Secure LAMP?
It seems gone are the days of real, local apps. In the cloud. Or server applets.
I want to run a couple of apps in PHP which need apache and mysql to run. Could you point out some recent documentation about securing them? At least they should be accessible from the localhost and invisible to the exterior, even without a firewall. |
Quote:
Quote:
- A secured server starts with hardening the OS, so start with creating a baseline (so you can document which changes have what effect) and read what documentation your distribution provides. If you want to meditate on the finer points, or if your distribution doesn't provide enough documentation, check out the "Securing Debian" manual, one of the oldest around. Once done check your changes locally with Tiger and from remote with OpenVAS (not netstat or nmap). Bonus points for using the Cisecurity benchmarks (for example what applies to RHEL / Centos / SL). - Create an application level baseline, so you can document which changes have what effect, visit the web site for your database, web server and interpreter of choice for up to date information and implement what advice their security documentation offers. Then check the SANS InfoSec Reading Room for topics like Web Servers and docs like Step by Step Installation of a Secure Linux Web, DNS and Mail Server, the Top 10 2010 and the OWASP Application Security FAQ. Increase your mana by using the CIS Apache benchmark and remembering to run OpenVAS after you made changes. More bonus points for reading more like Low- to No-Cost Methods to Review Webserver Logs for Potential Security Issues and IT Audit: Security Beyond the Checklist. * If you want to see a Real Life case then this thread would be a good example IMHO. HTH |
While I often agree with unSpawn I'm going to pick on a couple of phrases here:
Quote:
Quote:
I'm also a believer in some sort of MAC (particularly Apparmor/Subdomain which I've been using since 2001) because merely separating users from each other doesn't protect you from the data you handle. http://wiki.laptop.org/go/OLPC_Bitfrost#Foreword |
Quote:
Quote:
|
Thanks. Phisical security is partly done: checksums and full disk encryption.
|
All times are GMT -5. The time now is 04:40 PM. |