ifnull
2/14/2013 - 6:55 PM

AWS: Quick and secure LAMP on Amazon Linux

AWS: Quick and secure LAMP on Amazon Linux

######
###### http://www.altmake.com/2013/03/06/secure-lamp-setup-on-amazon-linux-ami/
######




# http://imperialwicket.com/aws-quick-and-secure-lamp-on-amazon-linux
sudo su -
yum -y update
# add the AMP
yum install -y httpd mysql mysql-server php php-mysql php-xml php-pdo php-odbc \
  php-soap php-common php-cli php-mbstring php-bcmath php-ldap php-imap php-gd

# Add a user and give sudo privs
useradd someUser
passwd someUser
# Give password
vim /etc/sudoers
# if this is unfamiliar to you, be careful:
# insert line "someUser   ALL=(ALL)    NOPASSWD: ALL"
sudo useradd -g www-data someUser

# Configure ssh key and disable password authentication
cd /home/someUser
mkdir .ssh
vim .ssh/authorized_keys
# add your pub key to authorized_keys
chown -R someUser:someUser .ssh/
chmod 700 .ssh
chmod 600 .ssh/*
vim /etc/ssh/ssh_config
# insert line "PasswordAuthentication no"
service sshd restart
# Validate connection in another terminal before exiting the current session!

# Primary MySQL config
chkconfig mysqld on
service mysqld start
/usr/bin/mysql_secure_installation
# Root access from local only
# Set a root password (that's good)
# Delete test db
# Delete anonymous users

# Apache chkconfig on
chkconfig httpd on
service httpd start

# Create a mysql user/schema for your site(s)
# DON'T CONNECT AS ROOT FOR YOUR WEB APPS
mysql -u root -p
# Enter the password you set
mysql> CREATE SCHEMA someAppName;
mysql> GRANT ALL ON someAppName.* TO someAppName@'%' IDENTIFIED BY 'somePassword';