Hi Keith I'm in a similar position as Bill.. Can you point me in the direction of good books or ones you have read on the security side for security of these programs? Luck is my game ;-) Linux is my aim :) tia Dre :-) -----Original Message----- From: Keith Winston [mailto:kwinston@twmi.rr.com] Sent: 06 July 2002 11:47 To: suse-linux-e@suse.com Subject: Re: [SLE] Taking the plunge On Fri, Jul 05, 2002 at 08:14:20PM -0700, Bill Parker wrote:
After too many problems with Wintendo and IIS/WWW issues (defacements,
etc), the firm I work for has decided on a linux/apache solution. I will be running SuSE 8.0 with apache (plus security update), and have loaded php, perl, and python, along with jakarta-tomcat.
What things should I look for in tuning apache for maximum performance, and good security practices (i've never had apache as the
primary webserver before).
Welcome to Linux. Here are some basic tips. The first thing you need to do is turn off ALL services on your server you don't absolutely need. For example, if you don't need the "at" service, disable it using the runlevel editor in YaST2. That includes Apache modules you don't need. Only run what you need. Don't use telnet to access the server remotely, use OpenSSH (SuSE default configuration is this way). Install and configure tripwire. This is a program that takes a cryptographic "fingerprint" of all your key binaries, configuration files, and libraries and stores it in a database. Then, you can run it daily to detect any unexpected changes to your configuration. It is inlcuded on the SuSE CDs. I put my tripwire database along with a staticly linked copy of the program on a CD to prevent any tampering with the database. For performance, take a look at the HTTPD_PERFORMANCE variable in /etc/sysconfig/apache. The default setting is slim, but you may want to change it to mid or thick. This changes the default and max number of child processes that apache uses. Set HTTPD_SEC_PUBLIC_HTML=no. Check your log files regularly. Check for security updates on your server with YaST2 frequently and sign up for the suse-security mailing list. Each of these topics (security and performance) can take up several books, but the above should get you started. Best Regards, Keith -- LPIC-2, MCSE, N+ Right behind you, I see the millions Got spam? Get spastic http://spastic.sourceforge.net -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com