Security Basics mailing list archives
Re: Linux Web Server Hardening (LAMP + Wiki)
From: gremlin () gremlin ru
Date: Thu, 31 Jan 2013 00:23:32 +0400
On 28-Jan-2013 22:45:29 +0800, forgaoqiang wrote:
I think the default setting of LAMP is safty enough,
They are not. Typical settings include old (and thus vulnerable) apache httpd built with mod_php, which is _not_ safe. First of all, decide how you'll split your system. I'd recommend setting one (or more) frontends with nginx and put actual httpd (recent version, built with suexec support even for PHP) inside of an OpenVZ VPS (start from http://openvz.org/Download/live_CD). Setting up virtual HTTP hosts and running them with separate users' permissions is also a must. Putting MySQL in a separate VPS is optional, but if you do, don't forget to assign RFC-1918 | RFC-5156 address to it (thus making it inaccessible from outside). Once you'll need to access MySQL database from outside, use the SSH's "-L" parameter (see `man ssh` for details). And don't hesitate to ask questions: looking like a fool is much better than actually being one. -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8 ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Linux Web Server Hardening (LAMP + Wiki), (continued)
- Re: Linux Web Server Hardening (LAMP + Wiki) Eric Furman (Jan 31)
- Re: Linux Web Server Hardening (LAMP + Wiki) Ansgar Wiechers (Jan 31)
- Re: Linux Web Server Hardening (LAMP + Wiki) Jason M (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) James Thomas (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Michael Peppard (Jan 29)
- RE: Linux Web Server Hardening (LAMP + Wiki) Ulm, Matt (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Littlefield, Tyler (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Henri Salo (Jan 28)
- RE: Linux Web Server Hardening (LAMP + Wiki) Balakrishnan Nadar (Jan 28)
- Re:Linux Web Server Hardening (LAMP + Wiki) forgaoqiang (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) gremlin (Jan 31)
- Re: Linux Web Server Hardening (LAMP + Wiki) Michael Peppard (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Tracy Reed (Jan 29)
- Re: Linux Web Server Hardening (LAMP + Wiki) Jeffrey Walton (Jan 28)
- RE: Linux Web Server Hardening (LAMP + Wiki) Tommy Thomas (Jan 29)
- Re: RE: Linux Web Server Hardening (LAMP + Wiki) Mikhail A. Utin (Jan 28)
- RE: RE: Linux Web Server Hardening (LAMP + Wiki) Sosa . Angel (Jan 29)