[tdicola]

Anyone have tips on how to secure their Linux VPS? I just set one up and disabled SSH password login, locked down all the ports with iptables (using ufw), and enabled fail2ban. Anything else I should install or configure to make myself a little more secure? Was considering tripwire but I dunno how much a headache it would be with false positives as I change things on the server.

[MayIHaveAnother]

A very common attack vector is through installed web applications. Especially if you run wordpress with a lot of plugins installed, be sure to enable correct read/write settings for /var/www, and update your application frequently.

Malicious entities runs 24/7 scans towards indexed URL's attempting to exploit various vulnerabilities, and many of the vulnerabilities allows remote code execution, upload of php files etc. This can be used to upload malicious code, simple php-webshells, and then your VPS is suddenly a part of a DDoS/Scanning network.

Exploited Wordpress sites are a problem, Zeus/Zbot-Trojan is often seen downloading updates/configs from these, and they are also often used to redirect users to Exploit Kits.

[porker]

I came across these two tools recently that seem interesting: http://www.rfxn.com/projects/linux-malware-detect/ https://github.com/emposha/PHP-Shell-Detector

Not installed either yet (LMD could really use some .deb packages) but could be a useful alternative to Tripwire

[Ded7xSEoPKYNsDd]

On my personal machines, I also setup a cronjob to automatically install updates. There's a small risk of breakage (I had one in 5 years), but I prefer that over a bill like op's.