 
 
 
 
 
Linux Community Forums Linux System Administration Linux Security Security tips for running your own web server?
23 Jan 11
I've been experimenting with running my own web server using CentOS. Here is what I have I have running on it:
mysql server
apache with php enabled
SMF forums software
Besides using strong passwords, installing the latest patches, and having only the ports open that I need, is there anything else that I should be doing security wise?
23 Jan 11
You should also:
* set mysql to disallow admin login from remote systems
* verify that only modules are options that you need are enabled in your httpd.conf configuration file.
* remove all cgi-bin scripts that you do not need
* disable all non-necessary services on the server
* set your firewall to block DOS attacks
* if you are using ssh to get into the server, disable using passwords and use only keys for authentication
25 Jan 11
Also limit max processes and threads per user so a fake process or bomb cannot freeze your system.
I don't mean from Apache, but from the kernel itself.
30 Jan 11
win2tank wrote:
Thanks for the advice.
Andrea Benini, how would I go about doing that?
Andrea wrote a good article on that at http://www.linux.com/community/blogs/security-tip-avoid-fork-bombing-on-popular-distro-check-your-system.html
The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.
Join / Linux Training / Board
