WEB Setting up your own web server.. securing it, etc..

Discussion in 'OT Technology' started by Insert Tokens, Jan 8, 2010.

  1. Insert Tokens

    Insert Tokens Making Cancer My Bitch OT Supporter

    Joined:
    Jan 12, 2006
    Messages:
    8,313
    Likes Received:
    70
    Location:
    Tasmania
    Just did my Red Hat certification for work, and it got me thinking about building up my own webserver just to learn that aspect of things..

    Was hoping some of you pro's could help me on the path to figuring it all out?

    I'm obviously fine at installing/configuring linux at a basic level.. apache, php, etc.. but only to an "out of the box" point..

    After installing linux itself, apache, mysql, php, and getting that to a "hello world" state.. what do you do next?

    What do you do to secure it properly?

    What extras do you add as far as packages that help out in day-to-day webserver activities?



    I'm strictly talking about a small one-box personal webserver for fucking around.. not datacenter level with dedicated firewalls and stuff.. call it a 'dev server' if you wish.. whatever..
     
  2. nindia

    nindia OT Supporter

    Joined:
    Dec 25, 2003
    Messages:
    37,000
    Likes Received:
    126
    Location:
    earf
    i basically have the same setup...red hat linux running plesk.

    plesk is kind of shit...but its pretty good at the same time i guess. i'm sure there are better alternatives but i didn't really research into it that much when i set it up.

    i rent a quarter rack at peer1 here in vancouver. it's a little overkill for what you're probably looking for but maybe look into something like that if you want to physically manage your own shit. otherwise maybe get a dedicated server or colocation or whatever.
     
  3. dazmanultra

    dazmanultra New Member

    Joined:
    Jun 17, 2002
    Messages:
    34,795
    Likes Received:
    0
    Location:
    English Countryside
    Without a hardened kernel, something as simple as running an outdated Wordpress could lead to your entire server being hacked. All it takes is someone to have an insecure PHP script which allows someone to execute shell commands, they can use a very simple exploit to give themselves root. We use grsecurity on everything linux we deploy - but that's just the start of kernel hardening. Be aware of things like mmap_min_addr.

    Something you might want to consider is disabling certain insecure PHP functions, and in your Apache vhosts, set the .htaccess override to 'none'. If you're running a single website, set the website's files to be owned by the same user as the web server.

    Something else to consider is that once up and running, to dissuade the script kiddies you can remove the compilers (GCC et al). Another good thing is to hide your web server version/type and to replace any default pages with non-descript ones so it is difficult for them to determine what type of attack to use against you.
     
    Last edited: Jan 8, 2010
  4. Insert Tokens

    Insert Tokens Making Cancer My Bitch OT Supporter

    Joined:
    Jan 12, 2006
    Messages:
    8,313
    Likes Received:
    70
    Location:
    Tasmania
    Yeah i've already got a couple of servers in a datacenter, managed ones, i'm just trying to learn this stuff for myself, so starting from the basics and building my own at home.. I won't actually host anything of any importance on it :)
     
  5. Insert Tokens

    Insert Tokens Making Cancer My Bitch OT Supporter

    Joined:
    Jan 12, 2006
    Messages:
    8,313
    Likes Received:
    70
    Location:
    Tasmania
    Cheers.. will look into that stuff..
     

Share This Page