Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-26-2007, 07:05 PM   #1
Registered: Jun 2006
Location: Des Moines
Distribution: Debian Lenny
Posts: 59

Rep: Reputation: 15
home server security questions

I recently set up Apache2 on a spare disk to serve web pages to friends and family. Server is Debian Etch install to which I've added ssh and vsftpd, it's on my LAN behind a hardware firewall with port 80 forwarded.
No critical/private data on the disk. Questions:

One of the other operating systems on this machine is a Debian Etch desktop that I use for backing up data,
running torrents, and as a print server. Would it be unwise to run the Apache2 software on this OS so I can have these features available on a server I'm considering running 24/7? And is this any more risky than running an "isolated" server on a multi-boot machine.

I figure there is some risk involved regardless, just wondering what others with more server experience than I have to say.

Sorry, could a mod move this into the server sub-forum?

Last edited by luis14; 01-26-2007 at 07:12 PM.
Old 01-26-2007, 07:38 PM   #2
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
As long a Apache is kept up to date and port 80 is directed directly to this machine I would say pretty safe. Also I would run firewall on all lan machines and open the only needed ports. One thing you can do is from the router connect to the server machine. Then from that router you could add a second router where all lan machines will be. This will isolate the lan machines from the first router.

1st router port1> Server
1st router port2> 2nd router> lan machines

Old 01-27-2007, 07:04 AM   #3
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
At a minimum, you're going to want to run a file monitoring program like Aide or Samhain. They won't prevent a break-in, but they will let you know what has changed if a break-in occurs. In addition to keeping your system fully patched, you're also going to want to keep any applications your serving through Apache patched. Usually applications are the security problems, not Apache itself.

No critical/private data on the disk
That's nice, but you know what? Crackers don't care. It is the machine they are usually after, not any data.

Head over to the security forum and start reading the articles stickied at the top. unSpawn has done a fantastic job of collecting relevant info on keeping your system safe.
Old 01-27-2007, 08:29 AM   #4
LQ Guru
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 77
Moved: This thread is more suitable in Linux Security and has been moved accordingly to help your thread/question get the exposure it deserves.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
First-time server setup, distro questions, and security concerns Cronus Linux - Newbie 2 01-06-2007 05:19 PM
Questions regarding security/stability on a server in a datacentre profoX Linux - Security 2 06-10-2006 08:32 PM
server behind home router. security concern? taiwf Linux - Security 4 06-08-2006 11:24 PM
Multi-home Box Security Questions mpapet Linux - Security 1 05-17-2005 07:21 PM
Project questions -> old pc as a gateway/proxy server for home thegeekster Linux - Networking 13 07-28-2004 08:51 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:09 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration