Results 1 to 3 of 3

Thread: Linux Web Server Security.... Share/Save - My123World.Com!

  1. #1
    Garage Newcomer sh3llc0d3r's Avatar
    Join Date
    Jul 2010
    Location
    New Delhi, India,
    Posts
    15

    Post Linux Web Server Security....

    Hello guy,

    i implement LAMP server in test lab now setting up security i know only some basic things, so i want to know the thing which i should know while setting up any web server,
    you can say security check list

    please shear you ideas so i can make secure web server...


    Thanx
    Nothing happens unless first we DREAM

  2. #2
    Here is compliation for you

    The L
    There are lots of good guides available to help you out. This list may or may not help you depending on your distribution.


    Center for Internet Security Benchmarks - Distribution specific for the major flavors
    CentOS Hardening HowTo - Follows closely to the CIS RHEL5 guide, but is a much easier read
    NIST SP800-123 - Guide to General Server Security
    NSA Hardening Factsheets - Not as recently updated as CIS, but still mostly applicable
    Tiger - Live System Security Auditing Software


    The A
    Apache can be fun to secure. I find it easier to harden the OS and maintain usability than either Apache or PHP.


    Apache Server Hardening - This question on the IT Security sister site has lots of good information.
    Center for Internet Security Benchmarks - Again, Apache benchmarks.
    Apache Security Tips - Straight from the Apache project, it looks like it covers the basics
    DISA Hardening Checklist - Checklist from the DoD Information Assurance guys


    The M


    Center for Internet Security Benchmarks - Again, but for MySQL benchmarks
    OWASP MySQL Hardening
    General Security Guidelines - Basic checklist from the project devs


    The P
    This runs headlong into the whole idea of Secure Programming Practices, which is an entire discipline of its own. SANS and OWASP have a ridiculous amount of information on the subject, so I won't try to replicate it here. I will focus on the runtime configuration and let your developers worry about the rest. Sometimes the 'P' in LAMP refers to Perl, but usually PHP. I am assuming the latter.


    Hardening PHP - Some minor discussion, also on IT Security SE site.
    Hardened PHP Project - Main project that produces Suhosin, an attempt to patch the PHP application to project against certain types of attacks.
    Hardening PHP With Suhosin - A brief HowTo specifically for Suhosin
    Hardening PHP from php.ini - Short, but not bad discussion on some of the security related runtime options

    Thanks to Scott Pack from serverfaults for compilation
    Orkut id: neo1981
    Blog: infosec-neo.blogspot.com
    Nothing is Impossible*


    *Conditions Apply

  3. #3
    Garage Newcomer sh3llc0d3r's Avatar
    Join Date
    Jul 2010
    Location
    New Delhi, India,
    Posts
    15
    I hearty thanks for your valuable replay..
    its bit long but surely help me lot...
    Nothing happens unless first we DREAM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •