On 4/26/06, Thomas Albl wrote:
Hi all,
I have one Question (maybe it spreads in many :) )about hardening a Web-Server:
I have compiled apache & mysql on a sles8. But too bad the mysql port is open to the world.
I have another server on which i can prevent logging into on all ports (without going over inetd/xinetd) by editing a file called hosts.allow, respective hosts.deny
I want this feature on the second server too. As I recall now, I may haven't looked in the file host.deny for any entrys. I'll give it a try tomorrow, but anyway - is the hosts.deny / hosts.allow with IP-Adresses a common way to harden the Server a little bit?
If not - how can I reach the effect, that services are only available from a very tiny list of IP-Adresses?
(Without a Firewall?)
-- Ciao Omm
The prefered way is to enable the firewall, and to prevent access on that port from outside. You can also edit the mysql config file, look for the "bind" option. Bind it to localhost, and it will make mysql to listen on for local requests. -- -- Svetoslav Milenov (Sunny) Windows is a 32-bit extension to a 16-bit graphical shell for an 8-bit operating system originally coded for a 4-bit microprocessor by a 2-bit company that can't stand 1 bit of competition.