Sunday, July 31, 2011

10 ways to secure your Apache installation

File permissions play an important part in website security, particularly if you are running your own web server. A few simple steps when setting up a website can save you a lot of trouble inapache-logo the future and can be vitally important if you want to keep your company data secure. Therefore I have devised in no particular order a list of the top 10 things you should do to secure your Apache server from hackers.


1. File permissions

 Changing your file permissions are one of the most important things which you can do to secure your website. This is especially true if you have PHP files containing password information, you do not want any unwanted hackers reading or writing to these types of files.

 File permissions can be modified using the chmod command in Linux, this command uses octal file permissions to set read, write or execute to user, group or world. User refers to the user that owns the file, group refers to the group that the file belongs to and world is anyone else. If you are unfamiliar with octal permissions they are calculated by splitting the numbers into lots of 3 and then calculating the total number of bits.

Each bit has its own particular value

For example:

Read = 4
Write = 2
Execute = 1

So if you split the octal permission 745 into 3 sections, user, group and world, you have the following permissions.

 User = 7 (4+2+1 or RWX)
Group = 4 (4 or R)
World = 5 (4+1 or RX)

 You can then modify a file by using the command

 chmod 745 file.txt

 2. Ownership

 Ownership is a very important aspect of Apache security. You should never run any files in Apache as the root user, if a hacker is able to read or write server files through a certain file or script they will potentially gain full access to the whole server.

 File ownership is also important if you are running multiple websites for multiple users. Each user on the server should own their individual files as to separate file permissions so that others on the server cannot read, write or execute your files.

 By default most versions of Linux that come with apache also come with the apache user. You can take ownership of all of the files inside your apache directory by using the following command

chown –R apache /var/www/html


Read more: Unixmen
QR: 1839-10-ways-to-secure-your-apache-installation

Posted via email from Jasper-Net