Recommendations for securing a webserver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello, 

We're migrating a webserver from RedHat 7.x to CentOS 4.2. In the process, 
we'd like to improve security. 

We're currently planning on making sure SELinux is enabled, mounting the /tmp 
partition noexec, and running PHP in safe mode, hide_errors on, 
register_globals off by default. 

vsftpd is set to chroot logins. 

I've seen Apache run inside a chroot jail, but that was always very 
hassle-prone, and ironically, when security updates came out, they weren't 
applied within the chroot jail, (eg, installed via yum) making it more likely 
to get compromised! Is there an easier/better way to do this? Can you 
mix/match chroot'ed websites with those that aren't, without running a wholy 
separate webserver daemon? 

What other actions would the knowledgeable crowd here suggest? 

-Ben 
-- 
"The best way to predict the future is to invent it."
- XEROX PARC slogan, circa 1978

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux