The title says it all, really, but here's my background:
I have a few years experience using Linux (Ubuntu, RHEL, Cent, and Arch) at home and at work. As a result, I'm more than comfortable at the command line, and I can debug most issues I run across. Now I want to take a crack at running a server, and I'm coming to the realization that I don't quite know what I'm doing when it comes to security.
What I've done: I'm paying for a Linode VM that's running Cent OS (since I'm most familiar with Red Hat's way of doing things). I disabled root logins over SSH, since that seems like a sensible security precaution, but I haven't done much else to secure the system aside from making sure all my packages were up to date. I'm not sure what else is necessary there. My girlfriend got into Minecraft not long ago, so I volunteered to set up a Minecraft server, which I have running in a screen session. It's running under my user account. Is that a bad idea? Should I set up a special restricted user to run the server under? I also want to do other things with it, like run a web server (i.e., Apache), store my git repos there, etc., and I want to make sure everything is reasonably secure, but I'm not sure how.
Is there a good resource for learning good Linux security practices? A website or a book would be nice. Google turns up websites that have a handful of quick tips and an O'Reilly book from 2005 that I'm not sure is still relevant.
[link] [5 comments]