Three steps to securing LAMP Servers
Maintaining a secure Web server on a Linux platform truly tests your knowledge of server-side in Linux, Apache and PHP. You will have to ensure three features on every installation-it should be easy but powerful to use, it should increase your productivity and on top of these two the server should be secure. Across most installations, LAMP server security is easy if you consistently follow certain fundamental rules.
Hardening Linux OS
The most important step is to harden the Linux OS. There are three areas that need attention to ensure robust Linux OS-the kernel, the MAC and the Firewall.
1- Kernel Hardening
Most intruders aim to break beyond the limited user area and gain access to root areas. The limited user nobody is specific to the Operating System. On Red Hat distros, CentOS, Apache is the default. Usually, www-data is associated with Debian family and Ubuntu.
Mandatory Access Control or MAC for accessing compilers such as gcc, utilities or system configuration files is a feature, which is not required for regular user of a common web server set-up. Mac Tools such as SELinux for RedHat, AppArmor for Ubuntu minimize attacks largely. However, wrong configuration of these would actually do more harm than good, since attackers can easily be compromise your server by using false-positives. This is one of the main reasons for MAC tools to have non-enforcing modes and allow reconfiguration. Alternatively, setting the permissions to 700 for some of the executions and allowing only the root to use them.
3- Protect server with firewall
It is very important that both incoming as well as outgoing traffic from servers to protect it from malicious attacks. Though, incoming traffic is well studied for malicious content, there are times when local executions too could have malicious scripts. Tested and secure method are iptables chains are set to DROP by default. Here, care has to be taken on running the incoming and outgoing connections. Most web scripts need RSS, external APIs and it has to be ensured that these are allowed. There are options, which work similar to iptables firewalls. Scripts can itself be used to generate the rules to maintain and run the firewall. There are software available to help you do this, like Shorewall or one could even explore Firestarter.
Apache Servers are easy to secure with simple installs
Apache servers like nginx or LiteSpeed are very well protected when mod_security, mod_evasive are installed. Additionally, filtering IP addresses of visitors will further secure the web server. For this, most effective would be the mod_httpbl (belonging to Project Honeypot), which is very effective in blocking known malicious-ware.
Another popular usage is the mod_geoip, as it allows access to visitors from certain countries only.
More commonly, PHP is the ideal server-side open-source software. With some resourceful directives, server-side security maintenance is made easy, though precautions have to be taken with some of the shell code executions.
Like us on Facebook
We need your assistance to stay live
This week Top Posts
- Top Things To Do After Installing Ubuntu 13.10 'Saucy Salamander' : Ubuntu 13.10 Saucy Salamander will be released on coming October 17th with many new salient featur...0 comments |
- Wow! Linux Foundation To Offer Free Linux Course This Summer Worth $2,400 on EdX : Wow! Early last week it was all over the internet, if you haven't heard it yet then this is the t...0 comments |
- Grive: An Unofficial, Open Source Linux Client For Google Drive : A couple of months before, we have featured a Linux client for Google Drive named Syncdrive, which w...1 comment |
- How To Upgrade From Ubuntu 13.04 Raring To Ubuntu 13.10 Saucy Salamander : Ubuntu 13.10 Saucy will be released on October 17th. Hope it will come with lot of improvements and ...0 comments |
- Install LAMP Server (Apache, MySQL or MariaDB, PHP) On Ubuntu 13.10 : Updated January 12, 2014 LAMP is a combination of operating system and open-source software stack. ...0 comments |
- How To "Fix E: Could not open file /var/lib/dpkg/status" : QUESTION: I get the following error when I use sudo apt-get update: E: Could not open file /var/...0 comments |
- Install Sublime Text 3 In Fedora Easily With Fedy
- Grive: An Unofficial, Open Source Linux Client For Google Drive
- Install nSnake Game In Terminal
- How To “Fix E: Could not open file /var/lib/dpkg/status”
- Wow! Linux Foundation To Offer Free Linux Course This Summer Worth $2,400 on EdX
- Fedora 21 Scheduled For Release In October
- Install Uget Download Manager In Ubuntu, Fedora, Debian
- Download Elementary OS ‘Luna’ Official Wallpapers
- Install Power Commands 0.1.5 On Ubuntu 14.04/13.10/12.10/12.04
- 5 Android Apps that’s Going to Make Running Your Business Less Stressful
This work by unixmen.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Copyright © 2008-2013 Unixmen.com .