Drupal in the Cloud, Part 4: Misc. Security Software and Setup

We aren't quite to Drupal yet. I know, I know, but we really need to get through this stuff to make our Drupal install so-so-so much easier. I promise!

If you decided to use AWS, any and all ports are controlled using the security policies. Close off any you don't need, but generally 22 (SSH management), 80 (HTTP), 443 (HTTPS), 10000 (Webmin Admin) and 20000 (Usermin login) are the ones that need to be open. If you are on Rackspace, this will need to be done in Webmin > Networking > Linux Firewall. Below is an example of what mine looks like. Keep in mind I have mail disabled and set to drop, and FTP/SSH are limited to come from my home internet connection only. It is a DHCP lease and I need to modify that from time to time, but it's better than exposing it to the world!

Now that the basic firewall is set, let's move onto some security applications.

Fail2Ban
This program is absolutely great. If you decided to expose SSH to the world, this program monitors for invalid logins. With a certain set of invalid logins within a certain time frame, that IP address is banned for a certain amount of time. Basically, 3 failed logins in 5 minutes results in an IP ban for a few hours.
Fail2Ban can be installed by typing:

user@server$: sudo apt-get install fail2ban

http://strongpasswordgenerator.com/
Please make stronger passwords. Please? Your cat's name with the year you were born on the end is not a strong password. It doesn't take long for a brute-force attempt to find Cuddles84. Lucy in the Sky with Diamonds, however, is just as easy to remember and 10x more protected from a brute-force attempt.

If I think of any more, I'll fill them in. For now, these will get you going rather well!

Share this

Tags: