I have Ubuntu 12.04 installed on my home web server which I am hoping to use to host my website in the near future. Security is obviously paramount, and is my primary concern at the moment.
What is there that can be done to help prevent attacks?
My current setup is as follows:
- Routers in built firewall, of which only HTTP and SSH (80 and 22) are allowed through which goes directly to the server.
- Ubuntus UFW is enabled, again allowing only HTTP and SSH.
- Strong passwords, and encrypted HDD
- Fail2Ban Intrusion Detection System
- Security updates released by Ubuntu
Disabling Root SSH Login
Restricting access to folders of the site itself
- Preventing Apache from disclosing information about itself
Is there anything else which I can do to help protect my LAMP and SSH server and from a glance, how secure does it appear?
My guess is that the main problem shall end up being SQL Injection, but still the server needs to be secure.