Visit the LQ Articles and Editorials section
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 09-16-2009, 09:17 PM   #1
sego banti
LQ Newbie
Registered: Sep 2009
Posts: 3

Rep: Reputation: 0
Question How do i make my apache2 server on Ubuntu 9.04 desktop secure

I am very new to Linux (a few days old), i need to host a payments website for my business so i need a high level of security.

I have set up apache2, mysql and php but i am positive the server is no where near secure!

I need pointers as to how i can harden the web server including getting rid of unnecessary bits of 9.04, installing a firewall, setting permissions etc.

Thanks in advance guys!
Old 09-16-2009, 09:31 PM   #2
Gentoo support team
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,052

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
I would start ditching Ubuntu in favor of a more server-oriented distro, whatever will work better: debian, red hat,..

Second, on a machine that's supposed to be a web server, and that required high availability and a high degree of security, the worst enemy is the user himself, and much more if it's a desktop machine. You don't need a desktop in your server, it's just an extra source of instability and problems.

In any case, whatever your choice is in that regard, you should start by disabling all the services you don't need, overall those which open ports to the external world. Make sure that ssh is configured not to allow root login, and keep your site updated if you are using premade php applications or scripts like forums, shopping stuff or whatever.

You can also consider using GRsecurity or SELinux, I have no idea if Ubuntu supports either of these.

If you feel adventurous you can as well, compile your own apache and php packages, doing so you can choose to disable all the features that you are not going to use. Less parts of php and apache enabled means that you will have less things to worry about.

About the firewall, look into iptables, there's a lot to research about that, too much to be explained in a single post here. By defaults you should deny everything, at least from the outside, except the strictly needed ports.
Old 09-17-2009, 12:32 AM   #3
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.7, Centos 5.10
Posts: 16,651

Rep: Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155Reputation: 2155
Good advice above. Obviously you should only use https (port 443) and get a real CA Certificate.


apache, apache2, secure

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: HowTo: Secure your Ubuntu Apache Web Server LXer Syndicated Linux News 0 01-30-2008 03:10 AM
Apache2 server on Ubuntu nw504 Linux - Server 2 02-17-2007 05:09 AM
Problems with Apache2 Secure Server javi_jaz1984 Linux - Security 9 04-03-2006 04:31 PM
Basic things to do to make sure a server is secure? htmlcoder Linux - Security 1 03-21-2005 05:41 AM
How to make a secure ftp server ? exalik Linux - Security 3 09-05-2003 04:21 AM

All times are GMT -5. The time now is 01:24 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration