using shoutcast.
Any security tips or online tutorial links for securing properly please?
1. I want to disable password authentication.
2. I want to change root ssh login port.
3. I want to disable telnet.
4. I want to be able to login via root ssh key only via putty.
5. Install mod security
I usually just check the csf firewall in WHM and secure everything via what is suggested there so if anything else you can suggest on securing this box I would really appreciate it. This server has the bastille firewall pre-installed so I guess I'll just leave it.
I would definitly use CSF. The config file looks pretty much the same in nano as it does in the GUI. If you dont have nano, apt-get install nano. OWASP mod security rules can be installed, probably via a package or from the repo. Check the site it has everything in a guide. Fail2ban can be used, and there are a couple of wordpress specific configs that parse the logs and throw offenders into jails.