LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-24-2006, 02:48 PM   #1
paraiso
Member
 
Registered: Apr 2005
Distribution: Fedora Core 4
Posts: 88

Rep: Reputation: 15
Question LAMP Server Security


Hello,

I'd like to have some advice on web server security issues. I am running a LAMP system on my linux box with port 80 for incoming traffic.

Code:
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
What are the risks?
What precautions should I take ?

Thank you in advance for your help !

Paraiso
 
Old 02-24-2006, 03:20 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
There are so many things to be on top of if you're doing this seriously - I don't like just posting links, but the volume of information really is huge...

Get your box port scanned from somewhere on the internet - make sure that the open ports are the ones you expect. Sites like http://www.hackerwatch.org/probe/, http://scan.sygatetech.com/, and even http://www.grc.com/default.htm can do this. Then check each of the services running for known vulnerabilities, http://www.google.com/ is your friend

Update your kernel and LAMP components to get the latest security patches via yum or http://fedora.redhat.com/download/updates.html. Then start locking down the components.

Linux - get your firewall configured - have a look at http://www.netfilter.org/documentation/index.html;
Apache - go through the steps at http://httpd.apache.org/docs/2.0/mis...rity_tips.html;
MySQL - have a look at http://dev.mysql.com/doc/ and http://www.bugzilla.org/docs/2.22/ht...ity-mysql.html; and
PHP - start at http://www.php.net/.

There's other stuff as well - read your log files (maybe look at logwatch), checkout intrusion detection software (snort, tripwire, chkrootkit, rkhunter, etc.) - the list goes on...

Oh, and keep posting here
 
Old 02-24-2006, 04:53 PM   #3
paraiso
Member
 
Registered: Apr 2005
Distribution: Fedora Core 4
Posts: 88

Original Poster
Rep: Reputation: 15
Thanks gilead for the links! That's a lot but like usually with computer security that's the way to go. So as I understood it, there is no shortcuts for securing my web server?
 
Old 02-24-2006, 05:00 PM   #4
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
Well, if you're happy with your firewall setup - go to the Apache site first and make sure your web server is OK, then try the PHP stuff. I have to admit I haven't thought through the ordering of stuff, I usually have the luxury of setting up the box before connecting it to the network.

Last edited by gilead; 02-24-2006 at 05:02 PM.
 
Old 02-24-2006, 05:48 PM   #5
Malec
LQ Newbie
 
Registered: Feb 2006
Posts: 2

Rep: Reputation: 0
NMAP is also a really good program to use from a management machine to port scan your systems. Only allow what services you want to run. Example - The systems I protect only have three ports active: Port 22, 80, and 113 (Closed). I have set it setup so when our web-master wants to upload new information he establishes an encrypted SSH connection. WINSCP is a good program for this also. Never forget to look into IPtables. Again like others have suggested and pointed out. Keep reading and updated... there will always be never ways to exploit systems.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LAMP server problems dcdbutler Slackware 2 02-20-2006 04:12 PM
New LAMP Server dragondefj Linux - General 5 01-31-2006 02:38 AM
Lamp Server kwickcut Mandriva 1 11-25-2005 11:02 PM
a lamp server like an appliance stlshawn Linux - Newbie 7 10-09-2005 11:28 PM
on-x Rx linux as a LAMP server violentpurrr Linux - Software 0 06-26-2004 01:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration