Greetings Everyone, I have been working to try to come up with a security design for a remote webserver I administer. Now I will admit I am still rather new at this whole adventure into network security I figured I'd ask the subscribers of this list for any suggestions or feedback on what I'm trying to do. First a little system Specs
Redhat 7.2 Server Running Apache (As Apache) Pure-Ftpd FTP Daemon Running in virtual Directory Mode. Currently this is my goal. No users Except System Admins will have Shell Access. I've currently gone into the /etc/passwd file and changed all non shell holders to /bin/false or /dev/null. What I want to do is setup a "Secure" webserver environment so that if compromised a user cannot break system integrity. Pureftp I've configured to automatically connect to the users home directory and chroot everything so that they cant back out of thier home directory. Currently I am trying to setup a structure of /www/html/(User Domains) Can anyone suggest any combinations of Chmod's or File/Group owernerships that might effectivly make this situation work efficiently? Some of the people on the server run the scripts such as Postnuke.. *I've banned PHPnuke from my server.. too many exploits recently* I know that the php scripts will occasinally require the webserver to update its own files and or make changes to certain files. I'm namely concious on this matter cause one of my users websites were compromised earlier this month, a shell script was uploaded to his home directory and was able to get command line access and Manipulate and change a few of the other sites on the system.. I'm trying to prevent this from happening again.. Any Help is Greatly Appreciative Shannon
