LINUX SERVER RECOMENDED PRACTICES
---------------------------------

By COP IT DEPT Feb 2005

HIGHLY RECOMMENDED Set up a firewall so that only the 3 ports
that we discussed (22, 80, 3306) are open.  All others are blocked.
"IPTABLES"

HIGHLY RECOMMENDED Set up virtual domains in the Apache set-up
to separate the intranet and reserve systems.  Therefore, allowing the
ability to block all non-UF IP's from reaching the intranet section but
allowing access from everywhere to the reserve system. "File system
Sharing"

RECOMMENDED Set up SMTP forwarding on this server to utilize
smtp.ufl.edu. "Automated Email to Administrator"

RECOMMENDED Set up Logwatch to forward all 'root' emails to an
account that you check regularly.

HIGHLY RECOMMNEDED Set up a rotation backup system of your
choosing.

RECOMMENDED Run the server in Runlevel 3 instead of 5 to make
better use of system utilization

HIGHLY RECOMMENDED Set up DNS resolution and a host name on
localhost. "NOT ENABLE...allows easier access to HASH file"

HIGHLY RECOMMENDED Check for updates on a periodic schedule.
I did not check, but there are probably updates for Apache, MySQL, and
PHP since that distribution was released.

HIGHLY RECOMMENDED Set up the 'root' account so that it cannot
be accessed directly.  A user must log in first, and then 'SU'ed to
'root.'

MUST -- HIPAA-related email attachments need to be password protected
and/or encrypted before being sent via email.

MUST -- Create a text file with all of the system
passwords. This text file itself must be password protected
and kept in a safe location by the Dept Chair. This prevents permanent loss of
system passwords in the event of  anything should happen to the system
administrator.

EOF