Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Securing a linux webserver for public access

Tags:

I'd like to set up a cheap Linux box as a web server to host a variety of web technologies (PHP & Java EE come to mind, but I'd like to experiment with Ruby or Python in the future as well).

I'm fairly versed in setting up Tomcat to run on Linux for serving up Java EE applications, but I'd like to be able to open this server up, even just so I can create some tools I can use while I am working in the office. All the experience I've had with configuring Java EE sites has all been for intranet applications where we were told not to focus on securing the pages for external users.

What is your advice on setting up a personal Linux web server in a secure enough way to open it up for external traffic?

like image 836
karlgrz Avatar asked Aug 07 '08 18:08

karlgrz


People also ask

How do I protect my public facing server?

Enabling SSL SSL gives you an encrypted connection between your server and your user while verifying your server's identity. This prevents attackers from impersonating your server and requesting information, or intercepting any data transmitted between the user and server.


1 Answers

This article has some of the best ways to lock things down:

http://www.petefreitag.com/item/505.cfm

Some highlights:

  • Make sure no one can browse the directories
  • Make sure only root has write privileges to everything, and only root has read privileges to certain config files
  • Run mod_security

The article also takes some pointers from this book:

Apache Securiy (O'Reilly Press)

As far as distros, I've run Debain and Ubuntu, but it just depends on how much you want to do. I ran Debian with no X and just ssh'd into it whenever i needed anything. That is a simple way to keep overhead down. Or Ubuntu has some nice GUI things that make it easy to control Apache/MySQL/PHP.

like image 142
helloandre Avatar answered Oct 12 '22 12:10

helloandre