Linuxinsight

Syndicate content
LinuxInsight - aggregated feeds
Updated: 1 hour 26 min ago

LXer: Thinking like a hacker reduces security breaches

Wed, 02/04/2014 - 9:30pm
Automated testing has its place in detecting IT security weaknesses but it cannot replace manual testing. “Amazingly, even a decade’s old vulnerability like SQL injection still surprises most clients,” adds Jensen. “I think most of the surprises come from the exploitation of seemingly innocuous functionality that results in a devastating vulnerability.”

Linuxaria: 8 Simple To Follow Tips To Secure Your Apache Web Server

Wed, 02/04/2014 - 9:25pm

Article by: Kerry Blake

Apache is the most widely used Web server on the Internet. It was developed to work in Unix environment, but was ported to other server operating system like Windows. The Apache web server serves millions of websites and web-applications. A wide range of authentication schemes and a lot of language interfaces support and security features makes it the favorite Web server of millions of users all over the globe.

The stardom and popularity also makes websites that are backed by Apache favorite target among hackers. Websites that are backed by Apache often fall prey for hack attacks not because of security risks and holes in Apache, but mainly because of poorly written code and other security issues associated with Database. Apache and Linux combination provides good security, but things might go wrong if you don’t take the measures. There are several things one need to do to secure Apache. We have compiled a list of simple things you should perform to make you Web server secure.


First thing: Update

Security holes and potential risks are found and fixed in every Apache release. The developer community is constantly working on new security issues and we can’t stress enough how important it is to update.
A good update policy and security policy works hand-in-hand. You should not only update Apache when there is a major release, but also should also install all the patches. It is also wise to update PHP (if you use it) as well when you update Apache.
You can check the current version of Apache by using the following command.

# http -v Server version: Apache/2.*.** (Unix) Server built: Mar 12 2014 13:20:23

If it shows that the version of Apache you are running in not up to date, do update.

Apache version and OS

If an error occurs, the server might return information about the error along with the Apache version and details about the OS. A simple 404 page can give crucial information about the Web server and OS. In some cases, it might even return details about Apache modules that are also installed in the server.
To turn this off, open the config. File (httpd.conf) with a text editor and find the string “ServerSignature On.” It should be On by default. Turn it off simply by replacing “On” by “Off.”
Now the HTTP site header and error pages will only show that it runs Apache and will not show the version.

Disable Directory Listing.

If there is no index file in the root directory, Apache will, by default list all the files in the root directory. There are several ways to prevent Apache from listing the files in the root folder. Again you need to add a couple of lines to the config file. There are 2 ways to doing this. Either set the Option Directive to “-Indexes” or “None.” If you don’t have a clue what we are talking about just add the following lines to the config file.

<directory /var/www/html> Options -Indexes Order allow,deny Allow from all </directory>

Or use the following code.

<directory></directory> Options None Order allow,deny Allow from all

In some distributions these directive are already set, but it’s better to check, after all better safe than sorry.

Secure the config file

If you are a newbie and if you have been following the steps above, you should have conceived the fact that, the httpd.conf file is quite important in keeping your server secure. So it is better to hide your file. You can always unhide it when you want.
Use the following command to immunize the config file.

chattr +i /httpd/conf/httpd.conf

From chattr man page:

“A file with the `i’ attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.”

Prevent DoS attack by limiting request size

Most Denial of service attacks could be prevented by not allowing large requests. By default the LimitRequestBody is set unlimited. Depending on your website’s requirement the size could be altered. You could also limit requests to more vulnerable directories like upload folders.

Disable unwanted Modules

By disabling several modules that are not of any use to you, you can reduce the security vulnerability of your server. To find out the list of all the modules in your Web server, you can use the following command.

# grep LoadModule /etc/httpd/conf/httpd.conf

Analise all the modules in the output list and figure out the ones that are unnecessary. You don’t even have to delete the lines. Just add “#” at the beginning and it will become deactivated after you restart the service.

Do not run Apache as root

Apache should not run as root. It is always good to run Apache as a separate user. It will run as daemon or nobody by default. Set up a non-privileged account dedicated for Apache. Never set Apache User or Group to root.

# vi httpd.conf Group apache User apache Choose the right hosting provider

This doesn’t have anything to do with fiddling with your Web server. Some of the most popular web hosting services are from the America or Europe. Popular doesn’t mean, highly secure. You don’t necessarily have to buy your web hosting from these hosting providers. If you don’t live in the U.S., you can find a lot of reliable, affordable, and secure hosting providers in your own country. Do you live in Australia? Look for an Australian website hosting provider like EZI Hosting and choose the most popular hosting providers whose IP addresses are not often attacked by hackers.

Apache Website: http://httpd.apache.org/

Related posts:

  1. Using Apache as File server with DAV and Ldap
  2. How to Really Secure Your Linux VPS SSH Service

TuxMachines: Fedora 21 Will Have Java 8, Other Additions

Wed, 02/04/2014 - 9:03pm

Besides approving Mesa 10.1 for Fedora 20, the Fedora Engineering and Steering Committee approved today several features/changes to be found in Fedora 21.

Fedora 21 won't be released until at least October of this year and its landing heavy with features. Each Wednesday after the FESCo meetings we find another batch of newly-approved features and today is no different.

Read more ►

read more

LinuxToday: Huge Chromebook sales growth. Will 2019 be the year of the Linux desktop?

