Dear Sirs (and Madams),
I've a new remote Linux server with Debian 5 x86 I need configured. I could do it myself, but I don't have time. The server can be rebooted if you need to, however I do not have physical access to it. So don't screw up ;)
What I'm going to use the server for:
* 1 custom website only with Apache & MySQL. Communication to external web service via PHP & NuSoap, getting XML back.
* No mail, no FTP, no nothing... Very clean server.
What I need:
* Update and upgrade software (apt-get update upgrade) / even dist upgrade if available.
* Check server time. Should be GMT+1. Change server hostname. Check server language support. Must support UTF-8 and No-nb (Norwegian Bokmaal).
* Secrue server with iptables as firewall. Configure & enable iptable. Drop all inbound connections on other ports than 80, 443, and 20000.
* Server should not reply to ICMP pings, drop all packets.
* Configure SSH server to run on port 20000, disable port 22.
* Install and configure latest stable apache (Install common mods)
* Install and configure PHP (+ language support)
* Install and configure latest stable mysql (root password, etc)
* Install and configure latest stable phpmyadmin. PMA should only be accessible on https. Also not accessible trough common URLs, like https://IP.IP.IP.IP/PMA or https://IP.IP.IP.IP/phpmyadmin. Use https://IP.IP.IP.IP/a01dba
* Install Leaseweb verified SSL certificate on the server. (Non self signed - Not wildcard) for the website domain.
* Suggest ideas to cope with probing for know security leaks or sploitable software (w00t.w00t and other bots scanning the server). In example how we could drop connections from bots.
* Install & configure Munin. Have cron for Munin run as nice with lowest pri.
* Suggest how we can secure PHP.
* Setup rsync to backup files in website home dir and DB to external server. Use Duplicity or similar to tar website home dir before rsync. Backup every night to remote server.
* Propose and discuss other tasks with me.