Sunday, May 5, 2024
Homepage · 14.04
 Popular · Latest · Hot · Upcoming
3
rated 0 times [  3] [ 0]  / answers: 1 / hits: 11535  / 2 Years ago, mon, january 24, 2022, 1:13:05

I am wanting to host a small site at home and have installed Apache etc like this :




  1. sudo apt-get update

  2. sudo apt-get install tasksel

  3. sudo tasksel install lamp-server



That all worked and everything is up and running.



Now I am used to working with XAMPP to develop and I did not want to use that live as many references said it was not very secure.



So my question is, now that I have Apache/PHP & MySql installed by the above method; how is the level of security by default ?



Is there ways to make it more secure and perhaps a check-list or run-down of any changes that might be recommended ?



Clarification : the LAMP server would be a live site, not one in development.


More From » 14.04
 Answers
6

I run my own LAMP servers on Ubuntu connected to the Internet, so I always follow the same guidelines. Usually, I'll check the following :




  • In Apache, remove the documentation or at least don't present it to trough the web server (by removing the link /etc/apache2/conf-enabled/apache2-doc.conf)

  • In Apache, be sure that unnecessary modules are not loaded. With Ubuntu, this is done by removing the links in the /etc/apache2/mods-enabled. Each link point to a file in the /etc/apache2/mods-available directory that loads and configure a module at a time.

  • You may want to review and enable the /etc/apache2/conf-available/security.conf. They propose some security tips, that are not activated by default :

  • Denying access to the whole filesystem except for the directories that you would explicitly allow later

  • modifying the server banner to give as less as possible information on the running software.

  • In PHP, check that you don't print too much logging information on the screen in case of error (parameters in the section Error handling and logging of the /etc/php4/apache2/php.ini file. The comments in the file give a lot of information on what is preferable to do)

  • No need to expose your MySQL server to the Internet. By default, in Ubuntu, the Mysql server listen only on localhost. Check /etc/mysql/my.cnf in the section mysqld for the parameter bind-address. It should be on 127.0.0.1 :




    bind-address = 127.0.0.1



  • Don't install more services on this server than what you need.


  • Don't forget to apply update when they arrive.

  • Don't rely only on the configuration of the LAMP server only, don't forget you also have to put run a PHP application that can introduce some security threats (input validation and all this stuff to avoid typing SQL query in input field to retrieve from the DB more information that you would have given yourself, ...)



These are the first things on the top of my mind. Of course you can find more detailed howto and guides on the Internet :




[#24258] Tuesday, January 25, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
reangi
Add To Favorites
Follow
Total Points: 213
Total Questions: 102
Total Answers: 114
Location: Namibia
Member since Wed, Jan 19, 2022
2 Years ago
;