Joe-Ma Help with Unix, Apple, Web, Mikrotik and Cisco

There are many things to take into account when it comes to trying to secure anything not only PHP or Apache or Postfix or anything else 1. You and your users still need to be able to use it 2. The server can be as secure as possible but a few lines of bad code can really screw up your morning. There are a few things to keep in mind when configuring the php.ini file Firstly its probably not a bad idea to chroot your apache server, there are a few very good examples on how to do this on the web Just do a search in google or something in your php.ini file add the following safe_mode = On safe_mode_gid = Off expose_php = Off register_globals = Off display_errors = Off log_errors = On error_log = "filename" safe_mode = On By switching on the safe_mode, you have just made your server probably twice as secure as it was before. Safe mode will ensure that only the owner of the file or script is able to read or execute that file or script Here is an example -rw-rw-r-- 1 joeuser j...

Securing Apache 1.3 Overview There are many things to keep in mind when trying to secure anything, one of the most important is to make user that the system is usable and secure there is usually a bit of a trade off between security and usability. You could secure Apache by not allowing users to use any sort of scripts or only plain HTML pages but that’s not usually practical. In this article I am going to go over the basic things to keep in mind on how to secure Apache but I will not go into running it in a jailed root mode. There is however a great article on this over at SecurityFocus . Installation Firstly you will need to install Apache if you are using FreeBSD then simply go to your ports directory and run a make install clean /usr/ports/www/apache13 Or any of the other apache 1.3 ports that you might want to install Like apache13-modssl or apache13-ssl/ In the case of the SSL apache versions you would install as follows # make # make certificate ( this is so you can create a s...

Installing and configuring Mod Security ModSecurity is an open source application that acts as a web application firewall or an Intrusion Detection and Prevention system. It can but run as an Apache Module or as standalone. ModSecurity is able to increase web based application security from attacks. Installing ModSecurity This is simple just run a make install clean in FreeBSD's mod_sec port directory, if you are not running FreeBSD and need the source you can get it from the ModSecurity Site. Preparing the ModSecurity config file for use with Apache I have split my httpd.conf file up so I have a separate conf directory in /usr/local/etc/apache you can put your modsecurity.conf directly in that directory but for this example I am going to use /usr/local/etc/apache/conf # mkdir modsec-rules # vi modsecurity,conf AddHandler application/x-httpd-php .php SecAuditEngine RelevantOnly SecAuditLog /var/log/modsec/audit_log SecFilterScanPOST On SecFilterEngine On SecFilterDefaultAction ...