Ubuntu Security :: Ways To Secure Server Setup With Apache?

Jun 19, 2010

I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?

View 9 Replies


ADVERTISEMENT

Security :: Ways To Secure Sendmail Or Secure Alternatives To Send Mail

Dec 1, 2010

I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.

Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.

View 1 Replies View Related

Security :: SSH Setup To Secure Server In Best Way

Feb 12, 2010

I'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.

View 8 Replies View Related

Security :: Granting Apache Sudo Rights Secure?

Sep 27, 2010

I have setup a VPS server, created two accounts to two domains respectively, and in one account I built a tool to manage other accounts. I have been rigorously researching and found information, however not implemented yet, about granting apache sudo rights through an interface on one account, so that it can execute scripts as root to manage installations in other accounts. what I mean this is my tool will use 'rsync' to duplicate installations from any account into any account.

My question for security, is it secure to grant apache sudo rights? I have not resolved successfully granting it permissions, and I would not want to waste my time investigating more on it if it can compromise the system in any way.

In your experience, is it feasible to build such a tool like I described? I have the tool working to copy within account and to addon domains and it works great, but I want it to manage all accounts on the server.

View 3 Replies View Related

General :: File Share Security The Setup Is Not Secure At All?

Jan 7, 2010

Been messing around with Ubuntu 9.1 for the last few weeks and am loving it so far. Been trying to get in the terminal and learn a little something, to no avail. LOL I have been googling and searching the site today for info on networking. My Linux box is a desktop, with my main HDD mounted with music, and movies and some other stuff. My intent is to network the two laptops in the house (Windows XP and Windows 7) to the Linux box so I can listen to my music and watch movies when not in the office. I have found some info, mostly involving Samba, and plan to install Samba tonight and fiddle with it. My issue was with security. I have read a few posts and they talk about the fact that if you share files in this manner, the set up is not secure at all. Is this something i should really be concerned about? If the folders I share only have my music and videos in them,

View 4 Replies View Related

Security :: Secure CGI File In Apache - Authentication By Entering The Predefined Username And Password

Sep 24, 2010

Im using opennms network configuration backup server called 'RANCID'.It run on top of RHEL5 system and using APache. Here's the link which i'm accessing [URL] But any one can access this URL and obtain my configuration files

I want to secure this using a logon page.allow login Only for the successful authentications by entering the predefined username and password But after get authenticate book marking the above URL still can access anyone since it didnt prompt username and password again In eachtime executing the above url it should direct to authenticate page

View 5 Replies View Related

Security :: Ways To Monitorize And Control/stop Flooding On My Server

Sep 1, 2010

I want to know what are the ways to monitorize and control/stop flooding on my server, because I am heavily flooded. At this moment I am doing all this manually (when I see that my bandwidth is lowering or some applications are freezing), my main working tool being iptables.But I want something automated .

Another problem : if I am flooded with packets having real ip addresses , with a simple iptables command I cand resolve the problem easily. But, the problem is, in most of the cases, I am flooded with packets with spoofed ip adresses (e.g. 1.2.3.4 ), so the only thing I can do in this situation is to block all incoming packets (which ruins everything).Do you have a solution to this ? The flood monitorizing (and controlling) tool may be with/without interface, only to be effective.

View 1 Replies View Related

Server :: Secure The Directory In Apache?

Sep 24, 2010

I created a website in my apache server. I just need to secure that when everyone try to access any folder on my root directory, it will show "Forbidden".

View 3 Replies View Related

Ubuntu Servers :: Setup A Secure And Reliable Server?

Dec 27, 2010

how to setup a secure and reliable server, i have three ubuntu 10.10 servers a Dell PowerEdge 850,1850 and 2850 which has a Dell PowerVault 220s attached to it.The Dell PE850 Server Consists of:

Intel Pentium D 3.0GHz
4 GB RAM
Eventually 2x250GB Sata Hard Drives

The Dell PE850 Server Consists of:

2xIntel Xeon Processors 3.4GHz
4 GB RAM
2x76GB SCSI Hard Drives RAID 1

The Dell PE850 Server Consists of:

2xIntel Dual Core Processors 2.8GHz
4 GB RAM
6x76GB SCSI Hard Drives RAID 5 (pretty sure)
Dell PowerVault 220s

I would like to setup a reliable webserver, mail server, DNS and Dynamic DNS, DHCP, SQL, FTP, Samba (with Roaming Profiles), PXE Boot Server.I know how to setup most of the server modules, i would just like to know the best way to do it tho. I also want to no how to setup the secuity of the system correctly, and setup and partition up my hard disks to allow for the best reliabilty, even when a server crashes.I would like to now how to set these servers up from start to finish in a sence.

