configuring firewall and securing apache
Results 1 to 5 of 5

Thread: configuring firewall and securing apache

  1. #1
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407

    configuring firewall and securing apache

    In light of recent events I have been trying to make my apache web server more secure, so I turned to google. I found a few really good articles on securing apache and configuring your firewall. Here they are:
    http://www.securityfocus.com/infocus/1531
    http://www.securityfocus.com/infocus/1694
    http://www.linux-firewall-tools.com/...3-4.html#ss4.1
    http://www.linuxjournal.com/article.php?sid=4410
    The first two are more focused on the security part and I believe are a good read for anyone thinking about setting up an apache web server, I didn't really understand the third one. The last one focuses on setting up apache with php and mysql, not too much about security though.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Nice links.

    Something I've found that saves me tons of time when configuring the firewall on my network is fwbuilder @ www.fwbuilder.org

    http://www.fwbuilder.org/archives/cat_screenshots.html

    Those are some screenshots. I've been told it closely resembles Firewall1 but I've never used it... so I don't know. That is one expensive firewall.

    It isn't too hard to figure out after about 10 min of tinkering.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    May 2002
    Posts
    450
    If you have MATCH_STRING enabled in the kernel for iptables, gShield found at (http://muse.linuxmafia.org/gshield/) is a good firewall script that allows you to add the strings you want to drop very easily by adding them to a conf file.

    example of /etc/firewall/conf/http_string_drop on my machine using gShield .....

    # drop strings here which you want to -DROP-
    # if found in the packet stream (such as IIS exploit
    # nonsense) - this file is specific for web services
    # and must have that feature enabled in gShield.conf
    cmd.exe

    Just add to this file to suit the occasion ...

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    117
    Thanks for the info I want to be able to secure my apache using iptables, but I want to automatically update the firewall rules based on the snort alerts. I am having a hard time with it..
    Luck--TSM
    Atlanta, GA


  5. #5
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    The first article seems to have what you want:
    Another great suggestion from Bill Stearns (author of Mason firewall building script) is to convert your Snort network IDS rules into iptables rules with string support. Snort IDS attack signature database contains about 1200 signatures and appears to be the biggest publicly available attack database suitable for instant deployment. The ability to use the ready-made signatures for iptables is of immense value. The page that describes his experimental software is at http://www.stearns.org/snort2iptables/. There, you can find the shell script to convert a standard Snort ruleset into iptables rules. Here are a couple of examples for well-known Linux attacks against mountd and bind network daemons:
    Check out the link within there, it has a shell script to convert the snort rules to iptable rules as mentioned in the quote above. Hope that does it for you.

    edit
    I have tried to make the rules with the strings and I don't have the libipt_string.so. If someone attached it would it work if I just copied it into the iptables lib directory?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •