Security Basics
Linux Web Server Hardening (LAMP + Wiki) Jan 25 2013 09:31PM
Jeffrey Walton (noloader gmail com) (7 replies)
RE: Linux Web Server Hardening (LAMP + Wiki) Jan 29 2013 03:58PM
Tommy Thomas (webmaster ocaladesigns com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 29 2013 06:44AM
Jeffrey Walton (noloader gmail com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 03:56PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 30 2013 01:11AM
Tracy Reed (treed ultraviolet org)
Re:Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 02:45PM
forgaoqiang (forgaoqiang gmail com) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 30 2013 08:23PM
gremlin gremlin ru
RE: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 09:40AM
Balakrishnan Nadar (balakrishnan nadar tatacommunications com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 08:39AM
Henri Salo (henri nerv fi)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 08:19AM
Eric Furman (ericfurman fastmail net) (10 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 06:48PM
James Thomas (jim nimblesec com) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 29 2013 02:40PM
Michael Peppard (mpeppard impole com)
RE: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 04:32PM
Ulm, Matt (Matt Ulm edelman com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 04:19PM
Jason M (jmillette datavalet com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 04:09PM
Littlefield, Tyler (tyler tysdomain com)
RE: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 02:43PM
Emre Tugriceri (emre tugriceri com)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 12:53PM
Ansgar Wiechers (bugtraq planetcobalt net) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 31 2013 06:39AM
Eric Furman (ericfurman fastmail net) (2 replies)
RE: Linux Web Server Hardening (LAMP + Wiki) Feb 03 2013 01:25AM
Steve Elkins (stevee epits com au) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Feb 04 2013 08:53PM
Jeffrey Walton (noloader gmail com)
Hi Steve,

> 1. It's common knowledge that you don't install X on service based Linux servers,
Well, I'm not an X expert (or Linux hardening for that matter), but
this would surprise me if its because "X is insecure" (for some
reasonable definition of secure). I would expect X to be its own
island of security.

> you use the command line and that's it - people who do install X aren't being serious or are still learning
I like point and click because I don't like man pages :) They seem to
have become mutually exclusive.

Jeff

On Sat, Feb 2, 2013 at 8:25 PM, Steve Elkins <stevee (at) epits.com (dot) au [email concealed]> wrote:
>
> 1. It's common knowledge that you don't install X on service based Linux servers, you use the command line and that's it - people who do install X aren't being serious or are still learning
> 2. Minimal OS install with only the packages required to run the service, administer the box and provide host based protection
> 3. Follow guides to harden OS and the services (Apache, PHP, MySQL etc)
> 4. If possible run the services from chroot jail (many guides to do this)
> 5. Install Apache and PHP security modules
> 6. Keep system and packages patched and keep informed on security issues with the services through SAN, auscert etc
>
> That's just a small amount of baseline security that should be applied to all your Linux servers - once you understand the service and possible attack points then you can keep going much deeper
>
> While the default install of a Linux server with X and no hardening could be debated to be less or more secure than a similar setup on Windows - saying Linux is not secure is plainly trolling.
>
> ________________________________________
> From: listbounce (at) securityfocus (dot) com [email concealed] [listbounce (at) securityfocus (dot) com [email concealed]] on behalf of Eric Furman [ericfurman (at) fastmail (dot) net [email concealed]]
> Sent: Thursday, 31 January 2013 2:39 PM
> To: Ansgar Wiechers
> Cc: Security Basics
> Subject: Re: Linux Web Server Hardening (LAMP + Wiki)
>
> On Mon, Jan 28, 2013, at 07:53 AM, Ansgar Wiechers wrote:
>> On 2013-01-28 Eric Furman wrote:
>> > On Fri, Jan 25, 2013, at 04:31 PM, Jeffrey Walton wrote:
>> >> Is anyone aware of a hardening guide for a Linux LAMP server with a
>> >> Wiki component?
>> >>
>> >> I have an older Linux Server hardening book, but nothing recent. I
>> >> have not seen a Wiki hardening document.
>> >
>> > Don't use Linux. It is insecure. Use Windows or one of the BSDs.
>> > All are much more secure.
>>
>> Do you have an argument to go with that opinion?
>
> Yes. I hate all Microsoft products, but they have made serious efforts
> to
> improve the security of their products. On the other hand, with a few
> notable exceptions, Linux hackers not only have no concern for security
> some of them even have an open hostility and disdain for it;
> http://lmgtfy.com/?q=Linus+Torvalds+security
>
> AAAAAnd everyone runs X. X is quite possibly the most insecure piece
> of crap that everybody runs on their systems. The X consortium knows
> this and has repeatedly refused to even address the issue. To paraphrase
> a well known UNIX security expert, X doesn't act like root. It acts like
> the
> f*****g Kernal!
> Microsoft, on the other hand, has already fixed this issue.
> Who's more insecure now?
>
> P.S. You're all crackpots who don't understand security.
> //xkcd.com/1166/

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 31 2013 04:20PM
Ansgar Wiechers (bugtraq planetcobalt net)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 12:23PM
Michael Zoet (Michael Zoet zoet de)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 12:09PM
DragonSlay3r (gdragonslay gmail com) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 30 2013 07:57PM
gremlin gremlin ru (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Feb 02 2013 02:11AM
Eric Furman (ericfurman fastmail net)
Re: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 10:48AM
Joerg Stephan (johe stephan ymail com)
RE: Linux Web Server Hardening (LAMP + Wiki) Jan 28 2013 08:46AM
Arie Claassens (arie_claassens hotmail com) (1 replies)
Re: Linux Web Server Hardening (LAMP + Wiki) Feb 03 2013 06:53AM
Juan F. Campos - Computalleres.com (jfcampos computalleres com)


 

Privacy Statement
Copyright 2010, SecurityFocus