Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-24-2006, 02:48 PM
|
#1
|
Member
Registered: Apr 2005
Distribution: Fedora Core 4
Posts: 88
Rep:
|
LAMP Server Security
Hello,
I'd like to have some advice on web server security issues. I am running a LAMP system on my linux box with port 80 for incoming traffic.
Code:
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
What are the risks?
What precautions should I take ?
Thank you in advance for your help !
Paraiso
|
|
|
02-24-2006, 03:20 PM
|
#2
|
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141
Rep:
|
There are so many things to be on top of if you're doing this seriously - I don't like just posting links, but the volume of information really is huge...
Get your box port scanned from somewhere on the internet - make sure that the open ports are the ones you expect. Sites like http://www.hackerwatch.org/probe/, http://scan.sygatetech.com/, and even http://www.grc.com/default.htm can do this. Then check each of the services running for known vulnerabilities, http://www.google.com/ is your friend
Update your kernel and LAMP components to get the latest security patches via yum or http://fedora.redhat.com/download/updates.html. Then start locking down the components.
Linux - get your firewall configured - have a look at http://www.netfilter.org/documentation/index.html;
Apache - go through the steps at http://httpd.apache.org/docs/2.0/mis...rity_tips.html;
MySQL - have a look at http://dev.mysql.com/doc/ and http://www.bugzilla.org/docs/2.22/ht...ity-mysql.html; and
PHP - start at http://www.php.net/.
There's other stuff as well - read your log files (maybe look at logwatch), checkout intrusion detection software (snort, tripwire, chkrootkit, rkhunter, etc.) - the list goes on...
Oh, and keep posting here
|
|
|
02-24-2006, 04:53 PM
|
#3
|
Member
Registered: Apr 2005
Distribution: Fedora Core 4
Posts: 88
Original Poster
Rep:
|
Thanks gilead for the links! That's a lot but like usually with computer security that's the way to go. So as I understood it, there is no shortcuts for securing my web server?
|
|
|
02-24-2006, 05:00 PM
|
#4
|
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141
Rep:
|
Well, if you're happy with your firewall setup - go to the Apache site first and make sure your web server is OK, then try the PHP stuff. I have to admit I haven't thought through the ordering of stuff, I usually have the luxury of setting up the box before connecting it to the network.
Last edited by gilead; 02-24-2006 at 05:02 PM.
|
|
|
02-24-2006, 05:48 PM
|
#5
|
LQ Newbie
Registered: Feb 2006
Posts: 2
Rep:
|
NMAP is also a really good program to use from a management machine to port scan your systems. Only allow what services you want to run. Example - The systems I protect only have three ports active: Port 22, 80, and 113 (Closed). I have set it setup so when our web-master wants to upload new information he establishes an encrypted SSH connection. WINSCP is a good program for this also. Never forget to look into IPtables. Again like others have suggested and pointed out. Keep reading and updated... there will always be never ways to exploit systems.
|
|
|
All times are GMT -5. The time now is 09:49 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|