LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page What is the best way to secure httpd?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
Page 2 of 2 1 2
  Search this Thread
Old 12-30-2006, 02:43 AM   #16
sysconfig
Member
 
Registered: Sep 2006
Location: (.)
Posts: 44

Rep: Reputation: 15

Hi,

What do you think configuring and installing http in chrooted environment?
 
Old 12-31-2006, 02:21 PM   #17
punjabipredator
Member
 
Registered: Dec 2006
Posts: 30

Original Poster
Rep: Reputation: 15
Hello
When we reinstalled the server and had the TCP WRAPPER added which only allows my ip range it has blocked out IRCD and others that used SSH to take over the server. When i ran rootkit the only problem and vulenerable was SSH. Yeah i will look for a better method to secure and harden SSH but at the moment a temporary fix is getting the job done. Thank You.
 
Old 01-04-2007, 07:04 PM   #18
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Quote:
Originally Posted by punjabipredator
When we reinstalled the server and had the TCP WRAPPER added which only allows my ip range it has blocked out IRCD and others that used SSH to take over the server. When i ran rootkit the only problem and vulenerable was SSH. Yeah i will look for a better method to secure and harden SSH but at the moment a temporary fix is getting the job done. Thank You.
Add another layer of protection using an iptables script.
Restrict network accessible admin tools (ie cpanel).
Look at the the output of 'rpm -qa' and remove all unneeded RPMs.
Lock down SSH access to select users that authenticate using a public key.
Audit your web content.
Get familiar with all of the logs. Send syslog to another server for backup.
Once your server is ready for use, get a baseline status with Tripwire/AIDE before users login. Make regular comparisons.
Monitor your logs.
 
  


Reply
Page 2 of 2 1 2



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 06:19 AM
LXer: University of Michigan Selects SSH Tectia for Secure System Administration and Secure File Transfers LXer Syndicated Linux News 0 04-25-2006 12:54 AM
secure httpd sanjibgupta Linux - Security 1 10-20-2005 09:36 PM
service httpd status, results in httpd dead but subsys locked squadja Red Hat 2 09-11-2004 10:31 PM
httpd chokes on ScriptAlias line in Apache httpd.conf lhoff Linux - Software 1 07-14-2003 10:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:27 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration