Re: secure Apache build question

[Steve Suehring <csec () braingia org>]

Hello,

Without knowing the final use of the servers (web hosting provider, 
business, etc):

-Don't install extra modules for Apache.  Only use those modules as are 
necessary for the server and related functions to run properly.

-Check out mod_security

-Install Apache into a chroot and apply the grsecurity patch.

-Disable unnecessary services, keep software up to date, and everything 
else one would do to secure any type of server.

-Consider deployment behind a reverse proxy.

-Look out for scripting languages (take great care to secure them, etc).

Steve

===========================================================
= Steve Suehring, Editor - LinuxWorld Magazine            =
= GPG: 82CC 4404 4C45 4EE9 C5FF  B373 C3E5 D2B7 25A8 2B8D =
= Home Page:  http://www.braingia.org/                    =
===========================================================

On Thu, Sep 02, 2004 at 08:02:28AM +0100, Haseeb Chaudhary wrote:
> Hi All,
>
> I'm looking at building Apache web servers on Solaris and/or Linux. I've been assigned the task of ensuring the build 
> is secure against known vulnerabilities and attack types.
>
> I'm a newbie to Apache and would greatly appreciate some links or advice on an easy way to securely build Apache web 
> servers  - hopefully in a scripted way. The webservers will eventually go into production and will be facing the 
> internet. I expect to place them behind Arrowpoint load-balancers.
>
> All advice would really be appreciated!
>
> thanks inadvance, Haseeb