LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 06-25-2012, 07:36 PM   #1
chexmix
Member
 
Registered: Apr 2002
Location: Arlington, MA
Distribution: Slackware, Debian, OpenBSD
Posts: 212
Blog Entries: 15

Rep: Reputation: 17
playing with Apache securely


Hi all -

So, as the subject says, I'd like to play with some web server stuff on Slackware 13.37 ... but I'd like to do so in a secure fashion, so that no one mucks with it while I am learning.

Short of just disconnecting the network cable, how do I go about this?

Thanks,

Glenn
 
Old 06-25-2012, 08:43 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,558
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Just make the web server listen on only localhost or block TCP/80 in the firewall or use configuration file / .htaccess $DOCROOT / container allow / deny clauses.
 
1 members found this post helpful.
Old 06-25-2012, 11:52 PM   #3
cikrak
Member
 
Registered: Sep 2006
Location: Surabaya, Indonesia
Distribution: Slackware
Posts: 35

Rep: Reputation: 5
Quote:
Originally Posted by chexmix View Post
Hi all -

So, as the subject says, I'd like to play with some web server stuff on Slackware 13.37 ... but I'd like to do so in a secure fashion, so that no one mucks with it while I am learning.

Short of just disconnecting the network cable, how do I go about this?

Thanks,

Glenn
If you just play.. do it in virtual environment. So you can hack your configuration here and there without worry. In the real world, a lot of things interfere each other in securiy term.

In my list :

-Disable module you don't need it.
-Disable directory browsing.
-Disable unnecessary options.
-Considering modsecurity for additional security layer.

After that, use nikto to test your webserver.

But I assume you play webserver at home, so just open your necessary port at your modem (like 80,22) if you want your site can be accessed from outside world.
 
1 members found this post helpful.
Old 06-26-2012, 06:59 AM   #4
chexmix
Member
 
Registered: Apr 2002
Location: Arlington, MA
Distribution: Slackware, Debian, OpenBSD
Posts: 212
Blog Entries: 15

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by cikrak View Post
If you just play.. do it in virtual environment.
OK ... I apologize if this is a stupid question, but how do I set up such a virtual environment?
 
Old 06-26-2012, 08:46 PM   #5
cikrak
Member
 
Registered: Sep 2006
Location: Surabaya, Indonesia
Distribution: Slackware
Posts: 35

Rep: Reputation: 5
Quote:
Originally Posted by chexmix View Post
OK ... I apologize if this is a stupid question, but how do I set up such a virtual environment?
IMHO... The easy way : using virtualbox. Install fresh Slackware in virtualbox and do everything you want without worry that will broke your entire system.

1. Install Virtualbox in your sistem.

http://download.virtualbox.org/virtu...-Linux_x86.run (32 bit)
or
http://download.virtualbox.org/virtu...inux_amd64.run (64 bit)

2. Install Slackware in Virtualbox.

So, you will run Slackware in slackware
 
1 members found this post helpful.
Old 06-27-2012, 08:56 AM   #6
abesirovic1
LQ Newbie
 
Registered: Sep 2005
Location: Germany
Distribution: Slackware
Posts: 28
Blog Entries: 1

Rep: Reputation: 6
It doesn't matter if he has it in virtualbox if the network interface is shared (i.e. outside people still open the apache site).

Just set it to: Listen 127.0.0.1 in httpd.conf file.
 
1 members found this post helpful.
Old 06-27-2012, 10:52 PM   #7
cikrak
Member
 
Registered: Sep 2006
Location: Surabaya, Indonesia
Distribution: Slackware
Posts: 35

Rep: Reputation: 5
Quote:
Originally Posted by abesirovic1 View Post
It doesn't matter if he has it in virtualbox if the network interface is shared (i.e. outside people still open the apache site).

Just set it to: Listen 127.0.0.1 in httpd.conf file.
The positive point of using Virtualbox is someone can test and play in an isolated environment. Virtualbox set as NAT as default so the outside world can acces the Apache. But the purpose of Web server is inverted, so 'Host Only' type of networking required in Virtualbox. Open necessary port, hack the configuration file,give a dummy data,test the security and performance.

In my experiences, many adjustment required when developing web server to public service. Remove unecessary packets (like x,xap,d),adjust firewall,...hacking here and there . Virtualbox is nice tool to experiment before run in real tournament.

It's hard to play hard in daily basis computer system. (without virtual environment, I need the other computer/server).

All in all, security is an art For me, it's great to see the log catch many effort to compromise the system... I can learn from this. Ofcourse it doesn't happen if I disconnect my network cable from wall.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache, perl and glob aren't playing nicely together markseger Linux - Software 1 02-19-2012 05:54 PM
Apache not playing with PHP on Debian Etch Lordandmaker Linux - Server 4 07-13-2007 07:05 PM
Securely Wiping Data zok Linux - Software 10 09-23-2006 01:30 PM
Apache 2 & PHP5 Not playing nice SkippyBoy Suse/Novell 1 05-19-2006 09:09 AM
Several problems: Apache/PHP, playing CDs and volume control Nylex Slackware 12 07-03-2005 02:32 AM


All times are GMT -5. The time now is 06:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration