Your Server

Home > Linux Server Information > Linux Server Knowledge Base > How hard is it to run a secure Linux server, with Apache, PHP, MySQL, and mail services?

How hard is it to run a secure Linux server, with Apache, PHP, MySQL, and mail services?

I will be getting my own dedicated server soon and while I have a functional knowledge of the concepts of Linux, I don't know everything. Will my server be reasonably secure if I am sure to keep everything updated and patched (assume there are no PHP scripts vulnerable to SQL injection etc.)

Public Comments

  1. If you want a Secure server here is what i would do. 1. Use Debian 2. Install Apache, PHP, MySQL etc for the official debian repositories. 3. Run apt-get update and apt-get upgrade regularly 4. Do not run ssh on the default port 5. Do not allow root login over ssh 6. Do not allow password login ssh use Certificate Authentication 7. Make sure anything in the web root (/var/www/) is owned by www-data or whatever user your web server runs under
  2. Like any other sever, you'll need to go through everything step by step. Check the configuration, check everything you can. Then double check there are no security updates. To do all this, you can spend a lot of time with Google or you can buy a book on Apache. I suggest the book route since it will tell you about configuring it securely and there is less chance of making mistakes if you are following a book. I'm assuming the book didn't make any mistakes. Also, a good book should fill in the blanks so you know more than you do now. Buy a book for anything else you need to configure since that is your best chance of configuring it securely. You could also hire someone to do the job, but I would still review all the configuration files to be sure it was done right. You'd still need the book. Also, unless you have direct access to the server, you'll be working remotely through hopefully a secure shell. There won't be a GUI so you'll need to find and edit the various configuration files from the equivalent of a console window in text mode. You'll need to know which files to edit and what needs to go into those files. In some cases you may need a book just to find the files. If you can, I suggest getting a copy of Linux that is the same or similar to the version running on the server. That way you can take your time to sort out some of the stuff on your own computer before dealing with the server directly. Shadow Wolf
  3. Check out the howto's at the following site. I use ISPConfig as an add-on, and it adds to the security of the sites. (/var/www is not used directly) http://www.howtoforge.org I used the "Perfect server" for Ubuntu server 8.04 setup, and all hackers so far have failed, but then, I also have a linux based firewall in front of it...
  4. Hello, You will need to incorporate some sort of firewall to help protect your server(s) from malicious attacks. The preferred method would be a hardware firewall. It would physically sit between your server(s) and the outside world. All traffic would pass through the firewall before ever getting to your server(s). You should start by blocking everything and then allowing traffic over the ports you need. For example you would want port 80, the default http port to be open to everyone if you are serving web pages. You would also be able to restrict access over certain ports to specific IP address(es). For example, you could limit access to port 22, the default SSH port to only those IP addresses needing SSH access. If a hardware firewall is not an option, alternatively, you could use the built in IP filtering service, iptables. More information on iptables can be found here: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables Good Luck! Ryan Bradley Junior Server Engineer HostMySite.com http://hostmysite.com/?utm_source=bb
Powered by Yahoo! Answers