Michael Lazin on 31 Jan 2011 13:13:47 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] apache security


I've never used mod_chroot but I wrote this presentation that I did for plug west:

http://lazinweb.com/logforensics/

It's a brief intro into log forensics.  It may help you.  What CMS's are you running?  I am familiar with most CMS/shopping cart exploits.  I do security on LAMP servers at a large web hosting company. 

Thanks,

Michael

On Mon, Jan 31, 2011 at 3:36 PM, Mike Sheinberg <m.sheiny@gmail.com> wrote:
Was hoping I could also squeeze some apache security advice out of some you this fine evening :) Last question today... Promise! *Fingers crossed*

I am tasked with rebuilding a LAMP web-server that previously had security issues. The problem is there is a lot of php code and frankly it's a bit daunting to pour over it all and try to sanitize it 100% before putting the server live again. I don't think it's all bad code but some of the forms are definitely suspect as I sift through it. So my thoughts were to try and throw the system back up slowly after reviewing the most obvious flaws and fixing them (there are multiple web sites on the same box) .... try to use some type of containment, and lock down the crap out of apache. I don't know if I have the time to go through each and every PHP script but I am trying to only throw up the bare essentials needed, very slowly so I can watch and monitor the situation. I know I'll get a lot of flack from some off the list for not combing the code 100% - but I just want to make the assumption that even if I scrape all the code that something insecure will make it through. 

I've been looking into security modules for Apache (stuff like mod_chroot and mod_security) but there seem to be some drawbacks for each one (either compatibility, complexity, or some loophole).  Has anyone had any experience with mod_chroot specifically - was it a worthwhile install? 

FYI - I don't have physical access to this server and it is public facing (hence all my earlier ip tables questions). I run integrity checkers daily on the file-system so I can see whenever files are modified anywhere - and I also plan on taking good backups and using plenty of logging. So with all that mind, is there any good apache security tips that someone can recommend or that have really helped you guys out? I plan to run about 10 sites on this box, utilizing mostly php and python scripts. I have also been pouring over php.ini security tips as well and I realize now that someone previously set register_globals to 'on' which I've read is a huge no-no.




___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug




--
Michael Lazin

to gar auto estin noein te kai ennai

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug