Security Basics mailing list archives

RE: Linux Web Server Hardening (LAMP + Wiki)

From: Steve Elkins <stevee () epits com au>
Date: Sun, 3 Feb 2013 01:25:36 +0000


1. It's common knowledge that you don't install X on service based Linux servers, you use the command line and that's 
it - people who do install X aren't being serious or are still learning 
2. Minimal OS install with only the packages required to run the service, administer the box and provide host based 
protection
3. Follow guides to harden OS and the services (Apache, PHP, MySQL etc)
4. If possible run the services from chroot jail (many guides to do this)
5. Install Apache and PHP security modules
6. Keep system and packages patched and  keep informed on security issues with the services through SAN, auscert etc

That's just a small amount of baseline security that should be applied to all your Linux servers - once you understand 
the service and possible attack points then you can keep going much deeper

While the default install of a Linux server with X and no hardening could be debated to be less or more secure than a 
similar setup on Windows - saying Linux is not secure is plainly trolling. 

________________________________________
From: listbounce () securityfocus com [listbounce () securityfocus com] on behalf of Eric Furman [ericfurman () 
fastmail net]
Sent: Thursday, 31 January 2013 2:39 PM
To: Ansgar Wiechers
Cc: Security Basics
Subject: Re: Linux Web Server Hardening (LAMP + Wiki)

On Mon, Jan 28, 2013, at 07:53 AM, Ansgar Wiechers wrote:

On 2013-01-28 Eric Furman wrote:

On Fri, Jan 25, 2013, at 04:31 PM, Jeffrey Walton wrote:

Is anyone aware of a hardening guide for a Linux LAMP server with a
Wiki component?

I have an older Linux Server hardening book, but nothing recent. I
have not seen a Wiki hardening document.


Don't use Linux. It is insecure. Use Windows or one of the BSDs.
All are much more secure.


Do you have an argument to go with that opinion?

Yes. I hate all Microsoft products, but they have made serious efforts
to
improve the security of their products. On the other hand, with a few
notable exceptions, Linux hackers not only have no concern for security
some of them even have an open hostility and disdain for it;
http://lmgtfy.com/?q=Linus+Torvalds+security

AAAAAnd everyone runs X. X is quite possibly the most insecure piece
of crap that everybody runs on their systems. The X consortium knows
this and has repeatedly refused to even address the issue. To paraphrase
a well known UNIX security expert, X doesn't act like root. It acts like
the
f*****g Kernal!
Microsoft, on the other hand, has already fixed this issue.
Who's more insecure now?

P.S. You're all crackpots who don't understand security.
//xkcd.com/1166/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Re: Linux Web Server Hardening (LAMP + Wiki) Eric Furman (Feb 04)
- <Possible follow-ups>
- Re: Linux Web Server Hardening (LAMP + Wiki) Ansgar Wiechers (Feb 04)
  - Re: Linux Web Server Hardening (LAMP + Wiki) Eric Furman (Feb 05)
    - Re: Linux Web Server Hardening (LAMP + Wiki) Adam Pal (Feb 05)
- RE: Linux Web Server Hardening (LAMP + Wiki) Steve Elkins (Feb 04)
  - Re: Linux Web Server Hardening (LAMP + Wiki) Jeffrey Walton (Feb 05)
- Re: Linux Web Server Hardening (LAMP + Wiki) Juan F. Campos - Computalleres.com (Feb 04)