Linux server preparation to host a web application. This project uses Amazon lightsail that gives a publicly accessible Ubuntu Linux server.

To view the deployed catalog-app project, you need to add the following string to hosts file on your PC:
35.158.162.144 catalog-app.com
After that you can access http://catalog-app.com to view the catalog application.

• Update all currently installed packages

  • sudo apt-get update
  • sudo apt-get upgrade

• Use sudo vim /etc/ssh/sshd_config and then change Port 22 to Port 2200 , save & quit.

  • Reload SSH using sudo service ssh restart

• Remote root login was disabled in /etc/ssh/sshd_config file:

  • PermitRootLogin no
  • Reload SSH using sudo service ssh restart

• Key-based SSH authentication is enforced in /etc/ssh/sshd_config file:

  • RSAAuthentication yes
  • PubkeyAuthentication yes

• User grader was added:

  • sudo adduser grader

• The grader user can run commands using sudo to inspect files that are readable only by root:

  • Added /etc/sudoers.d/grader file
  • sudo chmod 440 /etc/sudoers.d/grader

• Apache web server installed and configured to serve a Python mod_wsgi application.

  • sudo apt-get install apache2
  • sudo apt-get install libapache2-mod-wsgi

• Checked that the local timezone is configured to UTC.

  • sudo more /etc/timezone

• Uncomplicated Firewall (UFW) is configured to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123).

  • sudo ufw allow 2200/tcp
  • sudo ufw allow http
  • sudo ufw allow ntp

• All application dependences were installed to clone and run the application, such as Git, PostegreSQL, Flask, Sqlalchemy.

  • sudo apt install git
  • sudo apt-get install postgresql
  • sudo apt install python-pip
  • sudo pip install --upgrade pip
  • sudo pip install sqlalchemy
  • sudo pip install flask
  • sudo pip install oauth2client
  • sudo pip install requests
  • sudo pip install psycopg2

• PostegreSQL configuration files checked for local connections permition only.

• New database user catalog created with limited permissions.

  • sudo su - postegresql
  • psql
  • CREATE USER catalog;
  • GRANT select, update, insert, delete on ALL TABLES IN SCHEMA PUBLIC to catalog;

• Install and configure monitoring tools like Munin or Nagios.
• Install and configure fail2ban, or any other package to monitor unsuccessful login attempts.
• Install and configure unattended-upgrades.