I want to build a totally secure webserver and WordPress installation (or as near as possible) using an EasyEngine install. The additional modules and services I am planning to use are …
Install and configure Firewall - ufw Secure shared memory - fstab SSH - Key based login, disable root login and change port Apache SSL - Disable SSL v3 support Protect su by limiting access only to admin group Harden network with sysctl settings Disable Open DNS Recursion and Remove Version Info - Bind9 DNS Prevent IP Spoofing Harden PHP for security Restrict Apache Information Leakage Install and configure Apache application firewall - ModSecurity Protect from DDOS (Denial of Service) attacks with ModEvasive Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban Intrusion Detection - PSAD Check for RootKits - RKHunter and CHKRootKit Scan open Ports - Nmap Analyse system LOG files - LogWatch SELinux - Apparmor Audit your system security - Tiger and Tripwire
Did I miss something? Is this overkill?
Please let me know your ideas.