COMMERCIAL OR OPEN SOURCE TOOLS/SOFTWARE TO PROTECT AN APACHE WEBSERVER
Are there any commercial or open source products that can be used to protect a apache webserver running on linux against hacking
The config file and updates is all you need to protect apache ./Ok3ch On Tue, Nov 2, 2010 at 2:14 PM, saich <saiched@gmail.com> wrote:
Are there any commercial or open source products that can be used to protect a apache webserver running on linux against hacking _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On Tue, Nov 2, 2010 at 2:14 PM, saich <saiched@gmail.com> wrote:
Are there any commercial or open source products that can be used to
protect a apache webserver running on linux against hacking
Apache config file (it's so well documented with comments) is all you need. Just ensure you do not allow anonymous/arbitrary uploads into the server. As Ok3ch said, always ensure you run the updated versions, which address security and performance bugs. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
Thanks for the replies. I am more inclined toward a solution for joomla sites hosted in the said server. Something like JTS that can perform pre and post-installation site health check and security audit. Cheers On Tue, Nov 2, 2010 at 2:49 PM, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Tue, Nov 2, 2010 at 2:14 PM, saich <saiched@gmail.com> wrote:
Are there any commercial or open source products that can be used to
protect a apache webserver running on linux against hacking
Apache config file (it's so well documented with comments) is all you need. Just ensure you do not allow anonymous/arbitrary uploads into the server. As Ok3ch said, always ensure you run the updated versions, which address security and performance bugs.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On 2 November 2010 15:21, saich <saiched@gmail.com> wrote:
Thanks for the replies. I am more inclined toward a solution for joomla sites hosted in the said server. Something like JTS that can perform pre and post-installation site health check and security audit.
Cheers
Joomla sites? you also need to keep up with the latest updates and patches for Joomla. It is also good to note that securing Apache configurations is not enough, it goes beyond that. you also need to make sure you script configurations (PHP etc) dont give too much information to potential hackers. Here is a URL that you can use as a start. http://bit.ly/bgA29R Regards, Njuki
On Tue, Nov 2, 2010 at 3:21 PM, saich <saiched@gmail.com> wrote:
Thanks for the replies. I am more inclined toward a solution for joomla sites hosted in the said server. Something like JTS that can perform pre and post-installation site health check and security audit.
@Saich, it is an interesting topic this one, securing a *AMP server.
You have at least three different software applications, each of which requires slightly different mechanisms to secure: Apache:- Nikto might come in handy, see this tutorial<http://www.howtoforge.org/apache_security_testing_with_nikto>, w3af <http://w3af.sourceforge.net/> might also be useful MySQL:- OWASP <http://www.owasp.org/index.php/Testing_for_MySQL> have an interesting article with specific "tests" you can run against MySQL PHP:- A lot of vulnerabilities exist here, and a lot of tools exist to help you out here. OS:- Depending on your platform, Nessus, Nmap, Nikto etc etc might help. IMHO, there is little sense in securing the Joomla instalation while the OS is wide open.
chrooting apache might be of help further reading here<http://tinyurl.com/2buww8z>
Apache:- Nikto might come in handy, see this tutorial<http://www.howtoforge.org/apache_security_testing_with_nikto>, w3af <http://w3af.sourceforge.net/> might also be useful MySQL:- OWASP <http://www.owasp.org/index.php/Testing_for_MySQL> have an interesting article with specific "tests" you can run against MySQL PHP:- A lot of vulnerabilities exist here, and a lot of tools exist to help you out here. OS:- Depending on your platform, Nessus, Nmap, Nikto etc etc might help.
Peter, Thank you for reminding me of w3af, had completely forgotten about it. For MySQL I usually use the MySQLTuner<http://mediakey.dk/%7Ecc/optimize-mysql-performance-with-mysqltuner/>script. -- ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙ 'spɹɐƃǝɹ ıʞnɾu pıʌɐp
participants (6)
-
David Njuki -
Nd'wex Common -
Odhiambo Washington -
Okechukwu -
Peter Karunyu -
saich