Re: [Bastille-linux-discuss] Setting up a secure webserver.
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
From: Lee E. B. <le...@vi...> - 2001-09-06 00:47:37
|
Gaylord Boekhoudt wrote: >Hi, >I want to set up a secure webserver (Redhat7.1 + Apache + SSL). > >I was looking around trying to find the best way to make the server as secure >as posible. > >Any recommendations? >Is bastille the best solution? >What does bastille do exactly? 1) Do not run any services except apache and maybe SSH 2) Make sure everything is up to date 3) Run Bastille to harden the configuration for whats left. That's what Bastille does, it hardens the system by configuring the system to be more selective about who is allowed to do what. In the case of the secure Web server Bastille's work load should be light. After Bastille, you're attention must be drawn to the Apache SSL server itself. There's a lot to consider here (I teach a half-day course on the subject that could easily take a full day or more). Be especially careful of CGI, PHP, ColdFusion and the like. Apache itself has few if any vulnerabilities, but there are a slew of exploits for guestbook scripts, shopping cart programs, and other stuff you can install. So start with a minimal install, update everything, use Bastille to harden whats there, and be *very* careful about any active content on the web site. -- Lee E. Brotzman E-mail: le...@vi... -- Allied Technology Group Phone : 814-861-5028 |