How to secure an Ubuntu Apache web server

  nwlinux        2011-12-27 09:25:32       4,502        0    

Securing server software is not a straightforward task. Not all of our operating environments are the same, leading to a variety of potential security vulnerabilities. However, using a few basic configuration and security options, you can stay a little ahead of where you want to be.

1. Fail2ban

Fail2ban is a Python-based intrusion prevention software that detects and blocks malicious IP addresses from multiple unsuccessful attempts at software logins. In other words, if someone is attempting to login to your server via ssh, it detects multiple, unsuccessful attempts and blocks that user ip for a specific amount of time. It is available in the apt-get repository by the command apt-get install fail2ban.

2. Non-Standard Ports

One of the simplest configuration options that you can use to secure your server is to use non-standard ports for your software communication to the outside world. China and Iran ping servers all day long looking for SSH servers on port 22. Then, they go fishing. As a test, I opened up port 22 and watched my logs fill up with attempts to break in to my server. One of the best things that you can do is change your SSH port – don’t wait. Do it now! Modify /etc/ssh/sshd_config.

3. Hardware firewall

Invest in a good hardware firewall. Linksys and D-Link brand firewalls are a dime a dozen, but how well do they protect your systems? Invest in a Soekris or other hardware, then install BSD router firmware like pfSense. Read more about this option at http://nwlinux.com/soerkis-pfsense-firewall/. Your firewall thanks you.

4. Block access to phpmyadmin

If you use phpmyadmin, the last thing you want is someone guessing around at your database server credentials. Of course, best practice dictates that you not use a web UI for your databases. Sure, malicious users can always find ways to try and access your databases. But, give them as few opportunities as possible to get in. If you use phpmyadmin, you need to block access to your web interface from everyone possible. Read this tutorial http://nwlinux.com/deny-access-to-phpmyadmin-on-the-web/ for configuration directions.

5. Update your software

I recently called a school in Pennsylvania after I noticed that their IP address was sending out “fishing” attempts, trying to get into my database server. After contacting the school IT administrator, he explained to me that his Linux caching server had not been updated in over a year and that someone had penetrated the box through outdated definitions. Update your software once a month.

6. Check your logs

I utilize Ubuntu Desktop as my daily operating environment at work. One of my 10 Desktops always has at least 5 Terminal windows with a tail logfile going.

7. Use .htaccess

Your .htaccess file is a double-edged sword. Use it, but use it sparingly. If you are simply blocking IP addresses, use iptables or UFW. However, on certain low-use applications, I use an .htaccess file to block a range of IP addresses. You can visit http://www.blockacountry.com/ and download entire ranges of countries to block (uh hum – China).

8. Varnish Cache

While Varnish is a web cache, it also has tremendous capabilities for controlling traffic. Placing a dedicated Varnish Cache box in front of your web server, you can block, filter and shape traffic. Read more about Varnish at http://nwlinux.com/category/varnish/.

I am certain that you might have additional methods of securing your server. As I said above, it all depends on your specific environment. Bottom line, check your logs, restrict access, and be proactive.

Source : http://nwlinux.com/how-to-secure-an-ubuntu-apache-web-server/

UNIX SERVER SECURITY  LOG  .HTACCESS  CACHE 

       

  RELATED


  0 COMMENT


No comment for this article.



  RANDOM FUN

Another Internet Explorer joke

If Internet Explorer is brave enough to ask you to be your default browser, you're brave enough to ask that girl out. Do we have to be so cruel to IE?