Securing Apache on FD2
Hey guys, I just found this site, it looks great. I'm setting up a webserver at my school as part of a class. The school gave me FD2 as the OS. So far, all I've done is install Apache, put in a bootloader password, and write a startup script to disable all unneeded services. I created an account for the webmaster to SSH in, and made his home directory the document root for Apache. I installed tripwire and I'm getting ready to run Nessus on it to search for vulnerabilities. I also have iptables blocking all traffic except Web and SSH.
I've never used Linux before, so this is all new to me. I tried to run Apache in chroot jail, but it wasn't working properly. Do you guys know of any good tutorial sites specifically for Apache on FD2? I've searched the Web but I could only find tuts for Debian, FreeBSD, etc.
And am I even going in the right direction as far as securing the box? Is there anything else I should be doing? The box is going to be in a DMZ but I'm not responsible for setting up that firewall, so I don't know how tight it's going to be.
Thanks in advance.
|