Server release V1. Meta-Lassi is at a functioning baseline. Probably from a security perspective, this post would be a no-no, but that’s not what this is about. So the server is:
Ubuntu 11.04 with ssh, apache, and mysql running on it. Pretty standard stuff.
Logwatch emails every day, as well as aide.
Webalizer is running for some server statistics, although google analytics probably makes that a little redundant. Monit is running to let me know when thing go off the rails and will restart the apps.
I spent a good amount of time investigating security, so to that end, iptables are functioning fairly well. PSAD reads the iptables logs and bans many incoming probes each day. Those are logged, and added to the logwatch email. Also in the Logwatch email, failed ssh and http requests.
SSH is validated using certificates, so while I still have fail2ban running it’s probably moot (although it does seem to ban a couple of people each night, that’s still a bit of a mystery) Aide file integrity checker sweeps through each night and checks checksums and so far what changes seems to make sense.
So far this backend serves up WordPress, ie, this blog, as well as standard pages. That’s what I’m using it for anyway, but really it should be a fully functioning LAMP server.