View 1 Replies View Related

Ubuntu Servers :: Secure File Server Setup

Dec 29, 2010

I am going to set up a file server on Ubuntu. I have searched a while, but can't seem to find a guide to what I want. The requirements specifications are the following:File server: possible to upload, change and download files.Linux (Ubuntu) clients, Windows clients if possible.Access restriction to deny access to other than registered users.Only the user should be able to read the content of the files.Ideally root should not be able to see the individual files, but in worst case it is ok for root to see the files.Root should not be able to open the files.Point 1-3 is easy to find out how to set up. But I can't seem to find a way to deny root to view the files. The only solution I can think of is to encrypt files or a whole folder, but I don't know how to set it up.

The setup is for a home network, but the server used as a file server will have a web server as well. If someone manages to get access to the server I don't want them to be able to read the files.

View 5 Replies View Related

Ubuntu Security :: Better Way To Secure My Server?

Jan 26, 2010

I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.

The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.

My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?

View 9 Replies View Related

Ubuntu Security :: Need To Secure My Server

Feb 19, 2011

Ok im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?

View 9 Replies View Related

Ubuntu Security :: What Is A Best Way To Secure A Server?

Jul 27, 2011

what is the best option to securing server via firewall and iptables?

View 9 Replies View Related

Security :: Define An Appliance Based On Suse For An Application Server And Web Server Apache - Best Network And Security?

Feb 6, 2010

We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?

View 3 Replies View Related

Ubuntu Security :: Secure My Server From The Internet

Feb 3, 2010

I am running UFW, which is set to deny everything but SSH on port 22, OpenVPN on port 1194 and HTTPS on port 443. SSH is set to only allow private key logins, and the root account is disabled. I have AppArmor running for all of my daemons (OpenVPN, Apache2, OpenSSH) and I have Fail2Ban running.

Is there anything else I can do to secure my server from the Internet (it is directly connected, there is no NAT between the Internet and my server).

View 4 Replies View Related

Ubuntu Security :: 11.04 Server - Allow UFW Outgoing Secure?

Jul 20, 2011

I have a minecraft server running on a P4 box running Ubuntu server 11.04 64bit. Now would it be secure, if I allowed ufw to allow outgoing? Or would this be a huge flaw someone could exploit?

View 6 Replies View Related

Security :: Secure Samba Server With Kerberos?

Jul 17, 2010

Is it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.

View 1 Replies View Related

Security :: Make Server More Secure And Get Rid Of Paranoid Feelings?

Feb 9, 2010

I have installed my linux server on the Internet witout a router/firewall between. To secure it I used iptables and it works fine. The problem is that I'am not feeling secure enough with only iptables. Is there anything else that I can install to make my server more secure and get rid of my paranoid feelings?

View 8 Replies View Related

Server :: Secure FTP For Around 500 Users Which Includes Security Level On Both

Aug 7, 2010

As per our requirement, I need to implement a Secure FTP server for around 500 users which includes security level on both - Transfer and Rest data. Apart from this I also need the following features -

1. Size quota on Users & reminder mails for the same
2. Password expiry notifications and user interface to change their password within specified time interval
3. Aging of data - After specified time, data will be moved to some other location from their home directory
4. All type of log maintenace for each file and user and log exporting
5. Uploading & Downloading speed consistency as per server level.
6. Read-write interface for user and read-only interface for their client for the same account.
7. Backup and Recovery options.

As of now, I am using VSFTPD which does not give these much of features in combine.

View 2 Replies View Related

Ubuntu Security :: Secure A Terminal Server, So That It Can't Be Hacked By Bruteforce/divtionary Tools?

Oct 8, 2010

How to secure a Terminal Server. so that it can't be hacked by bruteforce/divtionary tools ?

View 7 Replies View Related

Security :: Secure And Automated Backups - Add Public Key To Authorized_hosts File On Prod Server?

Mar 13, 2010

I'm trying to find a secure way to backup files on my Prod Server to Backup Server. It must be automated, so I will need to run a command with cron which will login to Prod Server from Backup Server and backup data. 1. Do you think it would be secure enough to do this by creating an passwordless RSA private key on Backup Server and adding it's public key to authorized_hosts file on Prod Server? I can't think of a way to Automate this without having to enter any passwords without passwordless RSA key. Is there another. more secure way? 2. Should I create a special user for backup, which will only have read access to all files in the directory that I am backing up? If so, How can I run a check that this new backup user indeed has read access to ALL files in the folder that I intent to back up? How can I ensure the backup process will not skip files due to some permission problem? 3. I'm thinking of using rsnapshot tool, which uses rsync.

View 10 Replies View Related

Security :: Secure Solution To Transfer Data Using Rsync Over Internet Between 2 System Server?

Jan 2, 2010

I'm looking for a most possible, secure solution to transfer data using rsync over Internet between 2 linux server.
I have 3 option: SSH, IPSEC and Kerberos.
Which one in your opinion should be most secure solution?

View 3 Replies View Related

Ubuntu Servers :: SSL Setup - Connection Error Unable To Make A Secure Connection To The Server

Feb 10, 2011

I am running an Ubuntu Server on a VirtualBox VM running on my windows machine. So I've created a self-signed certificate using the following tutorial: [URL]

From this tutorial I'm left with 3 files:
server.key
server.csr
server.crt

Then I found this very similar tutorial that has an extra bit on installing the certificates in apache: [URL] So I followed it's instructions which boil down to this:

[Code]...

So I'm thinking this should work now. However in Chrome I get: SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. IE8 gives me a typical "Internet Explorer cannot display the webpage" Note that [URL] fails while [URL] works fine, so it's definitely something in my ssl setup I'm thinking.

View 5 Replies View Related

Server :: Ubuntu 9.10 Setup - Open AVI Links In Apache

Mar 12, 2010

I have my Ubuntu 9.10 server setup with apache2 and it will load web pages. The cgi-bin perl programs do run in the web server. What I would like to know is how to have it access video files and download then from a link. The video files are at /media/usb-drive/Movies/movies

I think my Alias is setup.
ScriptAlias /movies/ /media/usb-drive/movies/
<Directory "/media/usb-drive/movies/">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

When I make a web page with a link to a file
<a href="/media/usb-drive/movies/Movies/test.avi">Video</a>
I get the error
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log.
Apache/2.2.12 (Ubuntu) Server at usha.homelinux.com Port 80

If I make a link to a file I do not have it get this error
<a href="/media/usb-drive/movies/Movies/nofil.avi">Video</a>
Not Found
The requested URL /movies/Movies/W1.avi was not found on this server. I do not know what the misconfiguration is.

View 3 Replies View Related

Server :: Apache Virtual Host Setup

Oct 29, 2009

I have 4 domains registered through godaddy. I have a dell poweredge box with one static IP hosted somewhere. I want the 4 domain to resolve to four different sites. I have already created 4 different sites in apache with four different aliases and has enabled it.

eg
alias /a /var/www/a
alias /b /var/www/b
alias /c /var/www/c

I want to acomplish.

www.a.com ==> xx.xx.xx.xx/a
www.b.com ==> xx.xx.xx.xx/b
www.c.com ==> xx.xx.xx.xx/c

I tried with godaddys forward with masking option. It works but I can't hide xx.xx.xx.xx/a in the links. Whats the best approach? One limitation is I cannot use the webhosts name servers. How do I set this up with name based virtual hosting? Do I setup a DNS server in the box?

I do have a dns host name for my box which is publicy accessible. Some my.ca.examplehost.net

View 3 Replies View Related

Server :: Setup A Apache Htaccess Redirect?

Jul 7, 2010

Stay I have a url to view files, e.g.

[URL]

How do I setup a apache htaccess redirect so I can use a static url like:

[URL]

View 3 Replies View Related

Server :: How To Finalize Apache Tomcat Setup

Nov 16, 2010

I have FC13 with apache up and running. I need to run tomcat to do some dynamic web with eclipse, I checked my setup and noticed that I already have tomcat5 in add/remove software as installed bu can not find any etc/tomcat and not able to find how to test. I went through the FC13 documentaion, nothing is mentioned abou apache tomcat setup finalizing and testing that ships with FC13 it works. I googled and found some docs around setup tomcat6 or tomcat 5 but not how finalize the one shipped with FC13.

View 2 Replies View Related

Server :: Setup Permissions For SSH Access To Apache?

Feb 23, 2010

I am looking for the best way to set up permissions in the following situation. I have a web server set up on debian. I have different web sites in /var/www. Each web has a group of developers who each have system users and ssh access to the server. For example i have a web site in /var/www/example.com and a group of developers in group exampledev. I need all the users in exampledev plus the apache user (www-data) to have read write and execute permissions on all the content of the web site. I can give the group exampledev these permissions without a problem. The problem is that when they modify or create new files (they either connect via ssh o sftp which is the same right?) they are created with their user and group rather than exampledev. Am i going down the wrong path? This must be a common situation but i haven't found the solution.

View 5 Replies View Related

General :: LAMP Server Setup - MySQL - PHP - Apache - FTP

Mar 16, 2010

Good tutorial, using images for a lamp server that has, MySQL,PHP, Apache, FTP with all the fruit for running a server that will host a Gallery, forum and main site

I know there's heaps around for Ubuntu 9.10, but its not quiet what I'm looking for as in Gd, ImageMagick and some extras for Apache mods

View 1 Replies View Related

Networking :: Apache Server Setup Working Locally But Not From Outside Connections?

Feb 20, 2009

'm running on Ubuntu and I've succesfully setup apache alongside with a working php & mysql configuration - other computers connected to the LAN can access it by typing in my ip: 192.168.0.9however I would like my webserver to be accessible by all internet users...I've got my ports.conf file in the apache setup to listen on ports 80 and 8080 this is my ports.conf:PHP Code:

Listen 80
Listen 8080
Listen 2000

[code].....

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved