httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aman <arah...@techquotes.com>
Subject Re: [users@httpd] Locking down my system for the first time
Date Thu, 01 Jul 2004 21:06:48 GMT
First advice
http://www.w3.org/Security/Faq/www-security-faq.html

As far as apache configuration is concerned, this is what you ought to
follow and keep track of
http://httpd.apache.org/docs-2.0/misc/security_tips.html

HTH
Aman Raheja
http://www.techquotes.com


On Thu, 2004-07-01 at 15:21, Grant wrote:
> --- oliver@veryhip.com wrote:
> > Well, it's probably a bit off topic to talk about
> > security, but I'd get a port scanner and run it both
> > locally and remotely until you have closed every
> > port to
> > the world that you can, so that they are only
> > accessible
> > locally if you don't need them globally.  Then, I'd
> > setup
> > some triggers in a program to monitor your logs that
> > will
> > email you in the event of an intrusion.  I'd look at
> > getting a good hardware firewall or maybe even a
> > whole
> > computer with a Linux firewall and log all requests
> > and
> > setup triggers for that as well to email you in case
> > something happens.  I just look at my logs and have
> > learned what to parse from them to find the "bad
> > people",
> > but I don't take credit card numbers or anything
> > like
> > that... so it's tough if your taking CC#'s.  I'd
> > defin.
> > encrypt the #'s in a very weird and backwards way
> > ;].
> > 
> > Best luck,
> > Oliver
> 
> That all sounds like really good advice, but I was
> thinking more along the lines of configurations and
> settings.  It seems like there must be things I should
> add to my configuration files or something like that.
> 
> - Grant
> 
> > 
> > Grant said:
> > 
> > > --- Grant <emailgrant123b@yahoo.com> wrote:
> > >> --- Grant <emailgrant123b@yahoo.com> wrote:
> > >> > I'm setting up my first web server (been on
> > shared
> > >> > hosting until now) and all of the data on it is
> > >> > currently test or system data.  I'm about to
> > move
> > >> > the
> > >> > code for my online store over to it, but first
> > I
> > >> > want
> > >> > to lock down the security aspects of the
> > system.
> > >> > Basically: What should I do?  I really don't
> > have
> > >> > any
> > >> > idea where to start (short of a Google search)
> > and
> > >> I
> > >> > wanted to see what you guys have to say to a
> > >> > first-timer like me.
> > >> >
> > >> > - Grant
> > >>
> > >> I realized as soon as I sent this that I should
> > have
> > >> mentioned what I'm running.  It's:
> > >>
> > >> Gentoo Linux
> > >> apache2
> > >> perl
> > >> mod_perl
> > >> sendmail
> > >> postgresql
> > >> gnupg
> > >>
> > >> I think that's it.  Thanks!
> > >>
> > >> - Grant
> > >
> > > openssl
> > >
> > > I'm going to have to add these suckers as I
> > remember
> > > them.  I'm keeping a list now.
> > >
> > > - Grant
> 
> 
> 
> 		
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message