I've got a VPS running Ubuntu 12.04 - I'm not particularly well versed in server management, but can do basic CL stuff.
We've got some third parties (from odesk) working on a web app for us that will be hosted on the VPS as part of the build they need access to the server via ssh
to run database migrations and other stuff.
My main concern is that I have no idea what they are actually putting on the server, I believe they are only putting on items concerning the development of the web app, but equally well they could be installing malware in the background.
I plan on installing ClamAV
for virus scanning, but if someone has with root access can that be bypassed ?
Is there a best practice to A) protect the server, whist at the same time still giving the third party access and B) Is there a command or somewhere I can see all installed items, so I can see whats actually on there ?