[aklug] Re: Locking down a web server

From: Damien Hull <damien@linuxninjas.tv>
Date: Tue Oct 26 2010 - 11:31:51 AKDT

Haha... My sites not on Google. Well, they don't host it.
Apache is tuned.

   1. 10 servers to start
   2. 5 min
   3. 11 max spares
   4. 16 max servers can run at any time
   5. 4000 max connections per client

This may sound a bit on the low end for an Apache config. I don't get a lot
of visitors. Net yet anyway. At the moment the server has 512MB of RAM.
Gotta make sure it fits in 512. I can always resize to something larger if I
need to. That's extra $. Don't want to spend extra $ if I don't have to.

On Tue, Oct 26, 2010 at 11:22 AM, Shane R. Spencer <shane@bogomip.com>wrote:

> New connection limiting in the web server or via iptables would be good.
>
> Also.. don't put your site on Google. :)
>
> On 10/26/2010 11:16 AM, Damien Hull wrote:
> > I've spent the past few days making sure I get the right info from my
> server
> > and locking it down. Sending this to the list to see if anyone can poke
> > holes in my thinking or add anything I've left out.
> >
> > 1. Ubuntu 10.04 server - Web server with Apache
> > 2. Logwatch for daily email on log files
> > 3. Logcheck for an hourly analysis of important log info
> > 4. tripwire to make sure nothings been changed
> > 5. portsentry to keep out the bad guys
> > 6. keys for ssh login. No more password logins
> >
> > The next step is to configure iptables / netfilter to close unused ports.
> If
> > anyone can think of anything I've left out let me know. I don't want to
> be
> > the IT guy that let hackers break into my web server.
> >
> >
> > ---------
> > To unsubscribe, send email to <aklug-request@aklug.org>
> > with 'unsubscribe' in the message body.
> >
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Oct 26 11:32:02 2010

This archive was generated by hypermail 2.1.8 : Tue Oct 26 2010 - 11:32:02 AKDT