httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From InHisGrip <servie_pla...@yahoo.com>
Subject [users@httpd] Securing Apache - after successful compile...
Date Thu, 29 Jul 2004 19:53:27 GMT

Hi guys,

I'd like to ask this group for some suggestions on how
to properly secure my apache server under Fedora Linux
Core 2.

As I have mentioned before on my previous thread, I
intend to setup an apache/postfix server on a DMZ port
of my linksys router. This server is intended as a
family web site showcasing family related pictures and
movies of family gatherings as well as setup mailboxes
for each member of the family.

Along with this, I have already configured all the
necessary requirements such as port forwarding, webhop
and web cloaking among other things.

Now, since I am still in a development stage and am
testing the machine right now. I'd like to ask some
suggestions from this group if what I inted to do
listed below would be a good idea in relation to
apache security in general.

1. Compile a new linux kernel for a more customized
and more robust machine. Having only to use my spare
machine which is not that new, compiling a kernel
would definitely help a bit in the effeciency of the
server. 

On this regard, before I compile a kernel which I have
done before, may I know from you guys which services
to enable or disable.

When I did lsof -i, and netstat -nplee I get TCP ports
such as portmap, rpc and xinetd on listen mode. Now,
there were some in this group who suggested that I
need 
to compile my own kernel as well as apache before I
let it loose in the open.

Likewise, I am also contemplating on enabling iptables
on this apache server on top of tcp wrappers alongside
with IDS and other auditing tools like snort, tripwire
among others.

Another one also, does making a separate partition for
my web pages such as /www with subdirectories
www.platonfamily.net or www.stprdtimes.com -->
/www/www.platonfamily.net or /www/www.stprdtimes.com
affect my new compile or behavior? 

On my previous post, where I made a successful compile
of apache the absolute path was /usr/local/apache2, if
I change the htdocs from /usr/local/apache2/htdocs to
/www/htdocs would this affect apache's behavior?

Should this be okay? What would be the ideal
permission for the directory htdocs be? Does making a
symbolic link of index.htm from /www/htdocs/ to
/www/htdocs/www.platonfamily.net make a security
concern?

Many of the books and howto's in apache.org site
encourage one not to be root all the time and in this
instance create a non privileged user account wherein
apache will run. If we do this, as in login to the
apache box, will the service still run and what if in
case you would like to edit the conf file, as an
ordinary user, you cannot do so because apache only
can be configured and edited as root. Any ideas on
this? 

Thanks a lot and hope to hear from anyone soon!

InHisGrip,
Servie













	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message