Home / server / Questions / 24326
Accepted
Robin Rodricks
Asked: 2009-06-12 11:45:51 +0800 CST

How can I get LAMP up and running with Debian?

  • 772

I need to install Debian for a webserver on a dual-Xeon machine, and it must be as "secure" as possible, with whatever programs and features are available (Firewall, Antivirus, etc).

I need basic webserver functionality, with the LAMP stack (where P is PHP), minus the FTP since I have constant physical access and I don't want to open a hole for attacks and unauthorized access.

  1. What version/edition do I download, burn and install? I don't understand the myraid of editions.
  2. How do I install/configure the LAMP stack (with admin panels) in order to get my server online?
  3. How can I setup the software for maximum anti-hacker protection, especially for Databases?
  4. Any dashboard and monitoring softwares that help in reading server performance/overloading?
debian security web-server lamp

3 Answers

  1. Best Answer

    Good questions. First, always install the latest Debian version (stable) and go from there. Choose the minimum install and after it is completed use apt-get to get the packages you need:

    # apt-get install apache2
# apt-get install php5
# apt-get install mysql-server

    That should get your LAMP ready (Linux + Apache + MySQL + PHP).

    Since you mentioned maximum security, I will say to do not install any of these graphical tools to manage your server (like cpanel, webmin, etc). Apache + PHP + Mysql configuration is simple enough to do via the terminal (plus, they come almost pre-configured by default).

    To monitor, I will suggest OSSEC (will monitor your logs, changes on your important files, etc).

    • 6

  2. This is the only information you are going to need for installation.

    http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3

    As for Xeons, you probably want the i386 distro unless they are 64bit procs(can still get away with this).

    • 3

  3. To address your security concern, I would install iptables and only allow port 80 (and 443 if necessary) to the public.

    Then I would install openvpn (allow its port on the firewall as well), and do all of your management via a VPN connection.

    Then stay on top of your security updates - have the system check the repositories every day and email you about all available updates, and apply them as soon as you are able. For a LAMP stack I would also add the dotdeb repositories to your /etc/apt/sources.lst, as dotdeb stays much more on top of patching the latest php/apache/mysql vulnerabilities than debian does.

    • 3