November 15th, 2003, 02:39 AM
configuring firewall and securing apache
In light of recent events I have been trying to make my apache web server more secure, so I turned to google. I found a few really good articles on securing apache and configuring your firewall. Here they are:
The first two are more focused on the security part and I believe are a good read for anyone thinking about setting up an apache web server, I didn't really understand the third one. The last one focuses on setting up apache with php and mysql, not too much about security though.
November 15th, 2003, 03:39 AM
Something I've found that saves me tons of time when configuring the firewall on my network is fwbuilder @ www.fwbuilder.org
Those are some screenshots. I've been told it closely resembles Firewall1 but I've never used it... so I don't know. That is one expensive firewall.
It isn't too hard to figure out after about 10 min of tinkering.
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
November 15th, 2003, 04:25 AM
If you have MATCH_STRING enabled in the kernel for iptables, gShield found at (http://muse.linuxmafia.org/gshield/) is a good firewall script that allows you to add the strings you want to drop very easily by adding them to a conf file.
example of /etc/firewall/conf/http_string_drop on my machine using gShield .....
# drop strings here which you want to -DROP-
# if found in the packet stream (such as IIS exploit
# nonsense) - this file is specific for web services
# and must have that feature enabled in gShield.conf
Just add to this file to suit the occasion ...
November 15th, 2003, 05:56 AM
Thanks for the info I want to be able to secure my apache using iptables, but I want to automatically update the firewall rules based on the snort alerts. I am having a hard time with it..
November 15th, 2003, 06:02 AM
The first article seems to have what you want:
Check out the link within there, it has a shell script to convert the snort rules to iptable rules as mentioned in the quote above. Hope that does it for you.
Another great suggestion from Bill Stearns (author of Mason firewall building script) is to convert your Snort network IDS rules into iptables rules with string support. Snort IDS attack signature database contains about 1200 signatures and appears to be the biggest publicly available attack database suitable for instant deployment. The ability to use the ready-made signatures for iptables is of immense value. The page that describes his experimental software is at http://www.stearns.org/snort2iptables/.
There, you can find the shell script to convert a standard Snort ruleset into iptables rules. Here are a couple of examples for well-known Linux attacks against mountd and bind network daemons:
I have tried to make the rules with the strings and I don't have the libipt_string.so. If someone attached it would it work if I just copied it into the iptables lib directory?