For the past year and a half I have been running a Linux web server (Debian and Ubuntu) as part of my Cyber Defense Club. While I have been following many of the suggestions learned from my experience and competitions I feel and am still only on the tip of the iceberg when it comes to SysAdmin stuff. My system is currently running Ubuntu 11.10 Server with Apache 2.2.17 with SSL required for all webpages.
The majority of my focus has been on what is occurring with Apache. Most of my time has been spent reading Apache documentation particular security modules and the best ways to implement them. However I feel my time could be better spent looking at my system in a whole. What general steps should I follow, rotations used, IPTable rules that I may have missed, etc....
Thank You
[link] [12 comments]