Donovan
11-11-2000, 12:59 AM
Hi, I heard that hosts.deny, allow will not protect apache.
How should I "secure" apache ?
Thanks,
Donov
How should I "secure" apache ?
Thanks,
Donov
Click to See Complete Forum and Search --> : Securing apache ?
chochem
11-11-2000, 02:57 AM
Hey Donovan, I'm actually doing the same thing with RedHat 6.2 using Apache 1.3.14.
When I get done with it, which should hopefully be within a couple days (Tuesday or Monday . . probably the latter), I'll post in this forum. Sorry that I can't help now, but I'm hacking on the box just to make sure it is secure, because I don't want to give you bs information. My sysadmin gets back on Monday, and he'll give me the final word on whether I did it right.
When I get done with it, which should hopefully be within a couple days (Tuesday or Monday . . probably the latter), I'll post in this forum. Sorry that I can't help now, but I'm hacking on the box just to make sure it is secure, because I don't want to give you bs information. My sysadmin gets back on Monday, and he'll give me the final word on whether I did it right.
Harvey
11-11-2000, 03:22 AM
from what I know, which isn't much, as long as you aren't running any unsafe CGI scripts, and as long as you make sure apache is not running as root, and instead as user nobody or some other user with equally weak privilidges, you should be okay
------------------
Help me I'm Harvey!
------------------
Help me I'm Harvey!
Donovan
11-11-2000, 09:48 AM
Hey thanks for your answers http://www.linuxnewbie.org/ubb/smile.gif
I'm waiting for your message chochem http://www.linuxnewbie.org/ubb/smile.gif
Donov
I'm waiting for your message chochem http://www.linuxnewbie.org/ubb/smile.gif
Donov
tko fx
11-11-2000, 02:42 PM
for some reason apachectl initially runs as root on my system, but the spawns are nobody.nobody (it's standalone) is that alright? or is there some way I can make sure apache starts on loadup with user nobody.nobody initially? (i'm using slack 7.1)
klamath
11-11-2000, 03:27 PM
Apachectl (i.e. really the first 'httpd', the parent Apache process) needs to run as root because Apache usually binds to port 80 (in UNIX, that's a "priviledged" port - only processes running as root can bind to it). Subsequent spawned children don't need to be running as root.
How exactly do you need to secure Apache? What security risks are you worried about?
------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the BBB (http://bbb.sourceforge.net)
[This message has been edited by klamath (edited 11 November 2000).]
How exactly do you need to secure Apache? What security risks are you worried about?
------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the BBB (http://bbb.sourceforge.net)
[This message has been edited by klamath (edited 11 November 2000).]
Donovan
11-11-2000, 03:43 PM
Well to tell you the truth, I have no idea about security risks related to apache, I just heard about need of securing apache, and I just want to know what could be the risks.
Thanks,
Donov
Thanks,
Donov
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.