LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-01-2011, 06:03 AM   #1
mahi_nix
Member
 
Registered: Aug 2010
Distribution: CentOS, RHEL, Ubuntu,
Posts: 154

Rep: Reputation: 16
Apache Server Configuration Checklist


Hi Folks,

I have confiured my Apache server for web hosting purpose and have configured some site.

Now i need some steps or suggetion to secure my Apache server from outside network. what steps i have to take to secure my apache server and which whings i have to configure in apache for security.

i have installed MySql instant as well in server for Hosting the web site. to secure MySql Serivce what steps i have to take.

Please help me as soon as possible.

Thank You,
 
Old 06-01-2011, 10:56 AM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by mahi_nix
Now i need some steps or suggetion to secure my Apache server from outside network. what steps i have to take to secure my apache server and which whings i have to configure in apache for security.
Apache web server is complex. You need to understand enough about TCP/IP, HTTP, TLS, access control, service monitoring, intrusion detection/prevention, et al. to make informed decisions for configuring your specific installation. To that end, read:

Apache Security by Ivan Ristic

Buy it cheap on the 'net, or get to your local library.

[ I don't know the author, and I don't get paid to suggest that book. ]

-------

A checklist of steps or suggestions (that you don't understand) may patch a few common holes, but it will likely leave others wide open. If you have questions about particular strategies, then come back and post again.
 
1 members found this post helpful.
Old 06-01-2011, 02:55 PM   #3
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
mysql

Remove at least all default mysql users that are not xxx@localhost. You do NOT need access from the big bad world to the mysql server. I don't know if RHEL/Centos have standard install or that they come default with extra mysql users (e.g for update purposes). I run Slackware and the only default user that remains after the cleanup is root@localhost.

Set a strong password for the mysql root user.

If you need remote access, ssh into the server as a normal system user and do your mysql maintenance from there.

If you want to automate backups of the databases:
Create one mysql user that can make backups; don't use root for that as you need to supply the password and you don't want that to be shown in the backup script.

Privileges for this backup user should be set in such a way that this user can not add or destroy data (insert, update, drop, ...). This user however must be able to backup everything.

Verify your backups by importing them on a second system. I had the unpleasant experience this morning that I tried to restore a corrupted backup onto a new server that I'm setting up; thank god the old server was still up and I could pull a new backup.

PS
Forgot one important point:

don't use the mysql root user for database access to the user databases from the websites; setup one or more dedicated users for that.

Last edited by Wim Sturkenboom; 06-01-2011 at 03:55 PM.
 
1 members found this post helpful.
Old 06-01-2011, 04:02 PM   #4
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Web design

I use a directory structure as below
Code:
|
+--site1
|    +--web
|    +--inc
|
+--site2
|    +--web
|    +--inc
Apache should serve pages from siteX/web. The inc directories are used to store files that are included in the files on the website. Apache can read them but visitors can't access them. The files in the inc directory contain common stuff, but more importantly functions that you need to connect to the database (including username and password); as the outside world can't access them, they are safe.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
apache server configuration rahulnayak Linux - Hardware 1 01-19-2010 07:00 AM
New administrator of an existing server: what would be a reliable checklist? michalr Linux - Security 2 12-09-2008 12:05 PM
apache server configuration ankur arora Linux - Networking 2 12-10-2007 10:30 PM
Apache server configuration thagu Linux - Networking 1 01-24-2006 07:05 AM
slack server checklist babyphil Slackware - Installation 8 06-14-2005 12:39 PM


All times are GMT -5. The time now is 06:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration