Minimal Configuration for Dedicated XenForo server?

[Marcus]

I am running a single xenForo community on my server and played with the idea of just setting up the packages my CentOS server needs for xenForo. From what I guess there are:

PHP
MySQL
Postfix
nginx (or apache)
Java (for elasticsearch)

Currently I use Plesk and I am open for comments to stay on Plesk. I do have a contract with a Server Management company managing my Plesk server but they are not that helpful with upgrading to PHP 5.5 ("it's not possible" and I had to point them to the manual where Plesk outlines how to upgrade to PHP 5.5 etc.). The idea is to have minimal services hence minimal points for security hacks.

 

[Slavik]

I am running a single xenForo community on my server and played with the idea of just setting up the packages my CentOS server needs for xenForo. From what I guess there are:

PHP
MySQL
Postfix
nginx (or apache)
Java (for elasticsearch)

Currently I use Plesk and I am open for comments to stay on Plesk.

Don't forget IP tables. But yea, thats pretty much all you'll need.

Use the REMI repo aswell to keep with nice up to date php versions.

 

[Marcus]

Server management companies always tell me they "harden" their servers and build a "hardened kernel". If I just have the minimal configuration, there are no "open holes" I would have to fix, right?

 

[Slavik]

Server management companies always tell me they "harden" their servers and build a "hardened kernel". If I just have the minimal configuration, there are no "open holes" I would have to fix, right?

With IP tables and an up-to-date install, centos is *pretty* tough to crack as it stands.

How much you want to harden realy depends on how much you want to learn or feel is nessissary.

Simple stuff and basics, like moving SSH port or using SSH keys: http://www.gridvirt.com/blog/beginners-linux-security-guide-centos-6-2/ (I highly reccomend bookmarking gridvirt.com)

To NSA's documentation: http://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf

Paid solutions: http://www.atomicorp.com/products/asl.html

and free: http://grsecurity.net/

And a whole variety inbetween.

 

[Marcus]

Thanks, I guess I will start with the few basic packages and iptables. Just noticed that my server management company did not set any rules in iptables - which is not that bad, but paying for that kind of service is. I prefer a lean system so I can update PHP and MySQL myself and don't have to worry about Plesk Panel compatibility. As I have installed

• Percona MySQL and the new
  
• PHP 5.5.3 next to
  
• nginx

on my Plesk 11.5 server I use pretty much my own software where I don't need Plesk anyway.