Slackware Web Server Security

[alternativi]

---

I have set up a Web server, and how can i add some filter's to secure it, because i dont have add notething..ThanKYOU

[RobinVossen]

Well to secure it Id say Attack it.
But first setup your Security.

Install:
- iptables (Firewall)
- snort (NIDS)
- tripwire (HIDS)
- Update..

Then.
Portscan your server using nmap.
Check if for Banners with Open Ports.
Check for Known Exploits on Banner Answers using milw0rm, metasploit and Secwatch
Vuldb Test using Nessus and/or CoreImpact
Test Security Passwords using Hydra/Brutus/Medusa
Check of PHP-Coding Mistakes (Assuming its a webserver)

After all Fuzz your Server..

or just,
Hire a Peneration tester..

Hope that helps.

[forgottentq]

hahahahaha... ORRRR u could look up some common security techniques for apache.. and make sure the daemon and modules you are using are constantly up-to-date.

[RobinVossen]

Heh but those Common Security Techniques doesnt give you a indept analyses of the Security of your Server.
You MySQL might be all open. Or you might run a Vundl. version of OpenSSH.
You have no idea how much people forget about there Security.
And think. Its not going to happen to me.

[athlon_crazy]

A very basic but if possible, run your apache + ssl.