Security Basics
Linux Web Server Hardening (LAMP + Wiki) Jan 25 2013 09:31PM
Jeffrey Walton (noloader gmail com) (7 replies)
RE: Linux Web Server Hardening (LAMP + Wiki) Jan 29 2013 03:58PM
Tommy Thomas (webmaster ocaladesigns com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 29 2013 06:44AM
Jeffrey Walton (noloader gmail com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 03:56PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 30 2013 01:11AM
Tracy Reed (treed ultraviolet org)
Re:Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 02:45PM
forgaoqiang (forgaoqiang gmail com) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 30 2013 08:23PM
gremlin gremlin ru
RE: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 09:40AM
Balakrishnan Nadar (balakrishnan nadar tatacommunications com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 08:39AM
Henri Salo (henri nerv fi)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 08:19AM
Eric Furman (ericfurman fastmail net) (10 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 06:48PM
James Thomas (jim nimblesec com) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 29 2013 02:40PM
Michael Peppard (mpeppard impole com)
RE: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 04:32PM
Ulm, Matt (Matt Ulm edelman com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 04:19PM
Jason M (jmillette datavalet com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 04:09PM
Littlefield, Tyler (tyler tysdomain com)
RE: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 02:43PM
Emre Tugriceri (emre tugriceri com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 12:53PM
Ansgar Wiechers (bugtraq planetcobalt net) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 31 2013 06:39AM
Eric Furman (ericfurman fastmail net) (2 replies)
RE: Linux Web Server Hardening (LAMP + Wiki) Feb 03 2013 01:25AM
Steve Elkins (stevee epits com au) (1 replies)

1. It's common knowledge that you don't install X on service based Linux servers, you use the command line and that's it - people who do install X aren't being serious or are still learning
2. Minimal OS install with only the packages required to run the service, administer the box and provide host based protection
3. Follow guides to harden OS and the services (Apache, PHP, MySQL etc)
4. If possible run the services from chroot jail (many guides to do this)
5. Install Apache and PHP security modules
6. Keep system and packages patched and keep informed on security issues with the services through SAN, auscert etc

That's just a small amount of baseline security that should be applied to all your Linux servers - once you understand the service and possible attack points then you can keep going much deeper

While the default install of a Linux server with X and no hardening could be debated to be less or more secure than a similar setup on Windows - saying Linux is not secure is plainly trolling.

________________________________________
From: listbounce (at) securityfocus (dot) com [email concealed] [listbounce (at) securityfocus (dot) com [email concealed]] on behalf of Eric Furman [ericfurman (at) fastmail (dot) net [email concealed]]
Sent: Thursday, 31 January 2013 2:39 PM
To: Ansgar Wiechers
Cc: Security Basics
Subject: Re: Linux Web Server Hardening (LAMP + Wiki)

On Mon, Jan 28, 2013, at 07:53 AM, Ansgar Wiechers wrote:
> On 2013-01-28 Eric Furman wrote:
> > On Fri, Jan 25, 2013, at 04:31 PM, Jeffrey Walton wrote:
> >> Is anyone aware of a hardening guide for a Linux LAMP server with a
> >> Wiki component?
> >>
> >> I have an older Linux Server hardening book, but nothing recent. I
> >> have not seen a Wiki hardening document.
> >
> > Don't use Linux. It is insecure. Use Windows or one of the BSDs.
> > All are much more secure.
>
> Do you have an argument to go with that opinion?

Yes. I hate all Microsoft products, but they have made serious efforts
to
improve the security of their products. On the other hand, with a few
notable exceptions, Linux hackers not only have no concern for security
some of them even have an open hostility and disdain for it;
http://lmgtfy.com/?q=Linus+Torvalds+security

AAAAAnd everyone runs X. X is quite possibly the most insecure piece
of crap that everybody runs on their systems. The X consortium knows
this and has repeatedly refused to even address the issue. To paraphrase
a well known UNIX security expert, X doesn't act like root. It acts like
the
f*****g Kernal!
Microsoft, on the other hand, has already fixed this issue.
Who's more insecure now?

P.S. You're all crackpots who don't understand security.
//xkcd.com/1166/

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Linux Web Server Hardening (LAMP + Wiki) Feb 04 2013 08:53PM
Jeffrey Walton (noloader gmail com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 31 2013 04:20PM
Ansgar Wiechers (bugtraq planetcobalt net)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 12:23PM
Michael Zoet (Michael Zoet zoet de)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 12:09PM
DragonSlay3r (gdragonslay gmail com) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 30 2013 07:57PM
gremlin gremlin ru (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Feb 02 2013 02:11AM
Eric Furman (ericfurman fastmail net)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 10:48AM
Joerg Stephan (johe stephan ymail com)
RE: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 08:46AM
Arie Claassens (arie_claassens hotmail com) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Feb 03 2013 06:53AM
Juan F. Campos - Computalleres.com (jfcampos computalleres com)


 

Privacy Statement
Copyright 2010, SecurityFocus