Language Selection

English French German Italian Portuguese Spanish

Build a Secure Web Server with Mandriva 2005 LE

Filed under
MDV
HowTos

In this build, like the last one, we are going to gear our server towards dynamic content. That doesn't mean that static sites can't be run from this server. We'll once again build a LAMP (Linux Apache MySql Php) driven site. Since things like blogging and PHP-Nuke are so popular this server will be just the ticket. Imagine not having to pay hosting fees for your site anymore. It's a great thing!! This build is even more secure then the last one, and it was pretty tight.

We'll start by obtaining the Official Media which is "Mandriva Limited Edition 2005". There are updated versions for the club members that contain updated versions of some softwares but none of those will be used here. The updates pertain to desktop apps. Besides we want to stick with the officially supported software from Mandriva. It will receive all patches and security updates whereas the club versions will not.

Let's insert the first CD and configure the BIOS to boot from the CD-Rom. We are going to cover the Differences from the Workstation build only. So the first difference is the security level. When you get to this screen be sure to pick "Paranoid". This will set us up a "Chain-Rooted" configuration. What does that mean??? Well it will secure certain directories and also include a whole host of security checks to keep our server up to snuff on the security side of things. It also shuts down all ports and installs Shorewall firewall. Of course we'll tighten it down even further!! Here is the Screenshot.

Our next page of concern after Security is the "Partitioning" screen. The only word I have here is that Mandriva puts the Sql data and the Web root in the /var directory so be sure to make the /var directory large enough to handle your sites along with their respective databases. You can experiment with the partitioning tool and configure it just the way you like. I make my /var directory anywhere from 4-15 Gig depending on how many and how complex the websites are that the machine will be serving. To put things into perspective....LinuxLoader is now just over 1 year old and its at about 250Mb including its database. For our example build I made the /var about 10G. Since /home really won't contain much data, make it small. Here is our example server.

Full Article.

More in Tux Machines

today's leftovers

  • Linux Kernel Podcast for 2017/03/21
  • Announcing the Shim review process [Ed: accepting rather than fighting very malicious things]
    However, a legitimate criticism has been that there's very little transparency in Microsoft's signing process. Some people have waited for significant periods of time before being receiving a response. A large part of this is simply that demand has been greater than expected, and Microsoft aren't in the best position to review code that they didn't write in the first place.
  • rtop – A Nifty Tool to Monitor Remote Server Over SSH
    rtop is a simple, agent-less, remote server monitoring tool that works over SSH. It doesn’t required any other software to be installed on remote machine, except openSSH server package & remote server credentials.
  • Chakra GNU/Linux Users Get KDE Plasma 5.9.3 and KDE Applications 16.12.3, More
    Neofytos Kolokotronis from the Chakra GNU/Linux project, an open-source operating system originally based on Arch Linux and the KDE Plasma desktop environment, announced the availability of the latest KDE updates in the distro's repositories. Those of you using Chakra GNU/Linux as your daily drive will be happy to learn that the stable repos were filled with numerous up-to-date packages from the recently released KDE Plasma 5.9.3 desktop environment, KDE Applications 16.12.3 software suite, and KDE Frameworks 5.32.0 collection of over 70 add-on libraries for Qt 5.
  • YaST Team: Highlights of YaST development sprint 32
    One of the known limitations of the current installer is that it’s only able to automatically propose an encrypted schema if LVM is used. For historical reasons, if you want to encrypt your root and/or home partitions but not to use LVM, you would need to use the expert partitioner… and hope for the best from the bootloader proposal. But the new storage stack is here (well, almost here) to make all the old limitations vanish. With our testing ISO it’s already possible to set encryption with just one click for both partition-based and LVM-based proposals. The best possible partition schema is correctly created and everything is encrypted as the user would expect. We even have continuous tests in our internal openQA instance for it. The part of the installer managing the bootloader installation is still not adapted, which means the resulting system would need some manual fixing of Grub before being able to boot… but that’s something for an upcoming sprint (likely the very next one).
  • Debian stretch on the Raspberry Pi 3 (update) (2017-03-22)
    I previously wrote about my Debian stretch preview image for the Raspberry Pi 3.
  • Asus Tinker Board – Chromium YouTube Performance
    One of the many strengths of the Asus Tinker Board is its multimedia support. This 4K video capable machine is a mouthwatering prospect for the multimedia enthusiast. The machine has a respectable 1.8GHz ARM Cortex-A17 quad-core processor. It’s only 32-bit (unlike the Raspberry Pi 3) but has a higher clock speed. The Tinker Board also sports an integrated ARM-based Mali T764 graphics processor (GPU).

Microsoft vs GNU/Linux

Netflix and GNU/Linux

today's howtos