Welcome to the new Linux Foundation Forum!
Security tips for running your own web server?
I've been experimenting with running my own web server using CentOS. Here is what I have I have running on it:
mysql server
apache with php enabled
SMF forums software
Besides using strong passwords, installing the latest patches, and having only the ports open that I need, is there anything else that I should be doing security wise?
0
Comments
* set mysql to disallow admin login from remote systems
* verify that only modules are options that you need are enabled in your httpd.conf configuration file.
* remove all cgi-bin scripts that you do not need
* disable all non-necessary services on the server
* set your firewall to block DOS attacks
* if you are using ssh to get into the server, disable using passwords and use only keys for authentication
I don't mean from Apache, but from the kernel itself.
Andrea Benini, how would I go about doing that?
Andrea wrote a good article on that at http://www.linux.com/community/blogs/security-tip-avoid-fork-bombing-on-popular-distro-check-your-system.html