March 12th, 2006, 11:29 AM
But it is a potential risk. How would I be attacked other than from the internet in this case? (Physical access to the box is not possible, and neither is an attack from within the network).
It is...
March 11th, 2006, 02:08 PM
What the system will do - host a website using Apache.
Environment - either directly connected to the internet, or possibly behind a router with a DMZ to port 80 to it.
Risks - exposed to the...
March 10th, 2006, 07:33 PM
mmkhan - I'm not sure how useful it would be in this case. Nobody should have physical access to the box, all users should have long and complex passwords, and if I follow what has been mentioned by...
March 9th, 2006, 09:00 PM
Lol - no quoting this time ;)
Apache needs root - damn it. Ok, so that's one app which needs root..
I'm no professional with iptables, so maybe I better stick with something like SUSEFirewall2....
March 9th, 2006, 08:10 PM
d0ppy - Thanks. It will be Apache, and I'll stress the point about keeping it up to date, as well as validating any user input that could be used maliciously (especially when PHP and SQL databases...
March 9th, 2006, 07:03 PM
Sorry, I forgot to specify - a webserver. So you're right, an AV would be quite pointless - the server would not be used for anything other than serving, and it is not acting as a gateway to Windows...
March 9th, 2006, 06:48 PM
I would like to write an article soon on securing a Linux server. Here are the points I've come up with so far (with thanks to nebulus for his kind advice on a few):
- Tripwire
- Bastille Linux...