Wed, 02/04/2014 - 9:00pm

ComputerWorld: The Chromebook platform goes from strength to strength. Market researchers say they're selling faster than ever, predicting 11 million sales (in... err... 2019).

Phoronix: Fedora 21 Will Have Java 8, Other Additions

Wed, 02/04/2014 - 8:48pm
Besides approving Mesa 10.1 for Fedora 20, the Fedora Engineering and Steering Committee approved today several features/changes to be found in Fedora 21...

LXer: Organizations with innovative IT departments value collaboration

Wed, 02/04/2014 - 8:36pm
In the open source community, we know the value of collaboration. It’s at the core of everything we do. Some of us are lucky to work for organizations that understand and embrace the power of collaboration. Yet, the silo mentality runs rampant in many organizations where collaboration and internal crowdsourcing is not valued. (Opensource.com readers who are pursuing open source projects on the side, but spend their days working at companies with silos are likely very familiar with this).

TuxMachines: Synaptic Package Manager 0.81.1 Is Out

Wed, 02/04/2014 - 8:08pm

Synaptic is a graphical package management program for apt. It provides the same features as the apt-get command-line utility with a GUI front-end based on GTK+. Most importantly, users can install, remove, upgrade and downgrade single and multiple packages.

Read more ►

read more

LXer: Medit 1.2.0 - GNOME Alternative to Gedit

Wed, 02/04/2014 - 7:39pm
Medit is a somewhat simple text editor with all the usual features you would expect from it: it has support for tabs, syntax highlighting, indentation and more.

TuxMachines: Systemd Is Working Towards Its Own Super Fast DHCP Server, Client

Wed, 02/04/2014 - 7:36pm

Systemd has been working on network support for this leading open-source init system. As part of this, systemd developers have now achieved support for obtaining a network connection in less than one millisecond... With that said, systemd developers are working towards having DHCP client and server capabilities built into the init system for having a super-fast booting OS and quicker network connections when resuming the system.

Read more ►

read more

Phoronix: Mesa 10.1 Will Be Added To Fedora 20

Wed, 02/04/2014 - 7:30pm
Good news for users of the open-source Linux graphics driver users... Mesa 10.1 will be added to Fedora 20 stable...

Reddit: How to set a specific program to use 32 bit Java in 64 bit environment.

Wed, 02/04/2014 - 7:20pm

Hey all!

I am currently using RHEL 6.4 64 bit. In order to connect to our vpn we need to use a 32 bit browser and 32 bit java. I would love to keep my 64 bit firefox and have it run 64 bit java. But it would be awesome if I could have a separate version of firefox that is 32 bit and only runs 32 bit java.

Any ideas?

submitted by postmodernpilot
[link] [comment]

Reddit: Problem with wireless - Kali Linux

Wed, 02/04/2014 - 7:20pm

I've installed Kali Linux 1.0.5 x64 on an HP 6715b, downloaded this morning. I know enough Linux to get around, but I'm still a noob.

I've been fighting for a good bit of time trying to get my wireless to work, and finally have things down to a reproducible fix, but I want the fix to stick.

After a reboot, my wireless adapter no longer shows up in ifconfig. I run this command: lspci | tail -2 and it's not listed. Then I run rfkill list 1, and there's my wifi adapter (it's a Broadcom BCM4321), and Soft Blocked is set to yes. Then, rfkill unblock wifi Then, /etc/init.d/networking restart And now it will connect to wireless and is present in ifconfig.

The main question is how do I make it so the wireless adapter loads successfully on boot.

The bonus question is, with the commands I'm running, what am I actually doing, specifically what is rfkill and why is it "blocking" my adapter?

submitted by cryolyte
[link] [4 comments]

TuxMachines: Red Hat's Jason Hibbets: How Open Source Software is Changing City Government

Wed, 02/04/2014 - 7:14pm

Linux and open source software have demonstrated that collaborative development is a successful model for rapid innovation in the tech sector. Now that model is being applied in other industries from health care, to city government, to education.

Read more ►

read more

LXer: OpenTTD, An Open-Source Simulation Game 1.4 Major Release

Wed, 02/04/2014 - 6:42pm
OpenTTD is an open-source simulation game based upon the popular Microprose game "Transport Tycoon Deluxe", written by Chris Sawyer. It attempts to mimic the original game as closely as possible while extending it with new features.

TuxMachines: April Fools' Linux-Related News That Was Crazy, but True

Wed, 02/04/2014 - 6:29pm

The first day of April, also known under the name of April Fools, is a time when fake and crazy news stories are published as being true, only to be revealed as false by the end of the day; but there is one problem. It's possible that some items are crazy, but true, and people might have a hard time believing them.

Read more ►

read more

Reddit: Installing linux on windows 8

Wed, 02/04/2014 - 6:13pm

I've read that it can't be done... :( is this true? I'd like to install Ubuntu on a laptop running Windows 8. The other thing is, I still have to buy that laptop, so if anyone can help me. Which Windows 8 laptops are accepting of Ubuntu, if any

submitted by SUsudo
[link] [2 comments]

Linux.com: Red Hat's Jason Hibbets: How Open Source Software is Changing City Government

Wed, 02/04/2014 - 6:10pm

Linux and open source software have demonstrated that collaborative development is a successful model for rapid innovation in the tech sector. Now that model is being applied in other industries from health care, to city government, to education.