Article by: Kerry Blake
Apache is the most widely used Web server on the Internet. It was developed to work in Unix environment, but was ported to other server operating system like Windows. The Apache web server serves millions of websites and web-applications. A wide range of authentication schemes and a lot of language interfaces support and security features makes it the favorite Web server of millions of users all over the globe.
The stardom and popularity also makes websites that are backed by Apache favorite target among hackers. Websites that are backed by Apache often fall prey for hack attacks not because of security risks and holes in Apache, but mainly because of poorly written code and other security issues associated with Database. Apache and Linux combination provides good security, but things might go wrong if you don’t take the measures. There are several things one need to do to secure Apache. We have compiled a list of simple things you should perform to make you Web server secure.
Security holes and potential risks are found and fixed in every Apache release. The developer community is constantly working on new security issues and we can’t stress enough how important it is to update.
A good update policy and security policy works hand-in-hand. You should not only update Apache when there is a major release, but also should also install all the patches. It is also wise to update PHP (if you use it) as well when you update Apache.
You can check the current version of Apache by using the following command.
If it shows that the version of Apache you are running in not up to date, do update.Apache version and OS
If an error occurs, the server might return information about the error along with the Apache version and details about the OS. A simple 404 page can give crucial information about the Web server and OS. In some cases, it might even return details about Apache modules that are also installed in the server.
To turn this off, open the config. File (httpd.conf) with a text editor and find the string “ServerSignature On.” It should be On by default. Turn it off simply by replacing “On” by “Off.”
Now the HTTP site header and error pages will only show that it runs Apache and will not show the version.
If there is no index file in the root directory, Apache will, by default list all the files in the root directory. There are several ways to prevent Apache from listing the files in the root folder. Again you need to add a couple of lines to the config file. There are 2 ways to doing this. Either set the Option Directive to “-Indexes” or “None.” If you don’t have a clue what we are talking about just add the following lines to the config file.<directory /var/www/html> Options -Indexes Order allow,deny Allow from all </directory>
Or use the following code.<directory></directory> Options None Order allow,deny Allow from all
In some distributions these directive are already set, but it’s better to check, after all better safe than sorry.Secure the config file
If you are a newbie and if you have been following the steps above, you should have conceived the fact that, the httpd.conf file is quite important in keeping your server secure. So it is better to hide your file. You can always unhide it when you want.
Use the following command to immunize the config file.
From chattr man page:
“A file with the `i’ attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.”Prevent DoS attack by limiting request size
Most Denial of service attacks could be prevented by not allowing large requests. By default the LimitRequestBody is set unlimited. Depending on your website’s requirement the size could be altered. You could also limit requests to more vulnerable directories like upload folders.Disable unwanted Modules
By disabling several modules that are not of any use to you, you can reduce the security vulnerability of your server. To find out the list of all the modules in your Web server, you can use the following command.# grep LoadModule /etc/httpd/conf/httpd.conf
Analise all the modules in the output list and figure out the ones that are unnecessary. You don’t even have to delete the lines. Just add “#” at the beginning and it will become deactivated after you restart the service.Do not run Apache as root
Apache should not run as root. It is always good to run Apache as a separate user. It will run as daemon or nobody by default. Set up a non-privileged account dedicated for Apache. Never set Apache User or Group to root.# vi httpd.conf Group apache User apache Choose the right hosting provider
This doesn’t have anything to do with fiddling with your Web server. Some of the most popular web hosting services are from the America or Europe. Popular doesn’t mean, highly secure. You don’t necessarily have to buy your web hosting from these hosting providers. If you don’t live in the U.S., you can find a lot of reliable, affordable, and secure hosting providers in your own country. Do you live in Australia? Look for an Australian website hosting provider like EZI Hosting and choose the most popular hosting providers whose IP addresses are not often attacked by hackers.
Apache Website: http://httpd.apache.org/
Besides approving Mesa 10.1 for Fedora 20, the Fedora Engineering and Steering Committee approved today several features/changes to be found in Fedora 21.
Fedora 21 won't be released until at least October of this year and its landing heavy with features. Each Wednesday after the FESCo meetings we find another batch of newly-approved features and today is no different.
ComputerWorld: The Chromebook platform goes from strength to strength. Market researchers say they're selling faster than ever, predicting 11 million sales (in... err... 2019).
Systemd has been working on network support for this leading open-source init system. As part of this, systemd developers have now achieved support for obtaining a network connection in less than one millisecond... With that said, systemd developers are working towards having DHCP client and server capabilities built into the init system for having a super-fast booting OS and quicker network connections when resuming the system.
I am currently using RHEL 6.4 64 bit. In order to connect to our vpn we need to use a 32 bit browser and 32 bit java. I would love to keep my 64 bit firefox and have it run 64 bit java. But it would be awesome if I could have a separate version of firefox that is 32 bit and only runs 32 bit java.
Any ideas?submitted by postmodernpilot
I've installed Kali Linux 1.0.5 x64 on an HP 6715b, downloaded this morning. I know enough Linux to get around, but I'm still a noob.
I've been fighting for a good bit of time trying to get my wireless to work, and finally have things down to a reproducible fix, but I want the fix to stick.
After a reboot, my wireless adapter no longer shows up in ifconfig. I run this command: lspci | tail -2 and it's not listed. Then I run rfkill list 1, and there's my wifi adapter (it's a Broadcom BCM4321), and Soft Blocked is set to yes. Then, rfkill unblock wifi Then, /etc/init.d/networking restart And now it will connect to wireless and is present in ifconfig.
The main question is how do I make it so the wireless adapter loads successfully on boot.
The bonus question is, with the commands I'm running, what am I actually doing, specifically what is rfkill and why is it "blocking" my adapter?submitted by cryolyte
[link] [4 comments]
The first day of April, also known under the name of April Fools, is a time when fake and crazy news stories are published as being true, only to be revealed as false by the end of the day; but there is one problem. It's possible that some items are crazy, but true, and people might have a hard time believing them.
Linux and open source software have demonstrated that collaborative development is a successful model for rapid innovation in the tech sector. Now that model is being applied in other industries from health care, to city government, to education.