Quote:
Originally Posted by abdoullah
it will be used for online transactions
|
If you mean on-line transactions as in credit card payments then you should familiarize yourself with what rules and regulations organizations require you to adhere to. Before you do that you should familiarize yourself with the setup well enough to install, harden and maintain it properly. (And if you're not well-versed in all aspects of installing and maintaining such a setup, as in quality / risks, at least
consider handing off tasks to those qualified and experienced.)
Sites to visit and topics you need to read up on are, in no particular order:
- any major Linux distribution sites wrt choice of Enterprise or Longterm Support version,
- your Linux distributions documentation with respect to security best practices,
- the CERT site documents wrt server hardening,
- the OWASP site with respect to common pitfalls, server hardening and web application testing,
- the PCI-DSS standard website for documentation if that's what you need to adhere to,
- and maybe read some of
http://rkhunter.wiki.sourceforge.net/SECREF?f=print .
* Remember that
you get out of it what you put into it: not having the required skills, not doing required research, failing to think and plan ahead and disregard for best practices are the best ways to waste time, effort and money and see your setup crash and burn at some point in time...