LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 03-26-2021, 01:55 PM   #1
strangeways
LQ Newbie
 
Registered: Mar 2021
Posts: 1

Rep: Reputation: Disabled
No real problem yet, I need security for a new server on my Raspberry pi 4


I'm assuming this is the right place, I recently set up my raspberry pi 4 server installed apache2 php, and now I find out I understand I need some sort of security. Ant suggestions?
 
Old 03-26-2021, 02:32 PM   #2
Gad
Member
 
Registered: May 2013
Distribution: FreeBSD 12.2-RELEASE
Posts: 533

Rep: Reputation: 113Reputation: 113
Welcome to LQ!

A firewall at minimum.
 
1 members found this post helpful.
Old 03-26-2021, 02:48 PM   #3
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,511
Blog Entries: 3

Rep: Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773
Aside from changing the default passwords before setting it out on the net, it is mostly locked down. Firewalls can be an amusing way to spend time but at the end of the day you'll have to let in port 22, 80, and 443. Ports 80 and 443 are where PHP will be available, so that is where you should focus your attention. The main thing there is to ensure that all input is sanitized and validated when writing with PHP or other languages. See the programming concept of tainted data. But if you would like a guide, then the OWASP Top 10 Web Application Security Risks would be a good start.
 
1 members found this post helpful.
Old 03-27-2021, 12:40 AM   #4
Pentium4User
Member
 
Registered: Jan 2018
Posts: 39

Rep: Reputation: Disabled
You should also ensure that updates are installed regular, I recommend 1 time a day. You might also think about setting up unattended-upgrades.
 
1 members found this post helpful.
Old 03-27-2021, 06:22 AM   #5
Keith Hedger
Senior Member
 
Registered: Jun 2010
Location: Wiltshire, UK
Distribution: Linux From Scratch, Slackware64, Partedmagic
Posts: 2,920

Rep: Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769
fail2ban is your friend here.
 
1 members found this post helpful.
Old 03-27-2021, 09:07 PM   #6
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 17,229
Blog Entries: 27

Rep: Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332
In addition to these other excellent suggestions, block all incoming ports in your router except for the ones you must have open for the server to function.

Also, you might want to run an AV. In this usage, ClamAV should be suitable.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Raspberry Pi: Combine a Raspberry Pi with up to 4 Raspberry Pi Zeros for less than US$50 with the Cluster HAT LXer Syndicated Linux News 0 07-05-2019 12:03 PM
KVM - Class B real-world network, yet a Class C real-world config works? Why? rylan76 Linux - Virtualization and Cloud 2 11-07-2012 06:51 AM
real, real, real, basic computer for my Mom shengchieh General 3 12-18-2005 12:02 AM
Real Programmers Real People Real CS Students nakkaya General 5 07-04-2003 02:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 09:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration