'''===Software Management'''<ol><li>===#System software must always be up to date. Critical patches are released by software vendors and operating system providers on a regular basis. Updates frequently contain fixes for potential vulnerabilities and bugs, if your system is not up to date it may be at risk. A recent example of this is the SSL bug [https://heartbleed.com HeartBleed].</li><li>#Minimising installed software is an important step in reducing potential vulnerabilities. The system should have the bare minimum of packages and software installed to support its purpose.</li></ol>'''===System Management'''<ol><li>===#Firewall can be enabled via [http://www.netfilter.org/projects/iptables/ iptables] the guides [http://www.tecmint.com/basic-guide-on-iptables-linux-firewall-tips-commands/ here] and [http://www.cyberciti.biz/faq/category/iptables/ here] describe iptables configuration.</li><li>#To protect the server it is important to audit the open ports on the machine. To check listening ports you can run<br>

  </li><li>#Logging and Auditing is a key aspect of server security. All hacking, brute force, DDoS or other attacks should be captured, monitored and analysed. <br>This [http://www.cyberciti.biz/faq/linux-log-files-location-and-how-do-i-view-logs-files/ guide] describes the location and purpose of common Linux log files. <br> To ensure that information is not lost, overwritten or that the logs do not grow infinitely the tool [http://www.thegeekstuff.com/2010/07/logrotate-examples/ Logrotate] can be used.<br> Installing a tool like Logwatch allows you to monitor and respond to suspicious activity. The following [https://www.digitalocean.com/community/articles/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps guide] describes installing and configuring Logwatch.</li><li>#[http://selinuxproject.org/page/Main_Page Security Enhanced Linux(SELinux)] is a kernel level security control mechanism, which enforces a set of rules and procedures for the system. SELinux provides fine grained control for access rights and permissions.<br>To check if it is enabled run<br><i>: