Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Security question
- Thread starter Patbeau
- Start date
Hi,
Lots of article out there, what you have to do google it. few pointer:
1) make sure you aware of any patch release by vendor.
2) subscribe to vendor mailing list/linux security mailing list etc
3) since you run apache, make sure you config properly.
4) for wuftp, I suggest you run in chroot mode as only allow user to stay at their user home directory.
regards,
feroz
Lots of article out there, what you have to do google it. few pointer:
1) make sure you aware of any patch release by vendor.
2) subscribe to vendor mailing list/linux security mailing list etc
3) since you run apache, make sure you config properly.
4) for wuftp, I suggest you run in chroot mode as only allow user to stay at their user home directory.
regards,
feroz
- Thread starter
- #4
Hi,
Thank you. Im new to linux. I use a dmz so it will be good for the firewall I beleive.
What do you mean by chroot? I used chmod to give rights on the folders and the users can only access to one path and they cant see parent folders. Is that enought good or I should do something else with chroot?
About Apache, I didnt do any configuration. I have to use CGI and Server side include. What are the security matters I should look for?
Thanks a lot!
Thank you. Im new to linux. I use a dmz so it will be good for the firewall I beleive.
What do you mean by chroot? I used chmod to give rights on the folders and the users can only access to one path and they cant see parent folders. Is that enought good or I should do something else with chroot?
About Apache, I didnt do any configuration. I have to use CGI and Server side include. What are the security matters I should look for?
Thanks a lot!
Always a good idea not to stay logged in as root, but instead create a user account with limited powers and stay logged into that as much as possible. Makes it harder for someone to tamper with your server.
Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
chroot - change root - hides part of the filesystem from a process and /or login. The root of the filesystem is defined as a particular directory on the machine rather than '/' proper.
So if you chroot a user to their home directory - say '/home/jdoe', then for them '/' is their root directory and there is no way to get back 'up' into other parts of the machines file system
So if you chroot a user to their home directory - say '/home/jdoe', then for them '/' is their root directory and there is no way to get back 'up' into other parts of the machines file system
Here's an excellent Linux security guide by IBM. It's aimed for service providers, but its a good reference for anyone...
ChrisP
ChrisP
- Thread starter
- #8
newbie here!- Status