You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Grant <em...@yahoo.com> on 2004/07/01 22:21:39 UTC
Re: [users@httpd] Locking down my system for the first time
--- oliver@veryhip.com wrote:
> Well, it's probably a bit off topic to talk about
> security, but I'd get a port scanner and run it both
> locally and remotely until you have closed every
> port to
> the world that you can, so that they are only
> accessible
> locally if you don't need them globally. Then, I'd
> setup
> some triggers in a program to monitor your logs that
> will
> email you in the event of an intrusion. I'd look at
> getting a good hardware firewall or maybe even a
> whole
> computer with a Linux firewall and log all requests
> and
> setup triggers for that as well to email you in case
> something happens. I just look at my logs and have
> learned what to parse from them to find the "bad
> people",
> but I don't take credit card numbers or anything
> like
> that... so it's tough if your taking CC#'s. I'd
> defin.
> encrypt the #'s in a very weird and backwards way
> ;].
>
> Best luck,
> Oliver
That all sounds like really good advice, but I was
thinking more along the lines of configurations and
settings. It seems like there must be things I should
add to my configuration files or something like that.
- Grant
>
> Grant said:
>
> > --- Grant <em...@yahoo.com> wrote:
> >> --- Grant <em...@yahoo.com> wrote:
> >> > I'm setting up my first web server (been on
> shared
> >> > hosting until now) and all of the data on it is
> >> > currently test or system data. I'm about to
> move
> >> > the
> >> > code for my online store over to it, but first
> I
> >> > want
> >> > to lock down the security aspects of the
> system.
> >> > Basically: What should I do? I really don't
> have
> >> > any
> >> > idea where to start (short of a Google search)
> and
> >> I
> >> > wanted to see what you guys have to say to a
> >> > first-timer like me.
> >> >
> >> > - Grant
> >>
> >> I realized as soon as I sent this that I should
> have
> >> mentioned what I'm running. It's:
> >>
> >> Gentoo Linux
> >> apache2
> >> perl
> >> mod_perl
> >> sendmail
> >> postgresql
> >> gnupg
> >>
> >> I think that's it. Thanks!
> >>
> >> - Grant
> >
> > openssl
> >
> > I'm going to have to add these suckers as I
> remember
> > them. I'm keeping a list now.
> >
> > - Grant
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Locking down my system for the first time
Posted by aman <ar...@techquotes.com>.
First advice
http://www.w3.org/Security/Faq/www-security-faq.html
As far as apache configuration is concerned, this is what you ought to
follow and keep track of
http://httpd.apache.org/docs-2.0/misc/security_tips.html
HTH
Aman Raheja
http://www.techquotes.com
On Thu, 2004-07-01 at 15:21, Grant wrote:
> --- oliver@veryhip.com wrote:
> > Well, it's probably a bit off topic to talk about
> > security, but I'd get a port scanner and run it both
> > locally and remotely until you have closed every
> > port to
> > the world that you can, so that they are only
> > accessible
> > locally if you don't need them globally. Then, I'd
> > setup
> > some triggers in a program to monitor your logs that
> > will
> > email you in the event of an intrusion. I'd look at
> > getting a good hardware firewall or maybe even a
> > whole
> > computer with a Linux firewall and log all requests
> > and
> > setup triggers for that as well to email you in case
> > something happens. I just look at my logs and have
> > learned what to parse from them to find the "bad
> > people",
> > but I don't take credit card numbers or anything
> > like
> > that... so it's tough if your taking CC#'s. I'd
> > defin.
> > encrypt the #'s in a very weird and backwards way
> > ;].
> >
> > Best luck,
> > Oliver
>
> That all sounds like really good advice, but I was
> thinking more along the lines of configurations and
> settings. It seems like there must be things I should
> add to my configuration files or something like that.
>
> - Grant
>
> >
> > Grant said:
> >
> > > --- Grant <em...@yahoo.com> wrote:
> > >> --- Grant <em...@yahoo.com> wrote:
> > >> > I'm setting up my first web server (been on
> > shared
> > >> > hosting until now) and all of the data on it is
> > >> > currently test or system data. I'm about to
> > move
> > >> > the
> > >> > code for my online store over to it, but first
> > I
> > >> > want
> > >> > to lock down the security aspects of the
> > system.
> > >> > Basically: What should I do? I really don't
> > have
> > >> > any
> > >> > idea where to start (short of a Google search)
> > and
> > >> I
> > >> > wanted to see what you guys have to say to a
> > >> > first-timer like me.
> > >> >
> > >> > - Grant
> > >>
> > >> I realized as soon as I sent this that I should
> > have
> > >> mentioned what I'm running. It's:
> > >>
> > >> Gentoo Linux
> > >> apache2
> > >> perl
> > >> mod_perl
> > >> sendmail
> > >> postgresql
> > >> gnupg
> > >>
> > >> I think that's it. Thanks!
