Application Deployment Checklist (Linux Systems)

Share
Viewer Rating

Application Deployment Checklist (Linux Systems)

Security of software applications is an important aspect which is often underestimated or ignored at the peril of malicious cyber attacks. The following list is a quick check-list of validations and/or actions to be performed before deploying any enterprise-grade application in Production:

1. Maintain at least three environments for any application build – Dev (Local machine), Test (Virtual machine or any other server) and Prod (AWS EC2 Server, Google Cloud Compute Engine or any other server).

2. Maintain version control for code in a private repository in BitBucket, GitHub, SVN or Google Drive.

3. Ensure that all patches on the production server are up-to-date.

  • sudo apt-get update
  • sudo apt-get upgrade

4. Monitor CPU and RAM utilization through ‘top’ (or ‘glance’) command.

5. Check free disk space on the server before deployment: df -k .

6. Hardware Security

  • Ensure all unnecessary / unused ports are closed.
  • Install LetsEncrypt or any other SSL certificate for all applications.
  • Disable external ping service.
  • Validate that only SSL traffic and SSH traffic are allowed through the firewall (UFW or any other).
  • SFTP / FTP access should be disabled unless absolutely necessary.

7) Software / Application Security

  • Ensure that SQL injection attacks are properly mitigated through coding best practices.
  • All file permissions should be thoroughly checked and access should be restricted wherever possible.
  • chmod 444 (read permissions only) should be sufficient for most, html, image, css and javascript files.
  • chmod 400 should be sufficent for credential stores / flat files. Double-check that such files are not publicly accessible.
  • Shell scripts should have have permissions set as 550 in most cases. Shell script execution should not be granted to the public under any circumstance.
  • An enterprise-grade web server (e.g. NGINX, Apache) should be used in Production and debug mode must be turned off.
  • All errors and exceptions should be properly handled within the code.
  • Ensure thorough unit testing and load testing of the application before deployment in Production.
  • Use a Content Delivery Network (CDN) such as AWS CloudFront, Google Cloud CDN or CloudFlare to enhance site performance and restrict application access based on geographical location (if necessary).
  • If any database is running on the same server, ensure that its credentials are well protected. Try to avoid remote access, if possible. Restricting access to localhost is recommended.

About Strootaay Innovation Labs

Strootaay Innovation Labs is a professional internet services company specializing in cloud solutions, iot consultancy, digital marketing, website design and seo services.
Facebook: https://facebook.com/strootaay
Instagram: https://instagram.com/strootaay/
Website: https://strootaay.com

Leave a Comment

%d bloggers like this: