|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Security of RedHat 8.0 and Apache 2.0.43
|
Another item to note is the use of the web daemon. For example, if you have
no need of mod_php or the like you can safely go with boa
(http://www.boa.org) for static content. It has cgi capability as well but
it is not necessary for boa to operate. I guess you could run PHP in cgi
mode as well as perl and python. Boa is small RAM wise and very quick on its
feet. Another small choice is thttpd though I have never really used it. Boa
does not handle .htaccess style authentication though. So... again, for
static content that you want publicly available on the net or intranet it
may be a good choice. I use it for a clip-art server whose pages and
thumbnails are built via a script running in a cron job.
011010110110000101101101
Kam Salisbury
MCSE, Linux+, CNA -- Believer in Open Source.
http://www.kamsalisbury.com
----- Original Message -----
From: "Fred K Ollinger" <follinge@sas.upenn.edu>
To: <plug@lists.phillylinux.org>
Sent: Wednesday, January 15, 2003 2:34 PM
Subject: Re: [PLUG] Security of RedHat 8.0 and Apache 2.0.43
> > I have seen a number of webservers that run RedHat 7.x and Apache 1.x
...
> > are the older versions used because of hardware, migration or security
> > issues? or something else?
> >
> > That is to say, are RedHat 8.0 and Apache 2.0.43 still considered
adequately
> > secure for a publicly available web server?
>
> All but the simplest website (static pages, only) will probably have
> custom configurations on apache which would therefore require apache to
> recompiled from source. While doing this, one could either get the latest
> stable version of apache 2 or revert back to apache 1.3.
>
> Apache 1.3 is still necessary, incidentally, in order to use some
> binary-only modules for apache. Modules that work on apache1.3 need to be
> recompiled for apache2.
>
> At any rate, if I am asked specifically to setup a RedHat server, I will
> do so after getting a list of services that they require (many places
> need ftp access, for example). I would install only the packages they ask
> for during the initial install. Usually w/ any distro there are going to
> be services that I feel are unnecessary, so I would shut them off.
>
> In a nutshell, there are three basic things that makes something insecure:
>
> 1. unnecessary services
> 2. older services (really old versions of sendmail, for example)
> 3. poorly configured services (like in apache, allowing users to browse
> the directory strucure)
>
> RedHat tends to run the latest stable versions of the packages that they
> install, which are usually the most secure versions as well. So a properly
> configured RedHat server is going to be secure.
>
> Fred Ollinger
> _________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
> General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|