> > >>
> > >> - Grant
> > >
> > > openssl
> > >
> > > I'm going to have to add these suckers as I
> > remember
> > > them. I'm keeping a list now.
> > >
> > > - Grant
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Locking down my system for the first time
Posted by Grant <em...@yahoo.com>.
--- oliver@veryhip.com wrote:
> Grant,
>
> Ask a more specific question if it's about Apache
> security. Try the Gentoo Linux users group for
> other
> security and read the documentation for the software
> and
> services you run and register to those mailing
> lists, we
> might make some people mad if we keep talking about
> internet security in the Apache users group ;].
>
> Cheers,
> Oliver
Ok, no problem. I thought this would be a good place
to ask, but you're right it is OT.
Thanks for the links Aman!
- Grant
>
> Grant said:
>
> > That all sounds like really good advice, but I was
> > thinking more along the lines of configurations
> and
> > settings. It seems like there must be things I
> should
> > add to my configuration files or something like
> that.
> >
> > - Grant
> >
> >>
> >> Grant said:
> >>
> >> > --- Grant <em...@yahoo.com> wrote:
> >> >> --- Grant <em...@yahoo.com> wrote:
> >> >> > I'm setting up my first web server (been on
> >> shared
> >> >> > hosting until now) and all of the data on it
> is
> >> >> > currently test or system data. I'm about to
> >> move
> >> >> > the
> >> >> > code for my online store over to it, but
> first
> >> I
> >> >> > want
> >> >> > to lock down the security aspects of the
> >> system.
> >> >> > Basically: What should I do? I really don't
> >> have
> >> >> > any
> >> >> > idea where to start (short of a Google
> search)
> >> and
> >> >> I
> >> >> > wanted to see what you guys have to say to a
> >> >> > first-timer like me.
> >> >> >
> >> >> > - Grant
> >> >>
> >> >> I realized as soon as I sent this that I
> should
> >> have
> >> >> mentioned what I'm running. It's:
> >> >>
> >> >> Gentoo Linux
> >> >> apache2
> >> >> perl
> >> >> mod_perl
> >> >> sendmail
> >> >> postgresql
> >> >> gnupg
> >> >>
> >> >> I think that's it. Thanks!
> >> >>
> >> >> - Grant
> >> >
> >> > openssl
> >> >
> >> > I'm going to have to add these suckers as I
> >> remember
> >> > them. I'm keeping a list now.
> >> >
> >> > - Grant
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail - 50x more storage than other
> providers!
> > http://promotions.yahoo.com/new_mail
> >
> >
>
---------------------------------------------------------------------
> > The official User-To-User support forum of the
> Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html>
> for more
> > info.
> > To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> > " from the digest:
> > users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail:
> > users-help@httpd.apache.org
> >
> >
>
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Locking down my system for the first time
Posted by ol...@veryhip.com.
Grant,
Ask a more specific question if it's about Apache
security. Try the Gentoo Linux users group for other
security and read the documentation for the software and
services you run and register to those mailing lists, we
might make some people mad if we keep talking about
internet security in the Apache users group ;].
Cheers,
Oliver
Grant said:
> That all sounds like really good advice, but I was
> thinking more along the lines of configurations and
> settings. It seems like there must be things I should
> add to my configuration files or something like that.
>
> - Grant
>
>>
>> Grant said:
>>
>> > --- Grant <em...@yahoo.com> wrote:
>> >> --- Grant <em...@yahoo.com> wrote:
>> >> > I'm setting up my first web server (been on
>> shared
>> >> > hosting until now) and all of the data on it is
>> >> > currently test or system data. I'm about to
>> move
>> >> > the
>> >> > code for my online store over to it, but first
>> I
>> >> > want
>> >> > to lock down the security aspects of the
>> system.
>> >> > Basically: What should I do? I really don't
>> have
>> >> > any
>> >> > idea where to start (short of a Google search)
>> and
>> >> I
>> >> > wanted to see what you guys have to say to a
>> >> > first-timer like me.
>> >> >
>> >> > - Grant
>> >>
>> >> I realized as soon as I sent this that I should
>> have
>> >> mentioned what I'm running. It's:
>> >>
>> >> Gentoo Linux
>> >> apache2
>> >> perl
>> >> mod_perl
>> >> sendmail
>> >> postgresql
>> >> gnupg
>> >>
>> >> I think that's it. Thanks!
>> >>
>> >> - Grant
>> >
>> > openssl
>> >
>> > I'm going to have to add these suckers as I
>> remember
>> > them. I'm keeping a list now.
>> >
>> > - Grant
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org