SSL/TLS strong encryption. Available Languages: en | fr | ja As an introduction this chapter is aimed at readers who are familiar with the Web, HTTP, and Apache, but are not security experts.
It is not intended to be a definitive guide to the SSL protocol, nor does it discuss specific techniques for managing certificates in an organization, or the important legal issues of patents and import and export restrictions. Rather, it is intended to provide a common background to mod_ssl users by pulling together various concepts, definitions, and examples as a starting point for further exploration.
Cryptographic Techniques Understanding SSL requires an understanding of cryptographic algorithms, message digest functions (aka. one-way or hash functions), and digital signatures. Cryptographic Algorithms. Secure web server with SuPHP. SuPHP 0.7.1 on CentOS 5.2 x64Written By Adam Adamou The suPHP Apache module together with suPHP itself provides an easy way to run PHP scripts with different users on the same server.
It provides security, because the PHP scripts are not run with the rights of the webserver's user. In addition to that you probably won't have to use PHP's "safe mode", which applies many restrictions on the scripts. For example, if you have a Joomla installation it is not necessary to enable the unsecure ftp layer or give 777 permissions in directories to install components/modules. This suPHP RPM package is using paranoid mode so you can use suphp per-virtualhost and assign per-user permissions. Note: suPHP should only be used if you are using no CGI scripts or if all CGI scripts are run using suExec. wget. Backups for the Linux operating system. This question asked again and again by a new Linux sys admins: How do I perform backups for my Linux operating system?
So I am putting up all necessary information you ever need to know about backup. The main aim is to provide you necessary software, links and commands to get started as soon as possible. Grsecurity. How to install CSF firewall on CentOs. The ConfigServer Security & Firewall is a popular open source Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application, compatible with most Linux servers.CSF can be fully configured to block/restrict ports you don't want open.
CSF includes the Login Failure Daemon (LFD), which will scan log files and monitor failed login attempts, such as login attempts for FTP and E-Mail accounts, and it will block the IP according to the rules you have setup. CSF also offers Connection Limiting, Real Time Block Lists and Port Scan tracking and much more.CSF can be easily managed from within its GUI, which is fully compatible with DirectAdmin, CPanel, and WebMin/Virtualmin.In order to avoid any conflicts in operation it is important to remove your current firewall. If you are using a different software firewall be sure to follow that programs uninstall directions before continuing. Web Host Manager 11.24.4 - ConfigServer Security & Firewall - csf v4.54.
Secure and harden CentOS Linux server from vulnerabilities & threats, attacks. CSF is fine but if some one is going to get in through an exploit in the kernel, CSF will not prevent that.
To harden your system: 1. Compile and install a high security module-less grsec kernel. See grsec here: Apache2-SSL-PHP5 + Zend optimizer and IonCube loader. Apache2-SSL-PHP5-Howto (+ Zend Optimizer And IonCube Loader) Version 1.0 Author: Falko Timme <ft [at] falkotimme [dot] com> Last edited 04/11/2005 This document describes how to install an Apache web server (2.0.x) with SSL and PHP5 (with Zend Optimizer and ionCube Loader) enabled.
This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web. This document comes without warranty of any kind! 1 Get The Sources. Apache HTTP Secure server configuration. This section provides basic information on the Apache HTTP Server with the mod_ssl security module enabled to use the OpenSSL library and toolkit.
The combination of these three components are referred to in this section as the secure Web server or just as the secure server. The mod_ssl module is a security module for the Apache HTTP Server. The mod_ssl module uses the tools provided by the OpenSSL Project to add a very important feature to the Apache HTTP Server — the ability to encrypt communications.
In contrast, regular HTTP communications between a browser and a Web server are sent in plain text, which could be intercepted and read by someone along the route between the browser and the server. Apache HTTP secure server configuration. This section provides basic information on the Apache HTTP Server with the mod_ssl security module enabled to use the OpenSSL library and toolkit.
The combination of these three components are referred to in this section as the secure Web server or just as the secure server. The mod_ssl module is a security module for the Apache HTTP Server. The mod_ssl module uses the tools provided by the OpenSSL Project to add a very important feature to the Apache HTTP Server — the ability to encrypt communications.
In contrast, regular HTTP communications between a browser and a Web server are sent in plain text, which could be intercepted and read by someone along the route between the browser and the server. Create your own web server with BIND and Apache On CentOS 5. This tutorial explains how you can run your own web server on CentOS 5 with the help of Apache and the BIND name server.
Installing necessary packages yum install bind bind-chroot bind-libs bind-utils caching-nameserver -y After installing the necessary packages you are ready to start configuring named.conf. You may check and see that there is no named.conf in your /etc/ directory in Centos 5. No worries here you can see a sample named.conf file. Adding Zone entries.
Secure your Apache with mod_security. Version 1.0 Author: Falko Timme This article shows how to install and configure mod_security. mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications.
It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. In the first chapter I will show how to install mod_security on Debian Sarge, Ubuntu 6.06 LTS (Dapper Drake), and on Fedora Core 5, and in the second chapter I will describe how to configure Apache for mod_security which is independent from the distribution you're using. I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. 1 Installation. MySQL Database replication with SSL encryption. SMF and phpBB Forum integration with Drupal. Backup recovery. Part 1 | Part 2 | Part 3 | Troubleshooting Introduction This is an updated version of my original LAMP (Linux Apache MySQL and Perl/PHP) guide that was based on CentOS 4.
Now updated and tweaked for CentOS 5, I will take you through the steps required to build a secure Linux web server (LAMP) on CentOS 5. I have a background working for an ISP, so I’ve based this build on the same configuration many hosting providers use. It supports virtual hosts (multiple websites), secure FTP access, locked down SSH access, and a sensible directory structure. Secure Linux servers. Install Firewall (APF or CSF Firewall with BFD) ModSecurity (Web application firewall) ModEvasive (Prevent DDOS attacks) Harden SSH server Fix Open DNS Recursion Install RKhunter Install ClamAV (Antivirus) XInet Servers Hardening (Disable Telnet/Finger or unwanted services) Securing PHP PortsEntry (tool to detect portscans) Harden host.conf (against IP spoofing) Check User Uploaded files Secure /tmp Folders (noexec, nosuid) This tutorial guide covers only basic linux server security tips intended for linux learners.
I am writing this guide assuming that you are running Centos 5 or later versions. The very first first step on securing a server is installing a firewall (atleast IP tables based) to close all unused or unwanted ports. Once the firewall is installed it is often considered 50% of work done. Securing the CentOS with Bastille. This article shows how to secure a CentOS server using psad, Bastille, and some other tweaks. psad is a tool that helps detect port scans and other suspicious traffic, and the Bastille hardening program locks down an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. Create an additional account for Systems Administration The "adduser" command will create an account. adduser service The "passwd" command will set the password for the "service" account. passwd service Creating a directory for downloads.
This will create a directory to download the RPMs and other files. mkdir /downloadscd /downloads. Building a secure web server with CentOS 5. Part 1 | Part 2 | Part 3 | Troubleshooting Introduction This is an updated version of my original LAMP (Linux Apache MySQL and Perl/PHP) guide that was based on CentOS 4. Now updated and tweaked for CentOS 5, I will take you through the steps required to build a secure Linux web server (LAMP) on CentOS 5. I have a background working for an ISP, so I’ve based this build on the same configuration many hosting providers use.
It supports virtual hosts (multiple websites), secure FTP access, locked down SSH access, and a sensible directory structure. If you follow this guide, you will get a web server up and running within a couple of hours depending on whether you follow it step by step, or prefer to experiment first. Good luck!
CentOS Wiki. Login HowTos HowTos This page contains some longer HowTos for achieving different tasks on CentOS systems. Content in the 'HowTos' hierarchy is written because its author believes it to work (one assumes) and to provide value as a reference. All content ages as time passes, of course, and if a given article seems wrong, it may be updated or it simply may be abandoned. The 'centos-docs' mailing list is a great place to point out possible errors or even better, offer improvements.
Contents. Secure and harden Centos Linux server from vulnerabilities & threats, attacks. Sponsored Links: Related Forum Messages: