On Wednesday 08 June 2005 15:57, Lorenzo Thurman wrote: > Can someone provide me with pointers on how I can be sure my Apache > installation is as secure as possible? I've been running Linux for > several years now and an Apache web server for the last few. I follow > guidelines on how to set it up and secure it, but I'd really be > interested in ways that I can audit my installation for potential > failings. Is there some application I can run that will tell me how > well its setup?
obvious bit: do not run apache as root. not so obvious bit: chrooting your apache[+mysql] installation and using some role-based access controls (like selinux's or grsecurity's) would be a great deal of help to contain potential damage done by break-ins. regards, pedro venda. -- Pedro Jo�o Lopes Venda email: pjvenda < at > arrakis.dhis.org http://arrakis.dhis.org
pgpQcg3mcrF3o.pgp
Description: PGP signature
