The goal is to create a backup that will provide a server which has been replicated to act as a replacement if the original server goes down. This example is assuming exact same hardware and two servers on the same network.
Saturday, October 17, 2009
Nikto: Scan Apache for Security Holes
Nikto is a tool that can be used to assess your web server security. The purpose of nikto is to test specific security aspects that are typically security risks. It is a Perl program designed to locate mis-configurations, files and programs that are insecure and to located outdated applications. Warning : This tool may have legal consequences if you use it on sites which you do not have permission…use with discretion and at your own risk.
Getting Started With ModSecurity
Using ModSecurity is not easy. The complexity of your site, your use of PHP, MySQL and other scripting languages will make it more difficult to configure correctly. Basically, the more complex your site, the more time you will need to work out issues with rules. This tutorial will provide you with several important tips to get started with ModSecurity.
Securing PHP
Security Considerations for PHP
PHP is the most popular scripting language used on the Internet and is a necessary component to many of the blogs and content management systems today. One of the important steps in securing your website is to disable those insecure options that are possible on PHP. These parameters can be found in your /etc/php.ini file. Now before you go crazy with modifying all of your settings do two things: make a copy of your /etc/php.ini and read the configuration requirements for any PHP programs you are using. Of course it makes sense to backup the php.ini as you may make adjustments that break things and you need to return to previous settings. Unfortunately, many PHP programs use insecure settings, so if you need to use those programs you certainly cannot secure them…be prepared for the consequences. These settings are a place to start. Once you make the changes be sure to restart Apache and verify closely that all will work correctly. You will be able to locate each of these settings in the /etc/php.ini.
PHP is the most popular scripting language used on the Internet and is a necessary component to many of the blogs and content management systems today. One of the important steps in securing your website is to disable those insecure options that are possible on PHP. These parameters can be found in your /etc/php.ini file. Now before you go crazy with modifying all of your settings do two things: make a copy of your /etc/php.ini and read the configuration requirements for any PHP programs you are using. Of course it makes sense to backup the php.ini as you may make adjustments that break things and you need to return to previous settings. Unfortunately, many PHP programs use insecure settings, so if you need to use those programs you certainly cannot secure them…be prepared for the consequences. These settings are a place to start. Once you make the changes be sure to restart Apache and verify closely that all will work correctly. You will be able to locate each of these settings in the /etc/php.ini.
Detect Cross-Site Scripting Attacks with a bash Shell Script
Cross-site scripting, often abbreviated as “XSS”, is used by malicious hackers to steal information. When an attacker finds a web site that’s vulnerable to this type of attack, he can craft a customized URL that contains the attack code, and then try to trick people into using it. This will cause information that a user enters into the web browser to be sent to the attacker.
Secure FTP with SSL on CentOS
FTP communication is not secure, all communication is plain text and can be easily captured. Despite this serious weakness, few do anything to secure it. There are simple ways to correct this with VSFTPD.
SSL/TLS With FTP
FTPS is also known as FTPS Secure or FTP-SSL. What FTPS does is add the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) to the normal FTP on the same port 21. It is easy to confude FTPS on port 21 with SFTP which is actually SSH on port 22.
Add these settings to your /etc/vsftpd.conf file and you will have an anonymous ftp server that will allow anyone to download files from /var/ftp but they cannot upload. It will also protect all of your users as they must ftp into their home accounts using ssl.
SSL/TLS With FTP
FTPS is also known as FTPS Secure or FTP-SSL. What FTPS does is add the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) to the normal FTP on the same port 21. It is easy to confude FTPS on port 21 with SFTP which is actually SSH on port 22.
Add these settings to your /etc/vsftpd.conf file and you will have an anonymous ftp server that will allow anyone to download files from /var/ftp but they cannot upload. It will also protect all of your users as they must ftp into their home accounts using ssl.
Create a Recycle Bin for Samba
“Whoops…I deleted the wrong file. Can you get that back for me?” Is that a question you are often asked as an administrator? Well if you run Samba servers that save files for Windows machines that may be a common problem. Save your self a lot of work by providing a Recycle Bin for your users.
Here is an example of modifying the home directories of your users.
Here is an example of modifying the home directories of your users.
Quota Configuration
Once you have quotas set up on the server, whether they are user or group quotas, you will need to test them to verify they are working correctly. Set the quota for a user and then add file space as that user to verify that quotas are changing in the process.
One command that I always liked ot use is repquota. For example if your quotas are on the /home directory run this command:
One command that I always liked ot use is repquota. For example if your quotas are on the /home directory run this command:
Subscribe to:
Posts (Atom)