Linux.com

Home Linux Community Forums Linux System Administration Linux Security Security tips for running your own web server?

Security tips for running your own web server?

Link to this post 23 Jan 11

I've been experimenting with running my own web server using CentOS. Here is what I have I have running on it:

mysql server
apache with php enabled

SMF forums software

Besides using strong passwords, installing the latest patches, and having only the ports open that I need, is there anything else that I should be doing security wise?

Link to this post 23 Jan 11

You should also:
* set mysql to disallow admin login from remote systems
* verify that only modules are options that you need are enabled in your httpd.conf configuration file.
* remove all cgi-bin scripts that you do not need
* disable all non-necessary services on the server
* set your firewall to block DOS attacks

* if you are using ssh to get into the server, disable using passwords and use only keys for authentication

Link to this post 25 Jan 11

Also limit max processes and threads per user so a fake process or bomb cannot freeze your system.
I don't mean from Apache, but from the kernel itself.

Link to this post 30 Jan 11

Thanks for the advice.

Andrea Benini, how would I go about doing that?

Link to this post 30 Jan 11

win2tank wrote:

Thanks for the advice.

Andrea Benini, how would I go about doing that?

Andrea wrote a good article on that at http://www.linux.com/community/blogs/security-tip-avoid-fork-bombing-on-popular-distro-check-your-system.html

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board