LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-16-2009, 10:17 PM   #1
sego banti
LQ Newbie
 
Registered: Sep 2009
Posts: 3

Rep: Reputation: 0
Question How do i make my apache2 server on Ubuntu 9.04 desktop secure


I am very new to Linux (a few days old), i need to host a payments website for my business so i need a high level of security.

I have set up apache2, mysql and php but i am positive the server is no where near secure!

I need pointers as to how i can harden the web server including getting rid of unnecessary bits of 9.04, installing a firewall, setting permissions etc.

Thanks in advance guys!
 
Old 09-16-2009, 10:31 PM   #2
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,049

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
I would start ditching Ubuntu in favor of a more server-oriented distro, whatever will work better: debian, red hat,..

Second, on a machine that's supposed to be a web server, and that required high availability and a high degree of security, the worst enemy is the user himself, and much more if it's a desktop machine. You don't need a desktop in your server, it's just an extra source of instability and problems.

In any case, whatever your choice is in that regard, you should start by disabling all the services you don't need, overall those which open ports to the external world. Make sure that ssh is configured not to allow root login, and keep your site updated if you are using premade php applications or scripts like forums, shopping stuff or whatever.

You can also consider using GRsecurity or SELinux, I have no idea if Ubuntu supports either of these.

If you feel adventurous you can as well, compile your own apache and php packages, doing so you can choose to disable all the features that you are not going to use. Less parts of php and apache enabled means that you will have less things to worry about.

About the firewall, look into iptables, there's a lot to research about that, too much to be explained in a single post here. By defaults you should deny everything, at least from the outside, except the strictly needed ports.
 
Old 09-17-2009, 01:32 AM   #3
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
Good advice above. Obviously you should only use https (port 443) and get a real CA Certificate.
 
  


Reply

Tags
apache, apache2, secure


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: HowTo: Secure your Ubuntu Apache Web Server LXer Syndicated Linux News 0 01-30-2008 04:10 AM
Apache2 server on Ubuntu nw504 Linux - Server 2 02-17-2007 06:09 AM
Problems with Apache2 Secure Server javi_jaz1984 Linux - Security 9 04-03-2006 05:31 PM
Basic things to do to make sure a server is secure? htmlcoder Linux - Security 1 03-21-2005 06:41 AM
How to make a secure ftp server ? exalik Linux - Security 3 09-05-2003 05:21 AM


All times are GMT -5. The time now is 07:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration