Securing a Plesk VPS

[mealto]

Now that we have a Plesk VPS, is there a simple tutorial somewhere that can guide us to securing Plesk and offer tips and tweaks?

 

[faris]

Well, to be honest your simplest bet would be to installed ASL on it. www.atomicrocketturtle.com. Costs $128 per year.

One of the features of ASL is a more secure kernel, which you can't use with a VPS. But other than that it works fine.

Other things to do include using keys instead of passwords for your SSH logins, and don't allow direct root logins.
Using a good firewall instead of the simplistic one that's standard in Plesk would be a good thing too. APF is a favourite. You need to read the sticky topic about installing APF in a VPS in the Virtuozzo section of this forum though.

You can also ask your VPS supplier to make you /tmp noexec. This doesn't do all that much good but it is better than nothing I suppose.

There's more -- search for posts by lvalics (I think I've spelled that correctly) who has many good suggestions on server security, though many of these don't quite apply to a VPS.