What security to use on web server

Hal Burgiss hal at burgiss.net
Tue Dec 9 11:29:31 UTC 2008

On Tue, Dec 09, 2008 at 11:52:58AM +0100, Emil wrote:
> What security packages, configs, etc. do you install and use on your web
> servers? I've messed around a bit in bastille (have found it a bit hard

suhoshin for php, mod_security for Apache (though not part of Debian),
and iptables just because. Next, remove all desktop type applications,
including X, and any other application not necessary to what the
server does. Keep the filesystem non-writable by Apache (with narrow
exceptions where there MUST be an upload capability). Most web server
intrusions occur via the apache user (www-data I think on Ubuntu).


More information about the ubuntu-users mailing list