Find the answer to your Linux question:
Results 1 to 5 of 5
I got my apache2 server up... SuSe 9.3 with the firewall on, and it allows http (port 80) I got a fairly complex root password. i have set in httpd.conf ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2005
    Location
    look out your window
    Posts
    72

    Got my server up...security suggestions?


    I got my apache2 server up...
    SuSe 9.3 with the firewall on, and it allows http (port 80)
    I got a fairly complex root password.
    i have set in httpd.conf for it to not let / access, but i have allowed other dirs in /srv/www/htdocs

    thats about it...
    my server is in my sig.
    any suggestions on what i can do to make my server more secure, or am i alright?

  2. #2
    Linux Newbie deek's Avatar
    Join Date
    Mar 2005
    Location
    Fort Wayne, IN
    Posts
    248
    I think you covered the main bases there, really.

    I would recommend reviewing your apache logs on a regular basis as well as your basic system logs, but I really can't think of anything major you would have to worry about for a simple website.

    I feel like I am missing something, but at this point, nothing is coming to mind!
    Join the Open Source Revolution. Support GNU/Linux.

    Find me at: www.deeksworld.com
    Registered GNU/Linux User #395777

  3. #3
    Just Joined!
    Join Date
    May 2005
    Posts
    97
    do not allow root login via SSH.
    so users HAVE to log in as a regular user and then su to root account.

    just one extra little security measure for the server itself

    Luma

  4. #4
    Linux Guru kkubasik's Avatar
    Join Date
    Mar 2004
    Location
    Lat: 39:03:51N Lon: 77:14:37W
    Posts
    2,396
    Well, being as you have already covered some of your most important bases (ie, Apache is the only visible port on your computer) There are really 3 big things to focus on when securing a webserver.

    1. Remove un-used modules. More modules == more possible security flaws, so keep those loaded to a minimum, if you don't need any, don't use any.
    2. Proper permissions, this one is far more complicated, but basicaly apache shouldn't be running as root, and write/execute permissions for the web user should be kept at an absolute minimum.
    3. Perhaps the one greatest security enhancement possible is running apache from a chroot jail, but this no easy task, especaily if you are trying to serve dynamic content.


    Google will have more on how to complete these task, but I hope this helps.
    Avoid the Gates of Hell. Use Linux
    A Penny for your Thoughts

    Formerly Known as qub333

  5. #5
    Just Joined!
    Join Date
    Jul 2005
    Location
    look out your window
    Posts
    72
    thanks guys....am looking into all of what was suggested

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •