Apart from doing a lot of tweaks on the config side, you might want to consider using a security scanner like Nessus. http://www.nessus.org/ . Of course the scanner is no good if you do not keep the plugins updated. Also try a google search. The very first hit I got (securing apache) is http://www.securityfocus.com/infocus/1694 . A bit outdated but im sure much of it still applies.
On 6/8/05, Lorenzo Thurman <[EMAIL PROTECTED]> wrote: > Can someone provide me with pointers on how I can be sure my Apache > installation is as secure as possible? I've been running Linux for several > years now and an Apache web server for the last few. I follow guidelines on > how to set it up and secure it, but I'd really be interested in ways that I > can audit my installation for potential failings. Is there some application > I can run that will tell me how well its setup? > Thanks > > > > > > > > > "There are 10 types of people in this world: those who understand binary, > those who don't" > > --Unknown > -- "Knowledge is the only wealth that grows as you spend it, and diminishes as you save it." -- ancient Sanskrit saying -- [email protected] mailing list
