Beruflich Dokumente
Kultur Dokumente
Ads by Google Apache Unix Linux Training Linux Tutorial Animal Hospital Apache
If you are a sysadmin, you should secure your Apache web server by following the 10 tips mentioned in this article.
http://www.thegeekstuff.com/2011/03/apache-hardening/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+The...
Disable all of the above modules as shown below when you do ./congure
./configure \ --enable-ssl \ --enable-so \ --disable-userdir \ --disable-autoindex \ --disable-status \ --disable-env \ --disable-setenvif \ --disable-cgi \ --disable-actions \ --disable-negotiation \ --disable-alias \ --disable-include \ --disable-filter \ --disable-version \ --disable-asis
If you enable ssl, and disable mod_setenv, youll get the following error. Error: Syntax error on line 223 of /usr/local/apache2/conf/extra/httpd-ssl.conf: Invalid command BrowserMatch, perhaps misspelled or dened by a module not included in the server conguration Solution: If you use ssl, dont disable setenvif. Or, comment out the BrowserMatch in your httpd-ssl.conf, if you disable mod_setenvif. After the installation, when you do httpd -l, youll see all installed modules.
# /usr/local/apache2/bin/httpd -l Compiled in modules: core.c mod_authn_file.c mod_authn_default.c mod_authz_host.c mod_authz_groupfile.c mod_authz_user.c mod_authz_default.c mod_auth_basic.c mod_log_config.c mod_ssl.c prefork.c http_core.c mod_mime.c mod_dir.c mod_so.c
In this example, we have the following apache modules installed. core.c Apache core module mod_auth* For various authentication modules mod_log_cong.c Log client request. provides additional log exibilities. mod_ssl.c For SSL prefork.c For MPM (Multi-Processing Module) module httpd_core.c Apache core module mod_mime.c For setting document MIME types mod_dir.c For trailing slash redirect on directory paths. if you specify url/test/, it goes to url/test /index.html mod_so.c For loading modules during start or restart
http://www.thegeekstuff.com/2011/03/apache-hardening/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+The...
After this, if you restart apache, and do ps -ef, youll see that the apache is running as apache (Except the 1st httpd process, which will always run as root).
# ps -ef | grep -i http | awk '{print $1}' root apache apache apache apache apache
In the above: Options None Set this to None, which will not enable any optional extra features. Order deny,allow This is the order in which the Deny and Allow directivites should be processed. This processes the deny rst and allow next. Deny from all This denies request from everybody to the root directory. There is no Allow directive for the root directory. So, nobody can access it.
Add appropriate members to this group. In this example, both ramesh and john are part of apacheadmin
# vi /etc/group apacheadmin:x:1121:ramesh,john
http://www.thegeekstuff.com/2011/03/apache-hardening/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+The...
For example, if they go to http://{your-ip}/images/ and if you dont have an index.html under images, theyll see all the image les (and the sub-directories) listed in the browser (just like a ls -1 output). From here, they can click on the individual image le to view it, or click on a sub-directory to see its content. To disable directory browsing, you can either set the value of Options directive to None or -Indexes. A in front of the option name will remove it from the current list of options enforced for that directory. Indexes will display a list of available les and sub-directories inside a directory in the browser (only when no index.html is present inside that folder). So, Indexes should not be allowed.
<Directory /> Options None Order allow,deny Allow from all </Directory> (or) <Directory /> Options -Indexes Order allow,deny Allow from all </Directory>
The + and in front of an option value is helpful when you have nested direcotires, and would like to overwrite an option from the parent Directory directive.
http://www.thegeekstuff.com/2011/03/apache-hardening/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+The...
In this example, for /site directory, it has both Includes and Indexes:
<Directory /site> Options Includes Indexes AllowOverride None Order allow,deny Allow from all </Directory>
For /site/en directory, if you need Only Indexes from /site (And not the Includes), and if you want to FollowSymLinks only to this directory, do the following.
<Directory /site/en> Options -Includes +FollowSymLink AllowOverride None Order allow,deny Allow from all </Directory>
/site will have Includes and Indexes /site/en will have Indexes and FollowSymLink
To allow a specic ip-address to access your site, give the ip-address in the Allow directive.
<Directory /site> Options None AllowOverride None Order deny,allow Deny from all Allow from 10.10.1.21 </Directory>
To avoid this, set the ServerTokens to Prod in httpd.conf. This will display Server: Apache without any version information.
http://www.thegeekstuff.com/2011/03/apache-hardening/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+The...
Following are possible ServerTokens values: ServerTokens Prod displays Server: Apache ServerTokens Major displays Server: Apache/2 ServerTokens Minor displays Server: Apache/2.2 ServerTokens Min displays Server: Apache/2.2.17 ServerTokens OS displays Server: Apache/2.2.17 (Unix) ServerTokens Full displays Server: Apache/2.2.17 (Unix) PHP/5.3.5 (If you dont specify any ServerTokens value, this is the default) Apart from all the above 10 tips, make sure to secure your UNIX / Linux operating system. There is no point in securing your apache, if your OS is not secure. Also, always keep your apache version upto date. The latest version of the apache contains xes for all the known security issues. Make sure to review your apache log les frequently.
http://www.thegeekstuff.com/2011/03/apache-hardening/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+The...
Tags: Apache Hardening, Apache Security Leave a Comment Name E-mail Website
Previous post: Linux IPTables: Incoming and Outgoing Rule Examples (SSH and HTTP) Sign up for our free email newsletter you@address.com RSS Twitter Facebook
Search Sign Up
http://www.thegeekstuff.com/2011/03/apache-hardening/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+The...
EBOOKS
POPULAR POSTS
12 Amazing and Essential Linux Books To Enrich Your Brain and Library 50 UNIX / Linux Sysadmin Tutorials 50 Most Frequently Used UNIX / Linux Commands (With Examples) How To Be Productive and Get Things Done Using GTD 30 Things To Do When you are Bored and have a Computer Linux Directory Structure (File System Structure) Explained with Examples Linux Crontab: 15 Awesome Cron Job Examples Get a Grip on the Grep! 15 Practical Grep Command Examples Unix LS Command: 15 Practical Examples 15 Examples To Master Linux Command Line History
http://www.thegeekstuff.com/2011/03/apache-hardening/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+The...
Top 10 Open Source Bug Tracking System Vi and Vim Macro Tutorial: How To Record and Play Mommy, I found it! -- 15 Practical Linux Find Command Examples 15 Awesome Gmail Tips and Tricks 15 Awesome Google Search Tips and Tricks RAID 0, RAID 1, RAID 5, RAID 10 Explained with Diagrams Can You Top This? 15 Practical Linux Top Command Examples Top 5 Best System Monitoring Tools Top 5 Best Linux OS Distributions How To Monitor Remote Linux Host using Nagios 3.0 Awk Introduction Tutorial 7 Awk Print Examples How to Backup Linux? 15 rsync Command Examples The Ultimate Wget Download Guide With 15 Awesome Examples Top 5 Best Linux Text Editors Packet Analyzer: 15 TCPDUMP Command Examples The Ultimate Bash Array Tutorial with 15 Examples 3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id Unix Sed Tutorial: Advanced Sed Substitution Examples UNIX / Linux: 10 Netstat Command Examples The Ultimate Guide for Creating Strong Passwords 6 Steps to Secure Your Home Wireless Network Turbocharge PuTTY with 12 Powerful Add-Ons
http://www.thegeekstuff.com/2011/03/apache-hardening/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+The...
My name is Ramesh Natarajan. I will be posting instruction guides, how-to, troubleshooting tips and tricks on Linux, database, hardware, security and web. My focus is to write articles that will either teach you or help you resolve a problem. Read more about Ramesh Natarajan and the blog.
Support Us
Support this blog by purchasing one of my ebooks. Nagios Core 3 eBook: Monitor Everything, Be Proactive, and Sleep Well. Vim 101 Hacks eBook: Practical Examples for Becoming Fast and Productive in the Vim Editor.
Contact Us
Email Me : Use this Contact Form to get in touch me with your comments, questions or suggestions about this site. You can also simply drop me a line to say hello!. Follow us on Twitter Become a fan on Facebook Copyright 20082011 Ramesh Natarajan. All rights reserved | Terms of Service | Advertise
http://www.thegeekstuff.com/2011/03/apache-hardening/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+The...