LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-25-2011, 06:31 AM   #1
Deemo
LQ Newbie
 
Registered: Aug 2011
Posts: 24

Rep: Reputation: Disabled
Linux Webserver which distro and how to secure


Hi

I'm a complete novice to linux especially command line. i have used server for several years but generally at the graphic end like cpanel and webmin/virutalmin

I am now about to endeavor setting up my 1st linux box as a live webserver the isp will do basic install of the distro and provide SSH access.

But the advice i'm looking for is what i do beyond that the last server we had was compromised so i'm particularity wary of security to stop any future compromises. most websites are wordpress or joomla so i need to guard against SQL Injection.

I don't know if there is a good book / website i could use as a guide to the setup. Last server was Debian so may go with that or maybe centos.

Any advice be greatly appreciated

Thanks

Nadeem
 
Old 08-25-2011, 08:49 PM   #2
jefro
Moderator
 
Registered: Mar 2008
Posts: 16,854

Rep: Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487
I'd run it off a CD/DVD. I doubt they could hack that much.

Secure usually is a BSD but even that is subject to any app. It is partly the app and partly how secure the default install is and then the holes tend to be put in from even simple apps. Common /bin apps have all sorts of holes.
 
Old 08-25-2011, 11:18 PM   #3
Deemo
LQ Newbie
 
Registered: Aug 2011
Posts: 24

Original Poster
Rep: Reputation: Disabled
CD / DVD is not an option with most isp's It needs to be a HDD installation

I know generally there is no such thing as fully secure. but i'm sure people must configure servers to be quite secure beyond a standard installation. With extra say Apache modules, firewalls, Intrusion detection / prevention software.

So i was hoping someone might say. Well do this to Apache and use mod_security2 and xyz etc

See from a standard installation you can add abit more security to make it difficult to compromise and with the right monitoring software i'm sure you could detect a compromise and what was done and fix it thats all i'm after
 
Old 08-26-2011, 12:56 AM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,395

Rep: Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395
You should head on over to the Security forum and start by reading the Sticky notes there.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up secure apache2 webserver https access on suse linux 9.2 svanati SUSE / openSUSE 4 12-21-2004 08:07 PM
Looking for specific linux distro -- Help me set up a webserver flamesrock Linux - Software 7 03-04-2004 07:04 AM
Linux Distro for old hardware webserver neocryptek Linux - Software 5 11-13-2003 09:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration