basic LAMP security 101
R P Herrold
herrold at owlriver.com
Fri Apr 15 07:32:06 MST 2011
On Fri, 15 Apr 2011, Stephen wrote:
> on security i can read, there is quite a bit out there, but its a
> muddy mess to know who is talking out their collective backside and
> who actually is giving you something useful. I do know we have some
> very good security geeks here and hope to borrow (beg) some pearls of
> wisdom.
Take and test periodic backups
Run your updates
Only run network listening services that you intend to; remove
un-used packages, disable unused accounts, disable shell
access where not appropriate (email only type clients)
As possible add wrappers, and iptables to restrict unwanted
probes (does a netblock from Bulgaria REALLY need to connect
to your box?)
Read your log files, and if repeated probes, dictionary
attacks are occurring, consider rate limiting such (see
fail2ban, and the like)
http://www.pmman.com/usage/hardening/
-- Russ herrold
More information about the PLUG-discuss
mailing list