Welcome to the Linux Foundation Forum!

Security tips for running your own web server?

I've been experimenting with running my own web server using CentOS. Here is what I have I have running on it:

mysql server

apache with php enabled

SMF forums software

Besides using strong passwords, installing the latest patches, and having only the ports open that I need, is there anything else that I should be doing security wise?

Comments

  • mfillpot
    mfillpot Posts: 2,177
    You should also:
    * set mysql to disallow admin login from remote systems
    * verify that only modules are options that you need are enabled in your httpd.conf configuration file.
    * remove all cgi-bin scripts that you do not need
    * disable all non-necessary services on the server
    * set your firewall to block DOS attacks

    * if you are using ssh to get into the server, disable using passwords and use only keys for authentication
  • ben
    ben Posts: 134
    Also limit max processes and threads per user so a fake process or bomb cannot freeze your system.
    I don't mean from Apache, but from the kernel itself.
  • Thanks for the advice.

    Andrea Benini, how would I go about doing that?
  • mfillpot
    mfillpot Posts: 2,177
    win2tank wrote:
    Thanks for the advice.

    Andrea Benini, how would I go about doing that?

    Andrea wrote a good article on that at http://www.linux.com/community/blogs/security-tip-avoid-fork-bombing-on-popular-distro-check-your-system.html

Categories

Upcoming Training