You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by InHisGrip <se...@yahoo.com> on 2004/07/29 21:53:27 UTC
[users@httpd] Securing Apache - after successful compile...
Hi guys,
I'd like to ask this group for some suggestions on how
to properly secure my apache server under Fedora Linux
Core 2.
As I have mentioned before on my previous thread, I
intend to setup an apache/postfix server on a DMZ port
of my linksys router. This server is intended as a
family web site showcasing family related pictures and
movies of family gatherings as well as setup mailboxes
for each member of the family.
Along with this, I have already configured all the
necessary requirements such as port forwarding, webhop
and web cloaking among other things.
Now, since I am still in a development stage and am
testing the machine right now. I'd like to ask some
suggestions from this group if what I inted to do
listed below would be a good idea in relation to
apache security in general.
1. Compile a new linux kernel for a more customized
and more robust machine. Having only to use my spare
machine which is not that new, compiling a kernel
would definitely help a bit in the effeciency of the
server.
On this regard, before I compile a kernel which I have
done before, may I know from you guys which services
to enable or disable.
When I did lsof -i, and netstat -nplee I get TCP ports
such as portmap, rpc and xinetd on listen mode. Now,
there were some in this group who suggested that I
need
to compile my own kernel as well as apache before I
let it loose in the open.
Likewise, I am also contemplating on enabling iptables
on this apache server on top of tcp wrappers alongside
with IDS and other auditing tools like snort, tripwire
among others.
Another one also, does making a separate partition for
my web pages such as /www with subdirectories
www.platonfamily.net or www.stprdtimes.com -->
/www/www.platonfamily.net or /www/www.stprdtimes.com
affect my new compile or behavior?
On my previous post, where I made a successful compile
of apache the absolute path was /usr/local/apache2, if
I change the htdocs from /usr/local/apache2/htdocs to
/www/htdocs would this affect apache's behavior?
Should this be okay? What would be the ideal
permission for the directory htdocs be? Does making a
symbolic link of index.htm from /www/htdocs/ to
/www/htdocs/www.platonfamily.net make a security
concern?
Many of the books and howto's in apache.org site
encourage one not to be root all the time and in this
instance create a non privileged user account wherein
apache will run. If we do this, as in login to the
apache box, will the service still run and what if in
case you would like to edit the conf file, as an
ordinary user, you cannot do so because apache only
can be configured and edited as root. Any ideas on
this?
Thanks a lot and hope to hear from anyone soon!
InHisGrip,
Servie
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Error cant start Apache
Posted by Eimantas Vaiciunas <ei...@sc.vu.lt>.
On Friday 30 July 2004 20:06, Christopher Nash wrote:
> Should the perl issues keep it form starting up?
I think yes, since the same thing is with mod_php (if it can't find module or
php is not confugured correctly).
-----
Eimis
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Error cant start Apache
Posted by Christopher Nash <bi...@yahoo.com>.
Should the perl issues keep it form starting up?
Eimantas Vaiciunas <ei...@sc.vu.lt> wrote:On Thursday 29 July 2004 23:02, Christopher Nash wrote:
> For Some reason I cant stop or restart apache now. What does this error
> mean?
>
> /usr/sbin/httpd2 -d /etc/httpd -DSSL -DHAVE_ROAMING -DHAVE_PHP4 -DHAVE_DAV
> -DHAVE_PHP3 -DHAVE_PERL -DHAVE_SSL -DHAVE_PHP :httpd2: Could not determine
> the server's fully qualified domain name, using 127.0.0.1 for
> ServerName[Thu Jul 29 03:55:02 2004] [error] Can't locate
> Apache/Registry.pm in @INC (@INC contains:
> /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at (eval 1)
> line 3.[Thu Jul 29 03:55:02 2004] [error] Can't load Perl module
> Apache::Registry for server 127.0.0.1:0, exiting...
These are mainly (i think) mod_perl problems. And the first one
(ServerName)... Just tweak it a little bit with some domain name or your
local ip number.
-----
Eimis
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
Re: [users@httpd] Error cant start Apache
Posted by Eimantas Vaiciunas <ei...@sc.vu.lt>.
On Thursday 29 July 2004 23:02, Christopher Nash wrote:
> For Some reason I cant stop or restart apache now. What does this error
> mean?
>
> /usr/sbin/httpd2 -d /etc/httpd -DSSL -DHAVE_ROAMING -DHAVE_PHP4 -DHAVE_DAV
> -DHAVE_PHP3 -DHAVE_PERL -DHAVE_SSL -DHAVE_PHP :httpd2: Could not determine
> the server's fully qualified domain name, using 127.0.0.1 for
> ServerName[Thu Jul 29 03:55:02 2004] [error] Can't locate
> Apache/Registry.pm in @INC (@INC contains:
> /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at (eval 1)
> line 3.[Thu Jul 29 03:55:02 2004] [error] Can't load Perl module
> Apache::Registry for server 127.0.0.1:0, exiting...
These are mainly (i think) mod_perl problems. And the first one
(ServerName)... Just tweak it a little bit with some domain name or your
local ip number.
-----
Eimis
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Error cant start Apache
Posted by Christopher Nash <bi...@yahoo.com>.
For Some reason I cant stop or restart apache now. What does this error mean?
/usr/sbin/httpd2 -d /etc/httpd -DSSL -DHAVE_ROAMING -DHAVE_PHP4 -DHAVE_DAV -DHAVE_PHP3 -DHAVE_PERL -DHAVE_SSL -DHAVE_PHP :httpd2: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName[Thu Jul 29 03:55:02 2004] [error] Can't locate Apache/Registry.pm in @INC (@INC contains: /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at (eval 1) line 3.[Thu Jul 29 03:55:02 2004] [error] Can't load Perl module Apache::Registry for server 127.0.0.1:0, exiting...
---------------------------------
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.