Firefox 16, a treat for developers http://t.co/cnd27CzT
Three steps to securing LAMP Servers
Maintaining a secure Web server on a Linux platform truly tests your knowledge of server-side in Linux, Apache and PHP. You will have to ensure three features on every installation-it should be easy but powerful to use, it should increase your productivity and on top of these two the server should be secure. Across most installations, LAMP server security is easy if you consistently follow certain fundamental rules.
Hardening Linux OS
The most important step is to harden the Linux OS. There are three areas that need attention to ensure robust Linux OS-the kernel, the MAC and the Firewall.
1- Kernel Hardening
Most intruders aim to break beyond the limited user area and gain access to root areas. The limited user nobody is specific to the Operating System. On Red Hat distros, CentOS, Apache is the default. Usually, www-data is associated with Debian family and Ubuntu.
Mandatory Access Control or MAC for accessing compilers such as gcc, utilities or system configuration files is a feature, which is not required for regular user of a common web server set-up. Mac Tools such as SELinux for RedHat, AppArmor for Ubuntu minimize attacks largely. However, wrong configuration of these would actually do more harm than good, since attackers can easily be compromise your server by using false-positives. This is one of the main reasons for MAC tools to have non-enforcing modes and allow reconfiguration. Alternatively, setting the permissions to 700 for some of the executions and allowing only the root to use them.
3- Protect server with firewall
It is very important that both incoming as well as outgoing traffic from servers to protect it from malicious attacks. Though, incoming traffic is well studied for malicious content, there are times when local executions too could have malicious scripts. Tested and secure method are iptables chains are set to DROP by default. Here, care has to be taken on running the incoming and outgoing connections. Most web scripts need RSS, external APIs and it has to be ensured that these are allowed. There are options, which work similar to iptables firewalls. Scripts can itself be used to generate the rules to maintain and run the firewall. There are software available to help you do this, like Shorewall or one could even explore Firestarter.
Apache Servers are easy to secure with simple installs
Apache servers like nginx or LiteSpeed are very well protected when mod_security, mod_evasive are installed. Additionally, filtering IP addresses of visitors will further secure the web server. For this, most effective would be the mod_httpbl (belonging to Project Honeypot), which is very effective in blocking known malicious-ware.
Another popular usage is the mod_geoip, as it allows access to visitors from certain countries only.
More commonly, PHP is the ideal server-side open-source software. With some resourceful directives, server-side security maintenance is made easy, though precautions have to be taken with some of the shell code executions.
Like us on Facebook
This week Top Posts
- Top Things to do After Installing Ubuntu 13.04 ‘Raring Ringtail’ : Ubuntu 13.04 Raring Ringtail final is almost out. The final release it scheduled for release on Apri...0 comment(s) |
- Howto: Upgrade to Ubuntu 13.04 Raring Ringtail from 12.04, 12,10 | Desktop & Server : Updated 05-04-2013: Ubuntu 13.04 Raring Ringtail will be released Soon, If you have ubuntu 12,10, 12...0 comment(s) |
- Install lamp with 1 command in Ubuntu 12.10, 13.04 Raring Ringtail & LinuxMint13 : Updated: 10/09/2012 :LAMP (Linux, Apache, MySQL and PHP) is an open source Web development platform ...1 comment(s) |
- Howto- Resolve nosound problem on Ubuntu 13.04 Raring Ringtail,12.10 and Older : Updated 05/04/2013 : One of the common issues facing Ubuntu users after installing or upgrading Ubun...0 comment(s) |
- Configure conky-Lua in Ubuntu (12.10 & 13.04 Raring Ringtail), Fedora, debian and LinuxMint | Howto Conky : Updated 05-04-2013: Conky is a free, light-weight system monitor for X, that displays any informatio...0 comment(s) |
- Install and Configure Samba share in Ubuntu 13.04 Raring Ringtail , 12.10, 12.04| Howto : Updated 05-04-2013: One of the most asked features for Samba is a graphical user interface to help w...0 comment(s) |
- Unix/Linux File Recognition. Did You Know?
- Migrate from MySQL to MariaDB in FreeBSD
- Connect Your Android Galaxy Tablet to Ubuntu via USB
- ElementaryOS Beta 1 and 2 Comparison and Review
- Introduction to the Linux Command Line
- A Secure Password
- Linux Kernel 3.10. It’s BIG!
- Monitoring Users Activity Using psacct or acct Tools in Linux
- Run Your Own Social Network Using elgg on RHEL / CentOS and Scientific Linux
- Getting Debian 7.0 ‘Wheezy’ Up and Running
Copyright © 2008-2013 Unixmen.com .